Bonum Certa Men Certa

How Jim Allchin, Gartner and Enderle Lied to the Whole World

If you say it often enough, people will believe it

We have developed a habit of keeping track of analysts who are obviously paid or compensated for serving corporate agenda (e.g. [1, 2, 3]). This is very relevant in light of the recent OOXML propaganda that came from IDC and the Burton Group.

Here is another fine example from the news. We wish to debunk the said analysts using compelling evidence and fact. One of the predications which certain people made is this:

5. Windows Vista will be secure Analysts were: Wrong

When Windows Vista was launched, Microsoft platforms group vice president, Jim Allchin, described a platform where its "safety and security" will be the "overriding features" for which most people will want Windows Vista.

Analysts from Gartner and the Enderle Group further touted Vista's security features, highlighting in particular its spyware-fighting prowess.


Enderle and Gartner have been caught many times before. The former is a one-man, attention-seeking 'consultancy' whose major client is Microsoft. The latter, Gartner, is funded by Bill Gates and plenty of its revenue stream comes from work it does for Microsoft. Jim Allchin, by the way, escaped Microsoft as soon as Windows Vista was released. It truly make you wonder, does it not?

The people above claimed that Vista will be secure, but let us take a look at some headlines which cover separate incidents that occurred in the past year (sorted reverse chronologically for the most part).

The latest round of patches revealed that Vista could be hijacked by merely sending a packet to it.

Microsoft's first set of security bulletins for 2008 may be slim, but will include a fix for a critical vulnerability in XP and Vista.


More information about this incident can be found here.

One of the updates is considered critical for Windows Vista and XP users because the flaw it fixes could be used by attackers to install unauthorized software on a victim's computer.


As we showed before, especially when Microsoft's Jeff Jones was lying to the public, Microsoft redefines and reinvents the science of security in attempt to show that Windows is more secure. Seconia was accused of playing similar games just days ago. Here is what needs to be pointed out:

1. Critical Vulnerability in Microsoft Metrics

For Microsoft this makes sense because these fixes get the benefit of a full test pass which is much more robust for a service pack or major release than it is for a security update.


2. Skeletons in Microsoft’s Patch Day closet

This is the first time I’ve seen Microsoft prominently admit to silently fixing vulnerabilities in its bulletins — a controversial practice that effectively reduces the number of publicly documented bug fixes (for those keeping count) and affects patch management/deployment decisions.


3. Beware of undisclosed Microsoft patches

Forget for a moment whether Microsoft is throwing off patch counts that Microsoft brass use to compare its security record with those of its competitors. What do you think of Redmond’s silent patching practice?


4. Microsoft is Counting Bugs Again

Sorry, but Microsoft's self-evaluating security counting isn't really a good accounting.

[...]

The point: Don't count on security flaw counting. The real flaw is the counting.


Getting back to Vista, let us look at some of the flaws we have seen:

1. Microsoft fixes 11 flaws in 7 patches; 5 affect Windows Vista

Microsoft on Tuesday released its December 2007 security bulletin, which includes seven updates: three are designated as critical by the software giant and four are deemed important.


2. December 2007's Patch Tuesday's Going to Be Big - Really Big

A Trio of Critical Patches

First up is a remote code execution patch for DirectX versions 7.0 (Windows 2000) through 10.0 (Windows Vista).


3. Security hole in MS-Windows Vista on Thanksgiving

Microsoft, although late, but did acknowledge that it is a flaw even in the latest OS (Vista) which should have been fixed long back.


4. Thirty-Six Updates Later—and Counting

Over the Thanksgiving holiday, I refreshed one of my Windows Vista test machines. Oh my, there were so many Windows Updates.


5. Vista security threats to rise in 2008: McAfee

Microsoft’s Windows Vista operating system will face increasing security threats, according to McAfee Avert Labs predictions for top 10 security threats in 2008.


6. Microsoft issues 6 'critical' patches

The updates affect many versions of Windows, Server and Office software -- including Windows XP and Windows Vista -- and are meant to prevent hackers from breaking into Web surfers' computers using specially crafted Web pages.


7. Buffer the Overflow Slayer v. the ActiveX Files [Vista included]

The vulnerability was discovered by Krystian Kloskowski and is rated "highly critical" in this posting on Secunia. It's also discussed here on the US-Cert website. Proof-of-concept code can be found on MilW0rm here.


