Bonum Certa Men Certa
Microsoft Sued for Patent Infringement, Patents Brain Probing | Patent Concerns Invade GNU/Linux, GPLv3 Offers Remedy

How Jim Allchin, Gartner and Enderle Lied to the Whole World

If you say it often enough, people will believe it

We have developed a habit of keeping track of analysts who are obviously paid or compensated for serving corporate agenda (e.g. [1, 2, 3]). This is very relevant in light of the recent OOXML propaganda that came from IDC and the Burton Group.

Here is another fine example from the news. We wish to debunk the said analysts using compelling evidence and fact. One of the predications which certain people made is this:

5. Windows Vista will be secure Analysts were: Wrong

When Windows Vista was launched, Microsoft platforms group vice president, Jim Allchin, described a platform where its "safety and security" will be the "overriding features" for which most people will want Windows Vista.

Analysts from Gartner and the Enderle Group further touted Vista's security features, highlighting in particular its spyware-fighting prowess.


Enderle and Gartner have been caught many times before. The former is a one-man, attention-seeking 'consultancy' whose major client is Microsoft. The latter, Gartner, is funded by Bill Gates and plenty of its revenue stream comes from work it does for Microsoft. Jim Allchin, by the way, escaped Microsoft as soon as Windows Vista was released. It truly make you wonder, does it not?

The people above claimed that Vista will be secure, but let us take a look at some headlines which cover separate incidents that occurred in the past year (sorted reverse chronologically for the most part).

The latest round of patches revealed that Vista could be hijacked by merely sending a packet to it.

Microsoft's first set of security bulletins for 2008 may be slim, but will include a fix for a critical vulnerability in XP and Vista.


More information about this incident can be found here.

One of the updates is considered critical for Windows Vista and XP users because the flaw it fixes could be used by attackers to install unauthorized software on a victim's computer.


As we showed before, especially when Microsoft's Jeff Jones was lying to the public, Microsoft redefines and reinvents the science of security in attempt to show that Windows is more secure. Seconia was accused of playing similar games just days ago. Here is what needs to be pointed out:

1. Critical Vulnerability in Microsoft Metrics

For Microsoft this makes sense because these fixes get the benefit of a full test pass which is much more robust for a service pack or major release than it is for a security update.


2. Skeletons in Microsoft’s Patch Day closet

This is the first time I’ve seen Microsoft prominently admit to silently fixing vulnerabilities in its bulletins — a controversial practice that effectively reduces the number of publicly documented bug fixes (for those keeping count) and affects patch management/deployment decisions.


3. Beware of undisclosed Microsoft patches

Forget for a moment whether Microsoft is throwing off patch counts that Microsoft brass use to compare its security record with those of its competitors. What do you think of Redmond’s silent patching practice?


4. Microsoft is Counting Bugs Again

Sorry, but Microsoft's self-evaluating security counting isn't really a good accounting.

[...]

The point: Don't count on security flaw counting. The real flaw is the counting.


Getting back to Vista, let us look at some of the flaws we have seen:

1. Microsoft fixes 11 flaws in 7 patches; 5 affect Windows Vista

Microsoft on Tuesday released its December 2007 security bulletin, which includes seven updates: three are designated as critical by the software giant and four are deemed important.


2. December 2007's Patch Tuesday's Going to Be Big - Really Big

A Trio of Critical Patches

First up is a remote code execution patch for DirectX versions 7.0 (Windows 2000) through 10.0 (Windows Vista).


3. Security hole in MS-Windows Vista on Thanksgiving

Microsoft, although late, but did acknowledge that it is a flaw even in the latest OS (Vista) which should have been fixed long back.


4. Thirty-Six Updates Later—and Counting

Over the Thanksgiving holiday, I refreshed one of my Windows Vista test machines. Oh my, there were so many Windows Updates.


5. Vista security threats to rise in 2008: McAfee

Microsoft’s Windows Vista operating system will face increasing security threats, according to McAfee Avert Labs predictions for top 10 security threats in 2008.


6. Microsoft issues 6 'critical' patches

The updates affect many versions of Windows, Server and Office software -- including Windows XP and Windows Vista -- and are meant to prevent hackers from breaking into Web surfers' computers using specially crafted Web pages.


