Bonum Certa Men Certa

Another Misdirected Response from the Government to the Company “Not Engineered for Security”

"Our products just aren't engineered for security."

--Brian Valentine, Microsoft executive



Summary: Another terrible month for Microsoft insecurity and the government is still unable to respond sensibly to the threat

YESTERDAY we wrote about Microsoft's lobbying for an Internet "Driver's Licence" policy. Rather than blocking the real culprit (Windows) it might only block BSD and GNU/Linux. More importantly, it would resolve absolutely nothing for the reasons just explained by Mike Masnick:



And an internet driver's license is even more ridiculous. Unlike a car, the internet is something that people have to use all the time. No driver's license is going to stop people from getting suckered by scammers.


Exactly. And what does the US government do? Rather than mimic Australia's plan to ban many Windows machines [1, 2], the US government throws some more money into "research". US taxpayers will once again pay for Microsoft's incompetence, just like in Germany.

The US House of Representatives has overwhelmingly passed a bill that would direct almost $400m toward research designed to shore up the nation's cybersecurity defenses.


Microsoft's software will never be secure. Microsoft itself has admitted that its "products just aren't engineered for security." Based on the news, there is yet another Internet Explorer flaw:

CURSED BY ITS HAIRBALL CODE, Microsoft has released another security warning relating to a bug in Internet Explorer.


There have been so many such flaws recently [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] that it's hard to keep track of which is which. Many are highly severe and there was also an IE flaw reported just the day after Microsoft had released an emergency IE patch (for a flaw it knew about and willingly ignored for almost 6 months, demonstrating Microsoft's negligence [1, 2, 3] and infinite arrogance).

Based on CNET, Microsoft is to bring patches for no less than 26 holes next week:

Microsoft will patch 26 holes next week, including critical ones in Windows, one affecting the kernel of 32-bit versions, and several holes in Office, the company said Thursday in a preview of its Patch Tuesday.


That's just a lower bound though. As we already know, Microsoft is patching many flaws without even telling the public in order to embellish its public record. This is a company of systematic liars, a company that is unable to make secure software, let alone patch it in a responsible (and timely) fashion. Had the government tried to resolve its security issues, then it would impose and use greater pressure to move to UNIX and Linux [1, 2].

Comments

Recent Techrights' Posts

The 'Other' Bruce... on Openwashing at OSI (and Not Bruce Perens, the OSI's Co-founder)
Openwashing people (connected to Microsoft) already do "open weights"
Gemini Links 10/11/2024: A Writer's Block, VIM Tips and Tricks
Links for the day
"Paperless Office" (Incompatible With the Law) as a Threat to Workers' Health at the EPO, Europe's Second-Largest Institution and Largest Patent Office
"Software Ergonomics need to be brought back to the agenda at a high level!"
Joel Espy Klecker, unpaid, terminally ill youth labor & Debian knew it
Reprinted with permission from Daniel Pocock
 
