Bonum Certa Men Certa

Eye on Security: Windows Malware, Emergency Patches, and BeyondTrust's CEO from Microsoft

Summary: Security holes -- some of which highly critical -- continue to be found in Microsoft software; Justification of skepticism when it comes to new 'research' from former Microsoft staff, based on Microsoft-supplied data

OVER the past few days we have gathered more evidence to show that security problems only affect/target Windows and that those who flatter Windows for security are often tied to Microsoft (Window Snyder is just one example).



Windows-only Threats



Download Squad has this new post which compares Norton's Security Scan to malware (it sure takes up a lot of resources). Those who think it's bizarre should check out this minor piece of FUD and the rebuttal from The Source.

Right, so the Murphy’s Law headline is “Stop Supporting Open-Source Bloat“, where the author goes on to decry shady tactics of several programs, like:

* Revo Uninstaller * Digsby * ImgBurn

…NONE OF WHICH ARE OPEN SOURCE


Ignorance or deliberate deception? Either way, it looks bad for Maximum PC. Windows problems are now being described as "Open-Source" for no apparent reason.

TechDirt shows how copyright scare is being used to install malware/back-doors on people's Windows machines. This relies on the infamous click-to-execute mentality that's so prevalent in the Windows world. Actually, Microsoft software also tends to execute arbitrary code when one just visits a Web page (Active X is notorious for this reason).

Microsoft Emergency



The security flaws are so serious that Microsoft has just released an "emergency" patch for no less than 10 holes in Internet Explorer (which Microsoft neglected to patch for many months, leading to otherwise-preventable chaos [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]).

From The Inquirer:

SOFTWARE INSECURITY SISYPHUS Microsoft has released an out-of-cycle patch for users lazy or ignorant enough to still be using an old version of Internet Explorer.

It's generally rare that threats are deemed serious enough for Microsoft to not wait until its next Patch Tuesday, which would be April 13th now, but a vulnerability hit Internet Explorer 6 and 7 that left them open to potential remote code execution.


More at CNET:

Microsoft issued an emergency security update on Tuesday to plug 10 holes in Internet Explorer, including a critical vulnerability that has been exploited in attacks in the wild.

The cumulative update, which Microsoft announced on Monday, resolves nine privately reported flaws and one that was publicly disclosed. The most severe vulnerabilities could lead to remote code execution and a complete takeover of the computer if a user were to view a malicious Web site using IE, Microsoft said in the bulletin summary.


Internet Explorer 8 is also affected.

BeyondTrust is Hard to Trust



BeyondTrust logo



Judging by previous incidents, past Microsoft employees who become 'researchers' typically produce output that's biased in Microsoft's favour. That's why we decided to take a careful look at BeyondTrust. Their web site is all Microsoft stack-based (showing the lower probability that they understand security) and their CEO "spent seven years at Microsoft Corporation in a variety of executive sales and marketing positions," according to the company's own pages. "Sales and marketing," eh? Now, we have already covered security problems Vista 7 suffers from, in a wide range of posts including:



“Statistics must not depend on Microsoft's own data and presented in a favourable way by design.”This brings us back to BeyondTrust (wow, what a name!). Their latest promotion of Windows for security is quoted a lot by Microsoft boosters like Emil this week. They are measuring the wrong thing by wrongly assuming that Microsoft tells the truth about its patches. Microsoft is patching its software secretly a lot of the time. We saw that many times before and thus we urge people to be skeptical. Statistics must not depend on Microsoft's own data and presented in a favourable way by design. Remember that there are "lies, damned lies, and statistics," according to Benjamin Disraeli and others. There may also be reason for bias here.

Speaking of potential connections to Microsoft, an anonymous reader told us to "beware that TurboHercules might be financed by Microsoft". This reader has not produced evidence to show what led to such suspicions (it may give away the identity), but as we recently showed, TurboHercules did join a Microsoft front. It aligned itself with Microsoft and companies/campaigns that are partly owned by Microsoft.

Comments

Recent Techrights' Posts

SLAPP as an Own Goal
We have better things to with our limited time
GNU/Linux at New Highs (Again) in Taiwan
latest numbers
Dr. John Campbell on Gates Foundation
Published two days ago
How Much IBM Really Cares About Software Freedom (Exactly One Year Ago IBM Turned RHEL Into Proprietary Software)
RHEL became proprietary software
Workers of the European Patent Office Take the Office to Court Over Pension
pensions still precarious
 
[Meme/Photography] Photos From the Tux Machines Parties
took nearly a fortnight
Uzbekistan: GNU/Linux Ascent
Uzbekistan is almost the same size as France
Independence From Monopolies
"They were ethnically GAFAM anyway..."
Links 22/06/2024: More Layoffs and Health Scares
Links for the day
Rwanda: Windows Falls Below 30%
For the first time since 2020 Windows is measured below 30%
[Meme] IBM Lost the Case Over "Dinobabies" (and People Died)
IBM agreed to pay to keep the details (and embarrassing evidence) secret; people never forgot what IBM called its staff that wasn't young, this keeps coming up in forums
Exactly One Year Ago RHEL Became Proprietary Operating System
Oh, you want the source code of RHEL? You need to pay me money and promise not to share with anyone
Melinda Gates Did Not Trust Bill Gates, So Why Should You?
She left him because of his ties to child sex trafficker Jeffrey Epstein
Fedora Week of Diversity 2024 Was Powered by Proprietary Software
If instead of opening up to women and minorities we might open up to proprietary software, i.e. become less open
18 Countries in Europe Where Windows Fell Below 30% "Market Share"
Many people still use laptops with Windows, but they're outnumbered by mobile users on Android
[Meme] EPO Pensions in the UK
pensioners: looks like another EPO 'reform'
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, June 21, 2024
IRC logs for Friday, June 21, 2024
During Fedora Week of Diversity (FWD) 2024 IBM and Its Subsidiaries Dragged to Court Over Discrimination at the Corporate Level
IBM is a deplorable, racist company
Gemini Links 22/06/2024: FreeBSD vs XFCE and Gemini Bookmarks Syncing Solution
Links for the day
Links 21/06/2024: Matrimony Perils and US-Sponsored COVID-19 Misinformation
Links for the day
"A coming cybersecurity schism" by Dr. Andy Farnell
new from Dr. Andy Farnell
Links 21/06/2024: Overpopulation, Censorship, and Conflicts
Links for the day
IBM and Subsidiaries Sued for Ageism (Not Just for Racism)
This is already being discussed
UEFI is Against Computer Security, Its True Goal is to Curtail Adoption of GNU/Linux and BSDs on Existing or New PCs
the world is moving away from Windows
[Meme] Chat Control (EU) is All About Social Control
It won't even protect children
The Persistent Nature of Freedom Isn't About Easy Routes
Resistance to oppression takes effort and sometimes money
EFF Not Only Lobbies for TikTok (CPC) But for All Social Control Media, Irrespective of Known Harms as Explained by the US Government
The EFF's own "free speech" people reject free speech
Microsoft's Search (Bing) Fell From 3.3% to 1% in Turkey Just Since the LLM Hype Began
Bing fell sharply in many other countries
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, June 20, 2024
IRC logs for Thursday, June 20, 2024
The Real FSF Lost Well Over a Million Dollars Since the Defamation Attacks on Its Founder
2020-2023 income: -$659,756, -$349,927, -$227,857, and -$686,366, respectively
The Fake FSF ('FSF Europe') Connected to Novell Via SUSE, Not Just Via Microsoft (Repeated 'Donations')
'FSF Europe' is an imposter organisation
Just Less Than 3 Hours After Article on Debian Suicide Cluster Debian's Donald Norwood Recycles a Fortnight-Old 'Hit Piece'
The fall of Debian is its attack on its very own volunteers
IPFS censorship, Edward Brocklesby & Debian hacker expulsion
Reprinted with permission from disguised.work
Links 20/06/2024: Dumbphone Experience and Bad Encryption
Links for the day
Official Project Gemini news feed — Five years of Gemini!
the official statement
Ultimate Judgment: the Debian Suicide Cluster
Reprinted with permission from Daniel Pocock
Links 20/06/2024: Bruce Schneier Adds Moderation Policy, FUCKSHITUP Can't Be Trademarked in the US
Links for the day
Mass Layoffs Happening in IBM Subsidiaries, Almost No Media Exists Anymore (to Cover That)
They can drive people out with R.T.O. of lay off in small batches to prevent any media scrutiny
Linux Months-Old News (LWN Uncorrected)
They could at least update the original
Links 20/06/2024: Trying to Maintain Health and the Implosion of LLM Bubble/Hype
Links for the day
Microsoft's Bing Share in Canada Has Only Decreased Since the LLM Hype ("Bing Chat")
According to statCounter
Gemini Links 20/06/2024: Golden Ticket and Looking for Web 1.0 Communities
Links for the day
Not Even TRYING to Compete With Microsoft
CMA (UK) ought to step in and investigate why Canonical (UK) refuses to even compete
Poul-Henning Kamp: Why Freedom in 'FOSS' Matters
Openwashing is more widely recognised as a growing problem
[Meme] EU Chat Control: The Problem is Too Much Privacy???
So what's with GDPR then? The EU is contradicting itself!
Lithuania: GNU/Linux Usage Climbs to Highest Level in Years
consistent abandonment of Microsoft
"Remarkably Little Had Changed."
Black or African American not even mentioned
This Week Fedora Celebrates Diversity, But It is Pushing Proprietary Software and Censorship
IBM openwashing, perception management, and reputation laundering gone awry?
Rumours That Nat Friedman (CEO) Was 'Fired' by GitHub/Microsoft
"Microsoft Refused to Fix Flaw Years Before SolarWinds Hack"
linuxsecurity.com: A Step in a Positive Direction
We hope that Guardian Digital and linuxsecurity.com will rectify the matter and persist with real articles
Links 20/06/2024: Somali Piracy Surges, Juneteenth Discussed
Links for the day
Gemini Links 20/06/2024: Gemini is 5 Today (Still No Gemlog Entry From its Founder)
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, June 19, 2024
IRC logs for Wednesday, June 19, 2024