09.28.10

Gemini version available ♊︎

Microsoft Claims Credit for Failing in Security

Posted in Microsoft, Security, Windows at 7:37 am by Dr. Roy Schestowitz

Servers rack - amateur

Summary: Latest security issues and systematic deception, mostly from Microsoft and its various boosters across the Web (giving credit to Microsoft after Microsoft messed up)

Gratis as in Lock-in

A FEW days ago we wrote about Microsoft's attempt at disconnecting the air supply from third-party AV vendors, at least in small businesses. This would only decrease security due to monoculture, decreased competition, and lack of incentive to improve. The funny thing here is that Microsoft sells a vulnerable operating system and then claims to be distributing “free of charge” (only to some people) what ought to have been a characteristic of the operating system, not an add-on. The spinners from Seattle call it a “free” anti-virus software and what’s meant by free is not freedom. It’s free as in gratis, with lock-in. It decreases one’s personal freedom and also impedes freedom of choice. A better headline than “Free Anti-Virus Protection Spurs More Robust Options” would be “Free-of-charge Anti-Virus Pseudo-protection Depresses More Robust Options”.

Watch the Indian press turning the whole thing into Vista 7 promotion: “IT major Microsoft has launched a campaign to help computer users identify threats to their systems and how their networks can be made secure using Original Windows 7 that now comes with the advantage of Microsoft Security Essentials.”

So Microsoft wants to dump Security Essentials on the market (as expected by many people all along) and already we learn that “Scareware Apes Microsoft Security Essentials”. Microsoft has always performed very poorly among the security products already available and well established. “Anti-virus systems get tested” says The Inquirer which gives the following details:

A NUMBER of the most common anti-virus security systems have had a beady eye passed over their effectiveness and fitness for purpose in an assessment.

The study, which was carried out by the Austrian AV Comparatives group, looked at twenty products from the main providers that volunteered to take part.

We do not know who if anyone refused, but AV Comparatives said that it had limited test subjects to no more than twenty and required that participants adhered to its undisclosed criteria.

“Over half of all apps have security holes,” claims Veracode (which we mentioned in [1, 2]).

More than half of all software applications failed to meet an acceptable level of security, according to a study based on real-world code audits by application security firm Veracode.

Around 57 per cent of applications failed to pass muster when first submitted to Veracode’s cloud-based testing service. A similar 56 per cent of finance-related applications failed first testing by Veracode’s security audit. The quality of the code used in many business-critical banking and insurance operations was simply not up to snuff.

ASP.NET Under Attack, Spin

In security news, the other major issue last week was the Microsoft ASP.NET vulnerability, which we wrote about in [1, 2, 3, 4].

“Is this really praise-worthy, especially when someone responds to flaws which the same someone is responsible for?”The ASP.NET problem alarmed Microsoft a great deal and the PR spin strives to make Microsoft be seen as responsive. An advisory was quickly issued [1, 2, 3] because of bad publicity and because it was already being exploited (a demo existed). There is only a temporary fix, not a permanent one. There are third-party fixes.

So, once again Microsoft pays attention to flaws a tad too late and then scrambles to limit damage it could probably prevent. Is this really praise-worthy, especially when someone responds to flaws which the same someone is responsible for?

Just like in the case of Russian spin [1, 2], Microsoft is trying to make itself look like the saviour rather than the problem. Lee Pender of the Microsoft boosters is trying to make Microsoft look good by painting it as responsive and responsible. To quote: “Well, late last week, we got an update from a Microsoft spokesperson who wanted to tell us that Microsoft hasn’t just buried its head in the sand on Stuxnet.”

We wrote about Stuxnet in [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14].

Microsoft-Police

Over in Australia, Microsoft is involving the police right now (funded by taxpayers) [1, 2, 3, 5]. It’s about a computer scam that affects Microsoft.

Twitter and Fog Computing

The other day we wrote about the major problem Twitter.com was having. Half a million Twitter users are said to be affected by a Twitter worm and Slashdot discusses the matter before and after the patching. Here are “the names and faces behind the ‘onMouseOver’ Twitter worm attack”. It’s one of those risks of Fog Computing. Even a teenager turns out to have been smart enough to do it.

But later, some mischievous users of the site started using the exploit to make people “retweet” infected messages (when they hovered over a tweet with the code inserted) that they had not authorised.

The guy is Australian, so will the police get involved? Or does the Australian police get involved only to help Microsoft?

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. Microsoft GitHub Exposé — Part II — The Campaign Against GPL Compliance and War on Copyleft Enforcement

    Microsoft contemplated buying GitHub 7.5 years ago; the goal wasn’t to actually support “Open Source” but to crush it from the inside and that’s what Microsoft has been doing over the past 2.5 years (we have some details from the inside)



  2. Links 18/10/2021: Linux 5.15 RC6 and 7 New Stable Kernels

    Links for the day



  3. [Meme] The Austrian School of Friedrich Rude Liar

    With reference to the Austrian School, let’s consider the fact that Friedrich Rude Liar might in fact be standing to personally gain by plundering the EPO‘s staff by demonising them while helping Benoît Battistelli crush them



  4. IRC Proceedings: Sunday, October 17, 2021

    IRC logs for Sunday, October 17, 2021



  5. How (Simple Technical Steps) to Convince Yourself That DuckDuckGo is Just Spyware Connected to Microsoft, Falsely Advertised as 'Privacy'