7. Buffer the Overflow Slayer v. the ActiveX Files [Vista included]

The vulnerability was discovered by Krystian Kloskowski and is rated "highly critical" in this posting on Secunia. It's also discussed here on the US-Cert website. Proof-of-concept code can be found on MilW0rm here.


8. Microsoft plans six critical patches

At least one of the critical vulnerabilities involves Internet Explorer 7 and Windows Vista, both of which were conceived under new and highly vaunted development rigors designed to produce more secure products.


9. Patch Tuesday: Critical IE, Vista patches on deck

Of the four criticals, two will include high-severity patches for Windows Vista. The bulletin rated ?moderate? only affects Vista.


10. June Patch Tuesday to deliver Vista fixes and more

Four of this month's bulletins are labelled 'critical' and relate to vulnerabilities that may allow remote code execution.


11. Microsoft Plugs Critical Vista Hole

Microsoft has just patched another critical hole in Vista that it knew about as long ago as last Christmas. The delay was similar to its lag in patching the serious (and heavily targeted) animated-cursor flaw I told you about last month.


12. Microsoft Patches Not One, But Three Vista Holes

Microsoft today released an update for the recently popular 'animated cursor' vulnerability. The update was originally scheduled for April 10th, but due to recent exploits, was rushed out today. The update wasn't just for this one vulnerability though, in Vista, it addressed two others, and in all covered seven vulnerabilities in Vista, XP and 2000.


13. Windows Vista's Built-in Rootkit

This poor implementation of the permissions structure can be exploited by malware to make files that are undetectable to Anti-Virus products.


14. More Windows cursor patch trouble [Vista included again]

A new issue with the fix has also come up. Some customers have experienced trouble when printing from SQL Reporting Services to a Printer Command Language (PCL) printer, Microsoft said.


15. Windows cursor patch causing trouble

Installing Microsoft's Tuesday patch for a "critical" Windows vulnerability is causing trouble for some users.


16. MS Patch Tuesday: Vista dinged again

For the second time this month, Microsoft has shipped a security bulletin with patches for a "critical" Vista vulnerability that puts millions of users at risk of code execution attacks.


17. Security Researchers Say Windows .ANI Problem Surfaced Two Years Ago

Security researchers say the Windows .ANI bug that has been plaguing users for the past week first surfaced -- and was patched -- in early 2005.


18. Week in review: Cursing Windows' cursor flaw

The software giant broke with its monthly patch cycle to fix a bug that cybercrooks had been using since last week to attack Windows PCs, including those running Vista.


19. ANI takers for Asus website virus?

Asus.com.tw, the website of Taiwanese motherboard maker Asustek, has been spraying visitors with the .ANI virus, security software makers confirmed today.


20. Will Next Tuesday's 3 Updates Effect Vista?

I would suspect that one will be a patch for the Windows MessageBox exploit, so Vista should get it. Might another be for the Vista 'Timer/2099 Crack'? I wouldn't consider it critical, but Microsoft probably does.


21. Windows Vista now has its first exploit spotted in the public

Security experts have confirmed that a proof of concept code for an unpatched vulnerability in Windows Vista has been released on the internet.


There were warning signs in advance. Windows Vista was not made to have a considerable impact, security-wise, but hype was a key driver. It happens to be the same case with DirectX 10, whose hype was generated by faking images which create a false perception that it is a big jump compared to DirectX 9 (that is another shocking story about deception, but it's worth a separate post). Here are some more articles of interest:

1. Windows Vista: It's More Secure, We Promise

Well, allow me to take a moment to remind everyone of something that you might not remember - XP was also touted as being ultra secure. Seriously, can anyone honestly look themselves in the mirror and say this is the gospel truth? You have got to be kidding me. Similar to XP, Microsoft promises to have the most secure Windows version to date yet again.


2. Cisco exec: Windows Vista is scary

"Parts of Vista scare me," Gleichauf said at the Gartner Security Summit here on Monday. "Anything with that level of systems complexity will have new threats, as well as bringing new solutions. It's always a struggle in security, trying to build for what you don't know."


3. Symantec Finds Flaws In Vista's Network Stack

Researchers with Symantec's advanced threat team poked through Vista's new network stack in several recent builds of the still-under-construction operating system, and found several bugs -- some of which have been fixed, including a few in Monday's release -- as well as broader evidence that the rewrite of the networking code could easily lead to problems.