Links 10/11/2024: Meaning of Life and iPhone ‘Inactivity Reboot’
Links for the day
Links 10/11/2024: Microsoft Adds Surveillance to Notepad and Paint, TikTok Shutdown Order
Links for the day
Gemini Links 10/11/2024: Scrawlspace and California
Links for the day
Links 10/11/2024: Politics, Economics, and Ticketmaster Issues
Links for the day
Linux Foundation: We've Shut Down the Mailing Lists and Fired Everyone at Linux.com So We Can Spend Money Buying Puff Pieces and Paying Clickfraud/Spammers
deeply rogue
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, November 09, 2024
IRC logs for Saturday, November 09, 2024
[Meme] Linux Foundation Cuts
money is spent by the million on highly dubious things
Politics Becoming Way Too 'Toxic'
'Toxic' political discourse ought to be covered, but reducing the toxicity of coverage itself (e.g. inaccurately covering things to incite "the left" and "the right") is still challenging
Linux Foundation is Rebuilding the Berlin Wall (to Keep Russians Out of Linux)
So the Linux Foundation is basically acting a bit like oppressive Soviets
Linux Foundation is a Scam Like 'Crypto' (So is the Company of Jim Zemlin's Wife, Bakkt)
To us, the Linux Foundation is just a massive scam
Remembering and Respecting Fallen Ones by Avoiding or Stopping Wars (and Boycotting Companies That Want Wars)
The people who die tend to be the least privileged and connected
EPO is Blasting Its Own Foot (There Will be No EPO Left)
If the EPO carries on shooting its own foot, there will be nothing left of it
There's Always a Way to Improve
Self-improvement is a perpetual task
List of Debian lies and deception
Reprinted with permission from Daniel Pocock
Links 09/11/2024: More Mass Layoffs and Concerns About Musk Working Like Trump Aide
Links for the day
Gemini Links 09/11/2024: Operating the Temple System and SeaweedFS
Links for the day
[Teaser] [Meme] Central Occupational Health, Safety and Ergonomics Committee (COHSEC) at European Patent Office (EPO)
These are not teenage gamers
Links 09/11/2024: Further Restrictions on Social Control Media, CASIO Cracked Again
Links for the day
Why Brown CIT Oughtn't Be Named After Thomas J. Watson (Like Many Faculties Ought Not be Named After Bill Gates)
In their own words
Reminder That Mass Layoffs Are Going on All Month This Month at IBM
The "silent" layoffs continue until the end of this month if not longer
[Meme] Just Blame Whoever Takes Advantage of Your Back Doors
The media will even sympathise with malicious and/or incompetent companies if they blame "Russia"
This Remembrance Sunday We Must Also Remember That Some 'Security Companies' Want More Cyberwar
Some companies profit from the cyberwar; hence, their objective is not to end the war
Non-Tech Enshittification: Post Office Perils and the Czech is in the Mail
We still hope that the parcel will be recovered (maybe at customs) or will be sent back some day
[Meme] Don't Try This at Home (But a Datacentre Might be OK)
Quit outsourcing to Social Control Media
There's No Free Lunch in Video Hosting
they say there's no free lunch; if you aren't paying for hosting and serving of "your" videos, you're not the customer and those videos, once uploaded, aren't quite yours anymore
Parroting Microsoft Talking Points About Computer Security
This past summer Richard M. Stallman (RMS) openly complained in a public event that the term "security" had come to mean all sorts of ridiculous things, including the very oppose of real security
Visits to OpenAI's Site Plunged by More Than 67% in the Past Half a Year Alone
'autocorrect on steroids' is mostly worthless
Pocock Running for Office Again
Pocock dealt with all sorts of 'politics' in Free software and, unlike many politicians, he has a background in science and technology
[Meme] Turning the EPO Into a Speculation Bank, Monetising It by Breaking the Law, Playing Real Estate (and Mortgage) Financial Games
travesty
Real Estate and Workplace Problems at the European Patent Office, Which Grants Fake Patents Under the Guise of "Law"
Report on the 54th meeting of the Munich LOHSEC of 20 June 2024
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 08, 2024
IRC logs for Friday, November 08, 2024
Links 09/11/2024: Politics, Climate, and Why Physical Cash is Crucial
Links for the day
Gemini Links 09/11/2024: Minerals, Rants, and Maintaining Planetary Balance
Links for the day
Plagiarism by Bots: Guardian Digital, Inc (linuxsecurity.com) Still Creates Fake Articles About "Linux"
100% fake
[Teaser] [Meme] New Ways to Impoverish Patent Examiners (Entrusted to Block Unjust Monopolies or Monopoly Applications)
Coming tomorrow!
Apple Tax funds: railways, defective concrete blocks in Ireland's North and West
Reprinted with permission from Daniel Pocock
Daniel Pocock, Nomination for Ireland, Dublin Bay South, General Election 2024
Reprinted with permission from Daniel Pocock
Links 08/11/2024: TikTok Bans and Clownflare Issues/Perils
Links for the day
Gemini Links 08/11/2024: RPS, O.D.I.N., and RSS in Yahoo News
Links for the day
Donald Trump as Censor in Chief Can Now Leverage Censorship Companies and Fake Protection Disguised as 'Security'
Centralised CAs were trouble all along
Technology: rights or responsibilities? - Part VI
By Dr. Andy Farnell
A Death of a News Industry
A theme we explored thrice today
Deciphering Centralised CAs and Why Their Demise Should be a Goal
Encryption in transmission is good; but who controls the key exchange and certification/authentication/validation?
Links 08/11/2024: Strikes, Recessions, and Slowdowns
Links for the day
"Many Applications Labelled as "Cybersecurity" and Given a Veneer of Legitimacy Are Really "Weaponised" and Abusive Code"
New from Dr. Andy Farnell
[Teaster] [Meme] New Ways of Wrecking (NWoW)
The EPO
Gateway for News and Blogs
In the long run, this site and its sister site (less overlap between them now) should hopefully become a popular destination for people who look for information, not chaff
Going Even Faster
We hope the site will be faster soon
Psychopaths Who Reaffirm Our Work's Value
Psychopaths and sociopaths lack empathy, so they're willing to go very far and stoop as low as they deem necessary
[Meme] How Low Can You Go at the European Patent Office?
Not just in terms of patent quality
More Cuts/End to Benefits for EPO Workers (Europe's Working Conditions Incompatible With the European Patent Convention)
"The Office is now reviving it but plans to introduce new cuts on benefits"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, November 07, 2024
IRC logs for Thursday, November 07, 2024
Security Advisory: Debian falls for social engineering hacks
Reprinted with permission from Daniel Pocock
Gemini Links 08/11/2024: US Election, RetroChallenge 2024, and More
Links for the day