Bonum Certa Men Certa

Microsoft Adopts Malware Techniques to Advance .NET

LAST MONTH we very briefly mentioned what Apple had done to Mozilla/Firefox. It not only pretended that Firefox would die but it also used dirty techniques to push its non-Free software through the update mechanism for iTunes. This got Apple a lot of bad press and it relented.



Microsoft is not only doing the same thing. It's doing something far more cheeky. It's not only pushing unwanted (uncalled for) software into people's desktops but it also injects that into a Free software competitor, namely Firefox, and to an extent also using its update mechanism to install Microsoft software that's an impediment to cross-platform. Slashdot has a decent short overview of this widely-reported new situation.

While doing a weekly scrub of my Windows systems, which includes checking for driver updates and running virus scans, I found Firefox notifying me of a new add-on. It's labelled 'Microsoft .NET Framework Assistant,' and it 'Adds ClickOnce support and the ability to report installed .NET versions to the web server.' The add-on could not be uninstalled in the usual way. A little Net searching turned up a number of sites offering advice on getting rid of the unrequested add-on.


This not only violates trust and fairness; it's also a serious breach that can harm security. Speaking of which, Conficker keeps getting worse and worse, but the press hardly covers it anymore [1, 2].

The Microsoft RPC worm, known by many as Conficker/Downadup, has multiplied across corporate networks infecting an estimated 10 million machines. Though the damage has been minimal, the worst is yet to come, said researchers.


Conficker may have already killed people and now comes a formal report labeling this a "substantive failure."

A worm attack that forced three London hospitals to shut down their computer networks late last year was entirely avoidable and represented a major failing by the organizations' IT staff, according to an independent review of the incident.


Where life and death are at stake 24 hours a day, look what has happened because of Microsoft Windows viruses.

The PCs at St. Bartholomew's, the Royal London Hospital and The London Chest Hospital were infected with Mytob, a mass-mailing worm also known as MyDoom. Emergency patients were temporarily diverted to other facilities, but officials said no personal data was lost.


This is not a joke, right? According to the report, "officials said no personal data was lost." Were lives lost? Where is the liability when people die? How can this damage be measured?

Here is another new report: Data theft 'cost a trillion US dollars'

INSECURITY outfit McAfee has told the World Economic Forum that data theft cost the world a trillion US dollars and if more work was not done to buy its products the figure could get worse.


Well, it figures. When almost 1 in 2 Windows PCs is a zombie, then the notion of "data theft" is like the notion of possession theft in a city where only half the buildings have doors.

"Our products just aren't engineered for security."

--Brian Valentine, Microsoft executive



Open gate
In a world without windows and gates, who
needs to worry about breaches?



Comments

Recent Techrights' Posts

A 3-Year Campaign to Coerce/Intimidate Us Into Censorship: Targeting Several Webhosts (in Collaboration and Conjunction With Mentally-Ill Flunkies)
Every attempt to nuke the current hosting failed, but it's still worth noting
Google: We Don't Have Source Diversity, But We Have Chatbot Spew in Place of Sources (and It's Not Even Accurate)
Search engines and news search never looked this bad...
[Meme] Security is Not a Failure to Boot (or Illusion of Security Due to 'Unknown' System)
Red Hat is largely responsible for this mess
What is Secure Boot?
Security means the user feels safe and secure - i.e. confident that the machine would continue to work following a reboot or a system upgrade (or kernel upgrade)
Links 27/05/2024: Chatbots Generate Hateful Output, TPM Performance Scrutinised
Links for the day
David Heinemeier Hansson (DHH) Realises What He Should Have Decades Ago
seeing that DHH is moving away from Apple is kind of a big deal
 
