Bonum Certa Men Certa

Another Reason to Avoid Mono: Security

"At Microsoft I learned the truth about ActiveX and COM and I got very interested in it inmediately [sic]."

--Miguel de Icaza



For reasons and factors that make OOXML not secure, Mono is a security hazard as well. For those who are not yet convinced, there is this brand-new article which highlights the architectural failures of .NET and their impact on security. Read it.



Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.


Also in the news today is this alarming issue of 7 "critical" flaws (the highest level of severity) in Microsoft software.

Does anyone want GNU/Linux to inherit this nightmare? Is this something which belongs in the operating system which NASA, the NSA and the Department of Defense use? What about the cost implications? Beyond the issue of acquisition cost also exist the costs of maintenance, repair, and damage control. Losses incurred by leaks (espionage) and data loss are sometimes invaluable.

A few hours ago, one reader sent us the following message regarding the consequences of poor security.




Note that the bad engineering promoted by Bill Gates and his movement is probably costing Joe Sixpack upwards of 8 hours lost effort per week from malware, instability and poor interoperability. With the US in the economic situation it is in, that may be enough to knock the floor out of the recession. The failure that is Microsoft Vista may be the last straw and take down what's left of the economy.

“The failure that is Microsoft Vista may be the last straw and take down what's left of the economy.”Until recently, Microsoft people have been able to stifle security information. However, the EFF's recent win paves the way forward for better technology to become more visible.

I look forward to the seeing Back-To-School Security Packets in Walmart, Best Buy, and others consisting of Xubuntu CDs.

The last 10 years have shown us nothing if not that FOSS helps make your business more recession-proof.

What we have here is an old and odd spin trotted out yet another time. The spin tries to be negative, but at the end of the day, use of FOSS has boosted the economy there by some $60 billion on unnecessary sunk costs.

Further, since were FOSS tends to lead, it leads due to better performance, quality, interoperability and maintenance, not just cost. So that leads to secondary and tertiary savings. After all, if the IT team is not having to spend all its time chasing fires, it can be far more than $60 billion in savings once the total cost of ownership is settled.

Sure a small wedge of the software sellers might have lost, but the large part of the pie consists of software users. We win here.

____ 1) "EFF Wins Protection for Security Researchers" (2007)

2) "Vista's Security Rendered Completely Useless by New Exploit" (2008) "... a technique that can be used to bypass all memory protection safeguards that Microsoft built into Windows Vista..." "... the work is a major breakthrough and there is very little that Microsoft can do to fix the problems..."

3) "This Bug Man Is a Pest" (2008) "...His syllabus is partly a veiled attack on McAfee, Symantec and their ilk, whose $100 consumer products he sees as mostly useless. If college students can beat these antivirus programs, he argues, what good are they for the people and businesses spending nearly $5 billion a year on them? ..."

4) "USENIX WOOT07, Exploiting Concurrency Vulnerabilities in System Call Wrappers, and the Evil Genius" (2007)




For those wondering about highly-restrained criticism of Microsoft/Windows security, a mandatory background would be the smear campaigns against security researchers. Smear campaigns are something that Microsoft is intimately familiar with [1, 2, 3, 4, 5, 6, 7, 8, 9]. Remember the Geer saga, too [1, 2] (little more in [1, 2, 3]). He lost his job for saying the truth about Microsoft's security shortcomings and the horrific state of the Web, caused largely by Microsoft and its back doors.