8. Microsoft plans six critical patches

At least one of the critical vulnerabilities involves Internet Explorer 7 and Windows Vista, both of which were conceived under new and highly vaunted development rigors designed to produce more secure products.


9. Patch Tuesday: Critical IE, Vista patches on deck

Of the four criticals, two will include high-severity patches for Windows Vista. The bulletin rated ?moderate? only affects Vista.


10. June Patch Tuesday to deliver Vista fixes and more

Four of this month's bulletins are labelled 'critical' and relate to vulnerabilities that may allow remote code execution.


11. Microsoft Plugs Critical Vista Hole

Microsoft has just patched another critical hole in Vista that it knew about as long ago as last Christmas. The delay was similar to its lag in patching the serious (and heavily targeted) animated-cursor flaw I told you about last month.


12. Microsoft Patches Not One, But Three Vista Holes

Microsoft today released an update for the recently popular 'animated cursor' vulnerability. The update was originally scheduled for April 10th, but due to recent exploits, was rushed out today. The update wasn't just for this one vulnerability though, in Vista, it addressed two others, and in all covered seven vulnerabilities in Vista, XP and 2000.


13. Windows Vista's Built-in Rootkit

This poor implementation of the permissions structure can be exploited by malware to make files that are undetectable to Anti-Virus products.


14. More Windows cursor patch trouble [Vista included again]

A new issue with the fix has also come up. Some customers have experienced trouble when printing from SQL Reporting Services to a Printer Command Language (PCL) printer, Microsoft said.


15. Windows cursor patch causing trouble

Installing Microsoft's Tuesday patch for a "critical" Windows vulnerability is causing trouble for some users.


16. MS Patch Tuesday: Vista dinged again

For the second time this month, Microsoft has shipped a security bulletin with patches for a "critical" Vista vulnerability that puts millions of users at risk of code execution attacks.


17. Security Researchers Say Windows .ANI Problem Surfaced Two Years Ago

Security researchers say the Windows .ANI bug that has been plaguing users for the past week first surfaced -- and was patched -- in early 2005.


18. Week in review: Cursing Windows' cursor flaw

The software giant broke with its monthly patch cycle to fix a bug that cybercrooks had been using since last week to attack Windows PCs, including those running Vista.


19. ANI takers for Asus website virus?

Asus.com.tw, the website of Taiwanese motherboard maker Asustek, has been spraying visitors with the .ANI virus, security software makers confirmed today.


20. Will Next Tuesday's 3 Updates Effect Vista?

I would suspect that one will be a patch for the Windows MessageBox exploit, so Vista should get it. Might another be for the Vista 'Timer/2099 Crack'? I wouldn't consider it critical, but Microsoft probably does.


21. Windows Vista now has its first exploit spotted in the public

Security experts have confirmed that a proof of concept code for an unpatched vulnerability in Windows Vista has been released on the internet.


There were warning signs in advance. Windows Vista was not made to have a considerable impact, security-wise, but hype was a key driver. It happens to be the same case with DirectX 10, whose hype was generated by faking images which create a false perception that it is a big jump compared to DirectX 9 (that is another shocking story about deception, but it's worth a separate post). Here are some more articles of interest:

1. Windows Vista: It's More Secure, We Promise

Well, allow me to take a moment to remind everyone of something that you might not remember - XP was also touted as being ultra secure. Seriously, can anyone honestly look themselves in the mirror and say this is the gospel truth? You have got to be kidding me. Similar to XP, Microsoft promises to have the most secure Windows version to date yet again.


2. Cisco exec: Windows Vista is scary

"Parts of Vista scare me," Gleichauf said at the Gartner Security Summit here on Monday. "Anything with that level of systems complexity will have new threats, as well as bringing new solutions. It's always a struggle in security, trying to build for what you don't know."


3. Symantec Finds Flaws In Vista's Network Stack

Researchers with Symantec's advanced threat team poked through Vista's new network stack in several recent builds of the still-under-construction operating system, and found several bugs -- some of which have been fixed, including a few in Monday's release -- as well as broader evidence that the rewrite of the networking code could easily lead to problems.

[...]

Among Newsham's and Hoagland's conclusions: "The amount of new code present in Windows Vista provides many opportunities for new defects."

"It's true that some of the things we found were 'low-hanging fruit,' and that some are getting fixed in later builds," said Friedrichs. "But that begs the question of what else is in there?"