Delayed Series About Dr. Richard Stallman
A lot of the attacks on him boil down to petty things
[Meme] Elephant in the Asian Room
With ChromeOS included GNU/Linux is at 6% across Asia
GNU/Linux in Bangladesh Up From 0.5% to Over 4% (Windows Slid From 95% to 18%)
Bangladesh is one of the world's most densely-populated countries
Links 27/05/2024: One Month Left for ICQ, More Openwashing Highlighted
Links for the day
Gemini Links 27/05/2024: Back to GNU/Linux, Librem 5 Assessed
Links for the day
StatCounter (or statCounter) Has Mostly Recovered From a Day's Downtime (Malfunction)
Some of the material we've published based on the statCounter datasets truly annoys Microsofters
StatCounter (or statCounter) Has Been Broken for Nearly 24 Hours. Who Benefits? Microsoft.
StatCounter is broken right now and has been broken for nearly 24 hours already
Reinvigorating the Voice of GNU/Linux Users (Not Companies Whose Chiefs Don't Even Use GNU/Linux!)
Scott Ruecker has just announced his return
"Tech" in the Context of Even Bigger Issues
"Tech" (or technology) activism is important; but there's a bigger picture
A Decade of In-Depth Coverage of Corruption at the European Patent Office (EPO)
The world needs transparency and sunlight
Hopefully Not Sunset for StatCounter
We hope that StatCounter will be back soon.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, May 26, 2024
IRC logs for Sunday, May 26, 2024
Links 27/05/2024: Self-Publishing, Patent Monopolies, and Armed Conflicts
Links for the day
Gemini Links 27/05/2024: Tethering Connection and PFAs
Links for the day
Imagine Canada Enabling Rapists to Harass Their (Rape) Victims
This analogy is applicable because abusers are empowered against the abused
A 3-Year Campaign to Coerce/Intimidate Us Into Censorship: Targeting My Old "Tweets"
This was basically an act of vandalism no better and no worse than UEFI restricted boot
Links 26/05/2024: Google 'Search' Morphing Into Disinformation Factory, Discussion of Maze of the Prison Industrial Complex
Links for the day
In the Pacific (Mostly Islands Around Oceania) GNU/Linux Grew a Lot
Microsoft cannot compete fairly
A Toast to Tux Machines
Food ready for the party, no photos yet...
IBM/Red Hat Failing to Meet Its WARN Obligations in NC (STATE OF NORTH CAROLINA), or Perhaps It's Constantly Delaying the Layoffs
IBM isn't named even once
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, May 25, 2024
IRC logs for Saturday, May 25, 2024
GNU/Linux in Greenland
The sharp increases for GNU/Linux started last summer
The Sheer Absurdity of the EPO's Career System Explained by EPO Staff
"Staff representation has previously pointed this out to management, and the career system has been the reason for several industrial actions and litigation cases initiated by SUEPO."
[Meme] Productivity Champ Nellie Simon: It Takes Me 3+ Weeks to Write 6 Paragraphs
Congrats to Nellie Simon!
It Took EPO Management 3+ Weeks to Respond to a Letter About an Urgent Problem (Defunding of EPO Staff)
The funny thing about it is that Nellie Simon expects examiners to work day and night (which is illegal) while she herself takes 3+ weeks to write a 1-page letter
Staff Union of the EPO (SUEPO) in The Hague Taking Action to Rectify Cuts to Families of Workers
they "are active in challenging this measure via the legal system"
Links 25/05/2024: Microsoft Adds More DRM (Screenshot Blocking), Another Microsoft Outage Takes Down Everything
Links for the day
Gemini Links 25/05/2024: "Bill Smugs" and OpenBSD Mirror Over Tor / I2P
Links for the day
Microsoft #1 in Gaming Layoffs, Laid Off Workers Receive Another Insult From Microsoft
Many of them never chose to work for Microsoft
In New Caledonia Windows is Now Below 30% (It Used to be Over 90%)
Microsoft's Windows absolutely collapsing and the measures are relatively stable
Forget About India's and Pakistan's Nuclear Weapons and Armament Race, They Need to Abscond Windows and Microsoft (Security Swiss Cheese)
Both countries would be wise to remove Windows as soon as possible, irrespective of the local party politics
statCounter: GNU/Linux Rose From 0.2% to Over 3% in Pakistan
GNU/Linux "proper" (i.e. not ChromeOS) has the lion's share
Red tape: farmer concerns eerily similar to Debian suicide cluster deaths
Reprinted with permission from Daniel Pocock
Galway street artists support social media concerns
Reprinted with permission from Daniel Pocock
Links 25/05/2024: Section 230 and Right of Publicity Violations by Microsoft (Which Attacks Performance Artists)
Links for the day
[Meme] No Microsoft
For fun!
Microsoft Windows Falls to New Lows in Poland
It may mean people delete Windows from relatively new PC
A 3-Year Campaign to Coerce/Intimidate Us Into Censorship: An Introduction
The campaign of coercion (or worse) started in 2021
The "D" in Debian Stands for Dictatorship That Extends to Censorship at DNS Level
Of course the registrar, which charged for domains until 2025, just went along with it
Cybersecurity and Infrastructure Security Agency (CISA) Getting Stacked by Microsoft
it lets Microsoft write policies
The Parasitic Nature of Microsoft Contracts
Stop feeding the beast
Gemini Links 25/05/2024: Emacs Windows 2000 Screenshots and Little Languages
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, May 24, 2024
IRC logs for Friday, May 24, 2024