Recent Techrights' Posts

The Word About the Upcoming Talk by Richard Stallman - Scheduled for Friday This Week - Has Spread ("The Cost of Freedom," Lausanne, Switzerland)
So the word is spreading
Microsoft Front Group Starts the Year by Championing Underage (or Child) Labour
the fake 'FSF'
 
Gemini Links 14/01/2025: The Gemtext Print Hurdle and New Game: Fill!
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, January 13, 2025
IRC logs for Monday, January 13, 2025
Links 13/01/2025: Conflicts, Prisoner Exchange, and Homes on Fire
Links for the day
Angola: Microsoft Windows Falls Below 10%
Microsoft has a really bad 2024 in Africa
[Meme] Twitter ("X") Has Been Grooming Radicals Since 2022
Musk's very own "grooming gang"
[Meme] What Free Speech Ought to Mean
It does not sound like RMS suggests anything other than quitting social control media
Gemini Links 13/01/2025: RestFest, Yule, and Deedum
Links for the day
Modern Web Browsers as Web Censorship Software
We continue to recommend Geminispace
Two Weeks From Now Dr. Richard Stallman Speaks at The Summit of Future 2025 (India)
he will be giving a "Keynote Address" in India
Microsoft is Tight With Money: It's About the Salaries ('Cost' of the Workers)
a question of cost, not skill
Google Got People Sort of Addicted to Android So It Can Cash in (Services, App Store, Advertising) Decades Later
This is not software freedom
The Free Software Foundation Reaches 370k Dollars in Funding, Due Date is January 17th When Richard Stallman is Guest of Honour in Lausanne (Switzerland)
Even fellow board members seem unaware of it
Record Lows for Windows (Microsoft) in Botswana
The market share of Vista 11 is seen as going down
Preserving Deleted Articles About Bill Gates Talking Like a Drug Dealer About Computer Users
Now it's 2025. Different challenge.
Links 13/01/2025: Disinformation, Social Control Media Actively Promoting Nazism, and Catchup With Ukraine
Links for the day
TPM Boosters Inside Debian (TPM Isn't About Security, It is About Control Over Users and Their Machines)
We're not rushing to any conclusions
Aaron Swartz Died 12 Years Ago After a Vicious Government Campaign to Stop Him
The Aaron Swartz story is a reminder of the importance of having verifiable/verified information out there for the general public to see
Links 13/01/2025: GitLab Enshittification and Minimalism and Efficiency with Gemini Protocol
Links for the day
Links 13/01/2025: Hardware, Health, and Conflicts
Links for the day
Chatbots Are Not Data-Driven, They're Human-Censored and Rely on Wage Slaves (and Sometimes Unpaid Volunteers)
This is the Microsoft wage slavery
Microsoft Appears to Have Fallen to Only 15% in Maldives
This is a problem for Microsoft
Rumours of IBM Canada Layoffs
We'll keep a vigilant eye on this
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, January 12, 2025
IRC logs for Sunday, January 12, 2025
Bots Covering Debian Releases
It would be quite safe to guess that chatbots were at least partly leveraged for that text
Gemini Links 12/01/2025: No Country For Old Men, Burned Homes, and "Planet P is Clean"
Links for the day
Slopwatch: Brittany Day and Brian Fagioli Are Still at It, Googlebombing "Linux" With LLM Slop (Taking Away Traffic From the Articles They're Plagiarising)
Some more sites that used to cover GNU/Linux have turned into slopfarms
Links 12/01/2025: Microsoft Admits It's Laying Off Staff Only Where Staff is "Expensive" (Race to the Bottom)
Links for the day
[Meme] Being High on Drugs Isn't Happiness (Likewise, Being a "Star" in Social Control Media is Temporary)
Many entities - or people - will regret telling everybody "follow me on Twitter"
[Meme] They Say That RMS Says the "F" Word (Freedom) Too Much...
About 32.7k US dollars are now left for the FSF to raise (in 6 days)
Links 12/01/2025: More Sanctions Against Russia, SCOTUS Signals Fentanylware (TikTok) Ban Will Stay
Links for the day
[Meme] A Jihad Against Servers the User Controls
We need to strive for and work towards greater control by users over "their" servers
Microsoft Azure-Only Bugs in "Linux" Can "Compromise the System."
From ubuntu.com and linux.org a few days ago
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, January 11, 2025
IRC logs for Saturday, January 11, 2025
Gemini Links 12/01/2025: DHL Express Does Not Deliver, Oddmuse Update
Links for the day