With so many incidents out there, there remains this Big Lie that Vista is secure. Paid analysts do not help here.

Comments

Recent Techrights' Posts

When Wikileaks Sources Were Actually Murdered and Wikileaks Was Still a Wiki
when Wikileaks was a young site and still an actual wiki
Why Virtually All the Wikileaks Copycats, Forks, and Rivals Basically Perished
Cryptome is like the "grandpa" of them all
Why the Media is Dying (It Sucks, No Mentally Healthy People Will Tolerate This for Long)
linking to actual news articles helps fuel the spam, too
 
[Meme] Was He So Productive He Had to be Expelled Somehow? (After He Was Elected and Had Given Many Years of Work to Earn a Board Seat)
Things like these seem to lessen the incentive to devote one's life to Free software projects
GNOME Foundation is Causing Itself More Embarrassment With Secrecy Than With Full Transparency
It also arouses suspicion and hostility towards Codes of Conduct, which gave rise to 'secret courts' governed by large corporations
Links 23/07/2024: NetherRealm Layoffs and Illegitimate Patent 'Courts' (Illegal)
Links for the day
Gemini Links 23/07/2024: AM Radio, ngIRCd, and Munin
Links for the day
A Lot of GNU/Linux Growth on the Client Side is Owing to India (Where GNU/Linux Has Reached 16%)
A lot of this happened in recent years
Insulting Free Software Users in Social Control Media (Proprietary, Bloated With Opaque JavaScript) is Like Insulting Amish on TV
Why bother? Don't take the bait.
statCounter: Dutch GNU/Linux Usage Surged 1% in Summer
Microsoft is running out of things to actually sell
Microsoft's "Results" Next Week Will be Ugly (But It'll Lie About Them, as Usual)
Where can Microsoft find income rather than losses as its debt continues to grow and layoffs accelerate?
Julian Assange is Still Being Dehumanised in Media Whose Owners Wikileaks Berated (With Underlying Facts or Leaks)
Wikileaks and Free software aren't the same thing. Nevertheless, the tactics used to infiltrate or discredit both ought to be understood.
A Month Later
We're optimistic on many fronts
Links 23/07/2024: Downsizing and Microsoft and Still Damage Control
Links for the day
Gemini Links 23/07/2024: Friends and Solitaire
Links for the day
Censorship in Eklektix's Linux Weekly News (LWN)
Medieval system of speech, where the monarchs (Linux Foundation) dictate what's permissible to say
10 Years of In-Depth EPO Coverage at Techrights (Many Others Have Abandoned the Topic)
Listen to staff
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, July 22, 2024
IRC logs for Monday, July 22, 2024
[Meme] The Latest in the Microsoft Windows Blame Game
Microsoft found the culprit and came to everyone's rescue!
Links 22/07/2024: Overworking and Performance Issues From Europe
Links for the day
Microsoft Eliminates 67% of the Building Occupancy - That's Some Truly Massive Layoffs
Half a dozen floors? Microsoft cuts that down to two.
[Meme] Signs of a Dying Patent Office
"Bribe the media to say you excel"
This Month's General Consultative Committee (GCC) Webchat ('Meeting') Covered the European Patent Office's Attacks on Its Own Interpreters
The Central Staff Committee is currently circulating a report with appendices about the GCC meeting [sic] (webchat) that took place less than a fortnight ago
A Byzantine European Patent Office Where Staff Must Beg for Help With Contraception (Worse Than the Rest of Europe)
The Central Staff Committee (EPO staff representation) has just circulated a report
[Teaser] EPO Run by Children
"Daddy, why was I born?"
Let's Encrypt About to Fall Below 100 (Capsules) in Geminispace, It's Basically in a Freefall
The "self-signed" portion keeps growing
Gemini Links 22/07/2024: Spacewalk Dies and Old Computer Challenge in the Rear View
Links for the day
For the First Time Since May Linux.com (Linux Foundation) Published Something. It's All Spam.
Can we trust the Linux Foundation to look after anything at all? Look what it turned this once-thriving site into.
Honduras: Windows Down, Android Peaking Again
Honduras does not have many stakes in Microsoft
[Meme] Twitter (X) Will Reject the Concept of a Female President
Twitter (X) is controlled by misogynists, who socially control (or socially-engineer) their fake concept of "media"
Second Family Photo of Julian Assange Since His Release (First Since His Birthday)