[...]

Among Newsham's and Hoagland's conclusions: "The amount of new code present in Windows Vista provides many opportunities for new defects."

"It's true that some of the things we found were 'low-hanging fruit,' and that some are getting fixed in later builds," said Friedrichs. "But that begs the question of what else is in there?"


With so many incidents out there, there remains this Big Lie that Vista is secure. Paid analysts do not help here.

Comments

Microsoft Sued for Patent Infringement, Patents Brain Probing | Patent Concerns Invade GNU/Linux, GPLv3 Offers Remedy

Recent Techrights' Posts

Those of Us Who Grew Up Playing Doom Must Remember What Microsoft Did to Its Creator
Doomed by Microsoft
At The Register MS, Fake 'Articles' Sponsored by WIntel (Windows+Intel)
We've meanwhile noticed that there's new sponsored spam in at The Register MS and it might be slop
In Addition to National Delegates, Contact the French or Portuguese Governments (Politicians) Regarding António Campinos
Someone needs to step into the EPO and open up all the closets
EPO People Power - Part IV - Sexism, Chauvinism, and Lines of Cocaine at Europe's Second-Largest Institution
Recently, one reader told us about Berenguer, who made the "mistake" of using cocaine in the open market
The Web Has Become Extremely Rude
If you cannot behave, go offline
Like Clickfraud Spamnil (Swapnil Bhartiya) But for Hate Mongering: What Twitter Has Become
If you still waste time in Social Control Media, consider changing course
 