    In recent days we published or republished some bits and pieces about what DuckDuckGo really is; the above reader dropped by to enlighten us and demonstrate just how easy it is to see what DuckDuckGo does even at the client side (with JavaScript); more people need to confront DuckDuckGo over this and warn colleagues/friends/family (there’s more here)



  6. Austria's Right-Wing Politicians Displaying Their Arrogance to EPO Examiners

    The EPO‘s current regime seems to be serving a money-hungry lobby of corrupt officials and pathological liars; tonight we focus on Austria



  7. [Meme] Friedrich Rödler's Increasingly Incomprehensible Debt Quagmire, Years Before EPO Money Was Trafficked Into the Stock Market

    As it turns out, numerous members of the Administrative Council of the EPO are abundantly corrupt and greedy; They falsely claim or selfishly pretend there’s a financial crisis and then moan about a "gap" that does not exist (unless one counts the illegal gambling, notably EPOTIF, which they approved), in turn recruiting or resorting to scabs that help improve ‘profit margins’



  8. The EPO’s Overseer/Overseen Collusion — Part XV: Et Tu Felix Austria…

    Prior to the Benoît Battistelli and António Campinos regime the EPO‘s hard-working staff was slandered by a corrupt Austrian official, Mr. Rödler



  9. Links 17/10/2021: Blender 2.93.5, Microsoft Bailouts

    Links for the day



  10. Links 17/10/2021: GhostBSD 21.10.16 and Mattermost 6.0

    Links for the day



  11. IRC Proceedings: Saturday, October 16, 2021

    IRC logs for Saturday, October 16, 2021



  12. [Meme] First Illegally Banning Strikes, Then Illegally Taking Over Courts

    The vision of Team Battistelli/Campinos is a hostile takeover of the entire patent system, not just patent offices like the EPO; they’d stop at nothing to get there



  13. Portuguese Network of Enablers

    Instead of serving Portuguese people or serving thousands of EPO workers (including many who are Portuguese) the delegation from Portugal served the network of Campinos



  14. In Picture: After Billions Spent on Marketing, With Vista 11 Hype and Vapourware, No Real Gains for Windows

    The very latest figures from Web usage show that it’s hardly even a blip on the radar; Windows continues bleeding to death, not only in servers



  15. [Meme] [Teaser] Double-Dipping Friedrich Rödler

    As we shall see tomorrow night, the EPO regime was supported by a fair share of corrupt officials inside the Administrative Council



  16. The EPO’s Overseer/Overseen Collusion — Part XIV: Battistelli's Iberian Facilitators - Portugal

    How illegal “Strike Regulations” and regressive ‘reforms’ at the EPO, empowering Benoît Battistelli to the detriment of the Rule of Law, were ushered in by António Campinos and by Portugal 5 years before Campinos took Battistelli’s seat (and power he had given himself)



  17. Links 16/10/2021: SparkyLinux Turns 10 and Sculpt OS 21.10

    Links for the day



  18. “Facebook Whistleblowers” Aside, It Has Been a Dying Platform for Years, and It's Mentally Perverting the Older Generation

    Guest post by Ryan, reprinted with permission



  19. [Meme] Microsoft Has Always Been About Control Over Others

    Hosting by Microsoft means subjugation or a slavery-like relationship; contrary to the current media narrative, Microsoft has long been censoring LinkedIn for China’s autocratic regime; and over at GitHub, as we shall show for months to come, there’s a war on information, a war on women, and gross violations of the law



  20. EFF Pushes for Users to Install DuckDuckGo Software After Being Paid to Kill HTTPS Everywhere

    Guest post by Ryan, reprinted with permission



  21. The Reign in Spain

    Discussion about the role of Spain in the EPO‘s autocratic regime which violates the rights of EPO staff, including Spanish workers



  22. [Meme] Spanish Inquisition

    Let it be widely known that Spain played a role in crushing the basic rights of all EPO workers, including hundreds of Spaniards



  23. Why You Shouldn’t Use SteamOS, a Really Incompetent GNU/Linux Distribution With Security Pitfalls (Lutris is a Great Alternative)

    Guest post by Ryan, reprinted with permission



  24. IRC Proceedings: Friday, October 15, 2021

    IRC logs for Friday, October 15, 2021



  25. Links 16/10/2021: Xubuntu 21.10 and DearPyGui 1.0.0

    Links for the day



  26. DuckDuckGo’s HQ is Smaller Than My Apartment

    Guest post by Ryan, reprinted with permission



  27. Post About Whether Vivaldi is a GPL violation Was Quietly Knifed by the Mods of /r/uBlockOrigin in Reddit

    Guest post by Ryan, reprinted with permission



  28. The EPO’s Overseer/Overseen Collusion — Part XIII: Battistelli's Iberian Facilitators - Spain

    The EPO‘s António Campinos is an ‘Academy’ of overt nepotism; what Benoît Battistelli did mostly in France Campinos does in Spain and Portugal, severely harming the international image of these countries



  29. From Competitive (Top-Level, High-Calibre, Well-Paid) Jobs to 2,000 Euros a Month -- How the EPO is Becoming a Sweatshop by Patent Examiners' Standards

    A longish video about the dreadful situation at the EPO, where staff is being ‘robbed’ and EPO funds get funnelled into some dodgy stock market investments (a clear violation of the institution’s charter)



  30. [Meme] Protecting European Patent Courts From EPO 'Mafia'

    With flagrant disregard for court rulings (or workarounds to dodge actual compliance) it seems clear that today's EPO management is allergic to justice and to judges; European Patents perish at unprecedented levels in national European courts and it should be kept that way


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts