Bonum Certa Men Certa

Microsoft -- Like David Cameron -- Attacking the Computer Security Industry

Microsoft is essentially a snitching company, unconditionally serving those in power

Police



Summary: Microsoft's latest moves that help expose its real policy when it comes to computer security and people's privacy

THE OTHER day we mentioned demands for back doors, which basically would make any piece of proprietary software (where back doors cannot be removed) utterly useless for any serious work because secure communication is a cornerstone of computing in a connected environment. We also mentioned Microsoft hiding many of its existing back doors even more aggressively, essentially telling users nothing about their easy-to-compromise systems.



"Always remember that Microsoft makes money from spying on users (government subsidies for the back door access), including in cases where this directly benefits Microsoft's business interests"This article from the British press says that this "move was criticised by some security professionals, who said it would hinder organisations’ ability to quickly test and deploy Microsoft’s updates."

They should just quit relying on Windows. Sony can tell them how reliance on Microsoft Windows already caused them to be doxxed against, potentially costing the company many billions of dollars in damages. One security-oriented professional "called the change, which was made with no advance notice, an “assault” on IT security teams."

Microsoft "assaults" the IT security industry. It attacks security itself, too. To quote further from the article: "Other industry observers said the change may have resulted from a broad reorganisation at Microsoft that began in 2013 and included large-scale layoffs in the middle of last year, with the Trustworthy Computing security group shut down in September. The reorganisation is itself the result of a broad industry shift toward mobile devices which has diminished the importance of Microsoft products such as Windows.

"Prominent figures at MSRC have left Microsoft, including senior development manager Jonathan Ness and Dustin Childs, group manager of response communications. In November Microsoft discontinued a long-running webcast in which engineers gave details on the monthly updates.

"Microsoft said in a statement that while ANS is no longer public, the company may also “take the appropriate actions to reach customers” if it determines that “broad communication” is needed for a specific situation."

So Microsoft Windows bug doors are becoming more secretive now. Nice timing given Cameron's call for back doors in everything; he would be so proud. Remember that Microsoft tells the NSA (and hence GCHQ too) about these bug doors well before they are patched, even 3 months in advance (Microsoft does not bother to patch holes until much later, if ever).

GNU/Linux is completely different because the code is visible and everyone can patch holes as soon as they are revealed. There are huge software repositories for which source code is available, so even underlying applications -- not just the operating system -- can be fixed. On Windows it is a sordid mess of random downloads of binaries from the Web and so-called 'crapware' that comes preinstalled with Windows and often has malicious behaviour. As Jim Lynch put it the other day: "I guess the bottom line here is to try to avoid being the sucker by installing crapware in the first place, regardless of the operating system you are using. If you don’t understand or aren’t sure about what’s being installed THEN DON’T INSTALL IT on your system. And only install software from trusted sources that don’t engage in the freeware bundling shenanigans."

Free software has none of these issues. The user is in charge.

Caspar Bowden, whom Microsoft fired for 'daring' to care about security and privacy, talks about Microsoft's publicity stunt case (intended to make it look like Microsoft cares about security and privacy). He now says he hopes Microsoft's publicity stunt will go down in flames and here is why: "His reasoning is that the US government can use other legal instruments, such as FISA 702 or Executive Order 12333, to brush aside such niceties as Safe Harbor or binding corporate rules (BCR) to get its hands on such data perfectly legally any time it likes, and as such the whole case is a smokescreen that actually suits both parties.

""Even if Microsoft wins that case, and I hope they don't because that'll just shore up the whole rotten system, it will make no difference to surveillance by the NSA under FISA 702 or Executive Order 12333 [see below]," he told Computing.

"Bowden - who was the chief privacy adviser to 40 national technology officers at Microsoft before he was "let go" in 2011 after revealing what FISA 702 implies for the firm's non-US customers - believes that this is all for show. It is part of a campaign of "cloudwashing" on the part of government and the industry, he says, that deliberately conflates data security - over which US cloud companies and their customers can take an active role - and government surveillance, over which, for legal reasons, they cannot. FISA 702 allows the US government to install surveillance apparatus inside the data centres of US companies. These interventions are covered by the espionage law, and anyone revealing their existence could face a lengthy jail sentence, as Yahoo's Marissa Mayer revealed."