Links 11/12/2025: Escalations Around Japan, Software Patents Found Invalid
Links for the day
Killing the IBM Cash Cow, Raising Massive Debt Instead
In a healthy company, the CEO and CFO would get sacked on the spot for doing so. But IBM is not a healthy company, it's just a sick cow being milked to death.
Links 11/12/2025: Dangerous Flukes by Slop and Bottled Water as 'Placebos'
Links for the day
Gemini Links 11/12/2025: Repairs, Wisdom of the Crowds, and AC Explorations
Links for the day
We Need Your EPO Insider Stories
To date, the EPO and any other company/institution hasn't managed to remove even a single public page that we published
Yes, IBM is Also Laying Off Indians (Even in India)
that goes against the popular/hot narrative of "jobs moving to India"
Microsoft-Sponsored Wikipedia Spam About "AI", Added by Microsoft Operatives
When it comes to Wikipedia, follow the money (sponsors)
Keep on Pushing, EPO Management is in a State of Panic This Week
Contact your representatives today
If You Want Freedom, Follow Richard M. Stallman (RMS)
To be clear, I like Linux, I like its founder
EPO People Power - Part III - Challenging Corruption
The media - as in the national press - isn't interested in writing about it
The Flawed Notion of Criticising for Criticism's Sake
People who are highly critical of things are not "toxic"
A Lot More Than Techrights
you probably also want to follow the RSS feed of the sister site
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, December 10, 2025
IRC logs for Wednesday, December 10, 2025
Slopfarms Parrot Any Number That GAFAM Throws at Them, Even Totally Fictional Figures That Merit Fact-Checking
fake from Microsoft
Microsoft Lunduke Tailors His 'Content' for 4Chan
The latest from Lunduke "Journal"
Richard Stallman Was Also Right About Microsoft GitHub (It's Becoming a Botfarm)
trashing the platform
Democracy and Buzzwords
and hype
Five Years in Gemini Protocol
One might say we escaped to Geminispace 2 years before the deluge of slop on the Web
Keeping Up the Pressure on EPO Management
We want to thank our European readers who contacted their representatives
For New PCs and for Old (or Retro) PCs the Increased Cost of System Memory Benefits GNU/Linux and BSDs
GNU/Linux does not have this problem or barely has this problem
Gemini Links 10/12/2025: "Thousand Mile Journey" and The Art Of Chilling
Links for the day
Moving Away From Content Management Systems (CMSs) and Flocking to Static Site Generators (SSGs)
The SSG 'hype' is not based on marketing but a simple reality
IBM is Laying Off Workers in India (While Spending a Fortune Buying a Company for Buzzwords, a Box-Ticking Exercise)
So what is the overall strategy?
EPO People Power - Part II - Talking About Corruption
European media must "grow a pair" and start writing about EPO corruption
Just a Little Slop About "Linux"
Slop about Linux isn't that common anymore
Links 10/12/2025: McDonald’s Latest Slop Gaffe (After Dumping IBM's Slop) and "Scam Altman’s Panic Sweats"
Links for the day
Circular Funding
Passing around capital that does not exist (for PR's sake, but there are ramifications)
Links 10/12/2025: Ransomware (Windows TCO) Has Crippled Economies, Slop (Fake) "Videos Have Flooded Social (Control) Media"
Links for the day
Y Combinator (YC) Funds Scams, Run by Scammers
Including Scam Altman
EPO People Power - Part I - Identifying Corruption
The EPO, at this stage, is a boat full of holes
IBM Has Become a "Plantation"
IBM is basically being destroyed for some cash at this point
It's Not Too Late to Send an E-mail to Your European Representative Regarding European Patent Office Abuses
If you live in Europe and have not done so already, please contact your national delegates, whose job is (at least on paper) to represent you
Almost a Thousand EPO Workers Have Voted for Industrial Action
Mandate given to SUEPO for action plan to stop the salary erosion of EPO staff
Why So Many Software Projects Are Quitting Microsoft and GitHub
Be more like LibreWolf. Move away from Microsoft and GitHub.
Many of the Attacks on Us Apparently Boil Down to Jealousy
Envy is a negative trait that leads people to self harm
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 09, 2025
IRC logs for Tuesday, December 09, 2025
Valuing One's Work by the Effort or Budget Taken to Undermine It
As long as what we publish is factual, nothing prevents its publication
IBM Says It Buys Another Company for "AI", So Why Does IBM Fire Its Own "AI" Experts?
As people rightly point out, this has nothing to do with "AI"
The Boundaries of Criticism
The harder the EPO will push back, the better the job we must have done
New EPO Series: Mafia Culture, Mobbing, Nepotism, and Illegal Drugs
The series shall start later today
Richard Stallman Was Right About "AI"
"Considering Stallman worked in the MIT AI lab in the era of symbolic AI, and has written GCC (an optimizing compiler is a kind of symbolic reasoner imo), I think he has a deeper understanding of the question than most famous people in tech."
With 3 Weeks Left (Sans Extensions) the Free Software Foundation (FSF) Has Already Raised About Half of the Money Set as Fund-Raising Goal
“Idiots can be defeated but they never admit it.” — Richard Stallman
Gemini Links 10/12/2025: Cranberry Juice and Gramophones
Links for the day
IBM: We Lay Off Tens of Thousands of People the Very Same Week We Spend 11 Billion Dollars (Debt) on "AI" Fantasies, Hiring About 8,000 People at Cost of 1.3+ Million Dollars Per Employee
Seems like IBM is run by fools
Google Still Promotes Plagiarism From WebProNews and Prolific Slopfarms
Google News seems lost and hopeless sometimes
Links 09/12/2025: Tariffs Causing Great Harm and "How to Leave the U.S.A."
Links for the day
Links 09/12/2025: "After the Bubble" (of Slop), "The Internet Forgets"
Links for the day
Gemini Links 09/12/2025: Lunar Observations and Programming
Links for the day
Linux Foundation Has Found a New Business: Pyramid Schemes
Linus Torvalds should have known better
They Won't Tell You This ("Revolution Won't Be Televised"), But the Slop Bubble Already Burst
We already wrote about it twice this morning
UbuntuPIT Started Experimenting With LLM Slop and a Month Ago It 'Died'
This is the typical trajectory of slopfarms
LibreWolf Will Turn Six in March, It Already (Probably) Has Millions of Users
It's not possible to know the number of users LibreWolf has
The Year of the New Dark Age
Something isn't right
Slopwatch May be Doomed
Slop isn't changing the world, certainly not in a good way anyway
BetaNews Still a Dodgy Site, It Seems to be Partly Run by Chatbots
The company that took over apparently tries to "monetise" the domain with slop
Tomorrow the EPO Administrative Council is Meeting to Discuss the EPO, Contact Your National Representative Today
Final versions of the EPO Administrative Council photo gallery
IBM's Total Debt is About to Hit Almost 80 Billion Dollars, the Company Can Only Raise $14.8 Billion Within 3 Months
Route towards insolvency, not just irrelevancy
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, December 08, 2025
IRC logs for Monday, December 08, 2025