His wife shows the 4 of them for the first time (2 hours ago)
Protesters in Kenya Need Software That is Free (Libre) and Supports Real Encryption in Order to Avoid Capture and Torture (Sometimes Execution)
There's more to fight over than economic issues
The Ludicrous Idea That GNU/Linux is a "Poor Man's" Operating System
Seeing the trends in countries such an Norway, it ought to be abundantly clear that adoption of GNU/Linux has nothing to do with poverty
Links 22/07/2024: Internet Optimism and Kamala Harris Policies Debated
Links for the day
Something is Happening at OFTC
It looks like it shrank by 20,000 users
GNU/Linux Usage in Guadeloupe Rises Closer to International Average, Based on Web Data Collected by statCounter
It should be noted that the estimates of GNU/Linux usage are now in 4.5% territories
The Impact of OFTC's Latest Changes on the Perceived Scale of IRC Globally
IRC is still one of the more potent alternatives to the social control media conglomerates
New: Why They Really Went After Assange
Uploaded by Chris Hedges
Links 21/07/2024: Health, Politics, and Kamala Harris in Focus
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, July 21, 2024
IRC logs for Sunday, July 21, 2024
A Drop in Half (From 208 to 104): Sharp Decline in Number of Gemini Capsules That Use Let's Encrypt CA Since December
Gemini is increasing its independence from Certificate Authorities (CAs)
Gemini Links 21/07/2024: Last of Old Computer Challenge and Forth Language
Links for the day
Links 21/07/2024: Climate, Politics, and More Squashed Patents
Links for the day
Only a Quarter of Web Requests in Micronesia Traced Back to Microsoft Windows (It Used to be Well Over 95%)
Micronesia has over half a million people in it
Your F.U.D. is Already Showing, Microsoft
That talking point is quickly spreading so that CrowdStrike discussions become about "Linux" instead of Windows
Andrew Feinstein on Why Freeing Julian Assange is About the Freedom of the Press in General
Feinstein points out that truth itself is being challenged by people who value power, not truth, and typically seek to do things like sell arms and start proxy wars
In Palau, Windows Has Fallen to 16%
15 years ago Windows was at 98%
Gemini is Blossoming and More Capsules Are Self-Signing, Rejecting the Defunct and Falsely-Marketed Certificate Authority (CA) Model
Gemini is still very fast, not only because objects are lightweight but the protocol itself - i.e. the underlying logic - is as simple as it needs to be and only as complex as it must be
Gemini Links 21/07/2024: New Garden and New Gemini Arrivals
Links for the day
Links 21/07/2024: Extreme Heat and Fortescue Layoffs
Links for the day
GNU/Linux Lifted Up 0.03% Closer to 4.5% "Market Share" (or 50% More Than a Year Ago)
How many businesses and homes are permanently giving up on Windows after recent days' events?
Giving the False Impression That the R blogosphere is Microsoft's Microcosm
Curation that culls "astroturfing" isn't censorship but quality control for relevance
High Adoption Rates for GNU/Linux in Albania, According to statCounter
Albania has been a central point of some GNOME and diversity scandals
It'll Soon Be Half a Decade Since COVID-19's Breakout, We Still Need Verified Facts (Not Corporate Dogma) and Proper Media Reporting
COVID-19 has meant different things to different people
For the First Time, Microsoft's "Market Share" in North Macedonia Falls to Only a Quarter
Microsoft only has Windows
Evan Versus Julian
Published by Julian Assange's wife some hours ago
What The Internet Can Achieve When Put in the Hands of the Good People and Not Censored by the People Who Already Control the Mass Media
albeit Wikileaks put that in social control media owned and controlled by oligarchs
IRC Proceedings: Saturday, July 20, 2024
IRC logs for Saturday, July 20, 2024
Over at Tux Machines...
GNU/Linux news for the past day
[Meme] Hate Speech
This is also what makes TikTok so dangerous
Shark-infected Water on the Web
Don't turn Gemini into another "Web"
OpenHarmony, HarmonyOS Next, Deepin, Kylin, and openKylin: How China's Various Manoeuvres Away From Windows Get Covered in the West
Kylin was openly based on Ubuntu
WikiLeaks Wonders: Major Leaks That Shook the Worlds
Published 14 hours ago