Bowden is a Brit speaking about Ireland in the British press. We are happy to see him using the term "cloudwashing" -- a term we have used a lot for years. A lot of the pro-cloud hype is about increasing surveillance; it's often the business model. Always remember that Microsoft makes money from spying on users (government subsidies for the back door access), including in cases where this directly benefits Microsoft's business interests.

Recent Techrights' Posts

1989: Free Software as "Open" Software (OSI Didn't Coin "Open Source", It Also Predates Linux)
"One man's fight for Free software"
Linux Journal Might Have Become the Latest Slopfarm Targeting "Linux", the Trends Are Concerning for Dying News Sites
They tarnish the Web with junk and then die
On "Learning to Code"
quality may suffer, plus things get bloated
Quick Points Regarding This Week's Court Hearing
it paves the way for us to squash all the SLAPPs from Microsofters
 
Microsoft's Competition Tactics: Sabotage GNU/Linux Installs, Block Chrome
Edge is dying
The Microsoft OOXML Modus Operandi: Throw 1,000 Pages of Other People's Work for a Judge to Read Ahead of a One-Hour Meeting
No time to discuss this - that's the point
Formalities Officers (FOs) at the EPO Are in Trouble, Reveals Internal Report
We already know, based on an HR pattern we saw at IBM and elsewhere, that reallocating roles can be prerequisite for dismissal and those who do so expect many to resign anyway
The Web is Slop and FUD, Let's Go to Gemini Protocol
Lupa sees self-signed capsules at 92.4%
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, June 20, 2025
IRC logs for Friday, June 20, 2025
Links 21/06/2025: Phone Bans for Concerts, Tensions in Taiwan Strait
Links for the day
Gemini Links 21/06/2025: Spoilers, Public Yggdrasil Node, Changes to AuraGem Search
Links for the day
"Six years of Gemini!"
From gemini://geminiprotocol.net
Gemini Links 20/06/2025: Summer Updates and Hardware Failures
Links for the day
Links 20/06/2025: Google Shareholder Sues Google and Google Sued for Defamatory Slop ('Hey Hi') Word Salads ('Summaries')
Links for the day
Common Mistake: Believing Social Control Media Will Document Your Writings/Thoughts and Search Engines Like Google Will Help You Find These
Many news sites wrongly assumed that posting directly to Twitter would be acceptable
The Manchester Bees and This Hot Summer
We have had a fantastic week so far this week
Gemini Protocol Enters Its Seventh Year, Growth Has Accelerated!
Maybe in June 20 2026 there will be over 3,500 active capsules?
Mastodon and the Fediverse Have an Issue: Liability for Content (Even in Other Instances) and Costs
self-hosting is the only logical path forward
Why Microsoft and Its 'Hey Hi' (Slop) Frenzy Fail While Sinking in Deep, Growing Debt
Right now, like Twitter around the time it was sold to MElon, "open" "hey hi" is a big pile of debt with a lot to pay for that debt (interest payments)
Europe is Leaving Microsoft, the Press Coverage Isn't Sufficiently Helpful
The news is generally positive, but the press coverage leaves so much to be desired
Slopwatch: Linuxsecurity, BetaNews, and Linux Journal
slippery slope
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, June 19, 2025
IRC logs for Thursday, June 19, 2025
Gemini Links 20/06/2025: Gemini Protocol Turns 6!
Links for the day
Links 19/06/2025: Ghostwriting Scam and Fentanylware (TikTok) Buying Time
Links for the day
Microsoft's Windows is a Niche Operating System in Africa
African nations aren't a large contributor to Microsoft's income, but if many African nations move away from Windows, then the monopoly is at risk
Gemini Links 19/06/2025: Unix Primitivism, Zine Club, and Gemini Protocol Turns 6 at Midnight
Links for the day
Links 19/06/2025: WhatsApp Identified as Assassination 'Crosshairs', Patreon Now Rips Off People Even More
Links for the day
"Told You So": Another Very Large Wave of Microsoft Layoffs Now Confirmed in Mainstream Media
So we were right to believe the rumours, based on the credibility of prior such rumours
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, June 18, 2025
IRC logs for Wednesday, June 18, 2025