Bonum Certa Men Certa

Despite Media Propaganda About Security, Microsoft Windows Remains the Least Secure Operating System, by Design

"It is no exaggeration to say that the national security is€ also implicated by the efforts of hackers to break into€ computing networks. Computers, including many running Windows€ operating systems, are used throughout the United States€ Department of Defense and by the armed forces of the United€ States in Afghanistan and elsewhere."

--Jim Allchin, Microsoft



Summary: Amid highly misleading security-centric reports that rely on Microsoft's bogus number of vulnerabilities (Microsoft already admitted hiding many of them) Techrights presents recent news about Windows 'security'

WINDOWS is not a secure operating system. It's not intended to be, either (Microsoft's actions show that security is not the goal). One cannot ever patch NSA back doors safely. When these are patched, it's already too late and newer back doors remain in tact or are being added. Trusting Microsoft to secure Windows is misunderstanding the goal of Windows ('privileged' access) and as Stuxnet serves to remind us, the real owners of Windows are spy agencies, not people who use Windows (renting it from Microsoft in exchange for payments). See this new report titled "Stuxnet Redux: Microsoft patches Windows vuln left open for FIVE YEARS". It says that "[w]hile most of the attention this Patch Tuesday has been focused on the FREAK encryption vulnerability, Microsoft's latest batch of fixes also addresses another longstanding threat to Windows: Stuxnet." So they hadn't fixed it for so long and finally decided to do something about it? Knowing that espionage agencies were exploiting holes and taking control of PCs that have Windows installed? Wake up and smell the coffee. These actions speak volumes.



Adding insult to injury, last week we learned that "Microsoft RE-BORK[ED] Windows 7 patch after reboot loop horror". To quote the report itself: "Reports are emerging that a twice-issued Microsoft Windows 7 patch is still causing pain for users, with some claiming the fix is triggering continuous reboots.

"The patch was first issued as KB2949927 and withdrawn in October due to system faults, before being re-released this week as KB3033929."

So our conclusion is that even when Microsoft offers so-called 'patches' or 'security' there are negative consequences which are too risky to accept. For more information see this article titled "Problems reported with Microsoft patch KB 3002657, warning issued on KB 3046049". A lot of people are still using Windows XP, which receives no patches at all. Some genius, eh?

Some Web sites are now claiming that the NSA and fellow espionage operations have been largely responsible for the SSL hole someone dubbed "FREAK". Of course, despite media spin and a clear Microsoft role (perhaps inside knowledge becoming public), the flaw affects Windows as well (all versions) and Microsoft failed to properly address the problem when it was already known (advertised as public knowledge). "The response of Microsoft and cloud companies to the Freak vulnerability has been far too slow say commentators," according to one British news site/magazine which focused on security. CBS covered this only after it had been wrongly spun as a Linux and Apple issue. "Microsoft was late with the announcement so that the press could focus on Android and iOS and make it look like their problem," said iophk. Microsoft took many weeks to do anything, which gave enough time for passwords to be intercepted and for entire networks to be compromised. So again we are being reminded that Microsoft just doesn't take security seriously. While some reports try to frame Windows as most secure because Microsoft hides many flaws and games the numbers to make the competition look bad, anyone with experience in this area ought to see that Microsoft's encryption was always bogus, and very much by design! Here is another brand-new example of Microsoft 'security' in action: "Microsoft is scrambling to block a fraudulent HTTPS certificate that was issued for one of the company's Windows Live Web addresses lest it be used by attackers to mount convincing man-in-the-middle attacks."

Soon enough, based on some observers, Microsoft Windows-running "PC will become slower as it will serve the updates to another client."

It is a peer-to-peer approach that externalises cost and liability. Is Microsoft really trusting this to work better given the above reports about man-in-the-middle attacks and fraudulent HTTPS certificates? Platforms with back doors cannot ever be relied on for serving security to other systems. It's a collective compromise. Botmasters will love it!

Our last piece of relevant news deals with Pwn2Own. The headline says that "security [is] still a myth on Windows PCs" [via] and that it took just one day to crack Windows. To quote: "Day one of the 2015 Pwn2Own hacking contest in Vancouver, Canada, saw big wins for contestants and headaches for software makers: competing teams successfully exploited fresh vulnerabilities in Adobe Flash and Reader, Microsoft's Windows and Internet Explorer, and Mozilla's Firefox, to hijack PCs."

Was it Firefox on Windows as so often is the case? Not even Tor is secure on Windows.

Recent Techrights' Posts

Slopwatch: Brian Fagioli, Google News, and Other LLM Slopfarms
Why does Google News keep promoting these fake articles?
Links 29/10/2025: Amazon Kept "Data Center Water Use Secret", "Abuse of Power" Against Media
Links for the day
Gemini Links 29/10/2025: "My Hardware Specs" and "Goodbye Debian…"
Links for the day
EPO Cocainegate: Feedback and Clarifications
Part III will come out soon
Links 29/10/2025: "US Military Is Destroying the Planet Beyond Imagination" and Boat Strikes Deemed Unlawful
Links for the day
Quality Comes First (Techrights Search)
It's generally working already, but we wish to polish it some more
Techrights Party Countdown
Late next week we'll be holding a party near our home
European Parliament and Council Directive on Privacy is Vanishing
"edited / censored some time more recently"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, October 28, 2025
IRC logs for Tuesday, October 28, 2025
Slopwatch: The March of Slopfarms, From UbuntuPIT to Linux Journal and to Various Fake Sites Still Promoted by Google News
It's so worrying to see what the Web has become
Links 29/10/2025: CISA, Ukraine, and Amazon Problems
Links for the day
[Teaser] The EPO's Spokesperson, a Cocaine User, Fancies Young Women
How's that for "optics" in the EU and Europe's second-largest institution?
How Will António Campinos Respond to the EPO's 'Cocainegate'?
That's the same thing we saw and still see when the press deals with enablers and partners of Jeffrey Epstein
Join Us Now and Share the News - Part IV: There Cannot be Free Software Without Free Press and Free Information
One day, one can hope, more people will recognise that for Software Freedom we need free press and free thinkers
Join Us Now and Share the News - Part III: Principled Stance Is Never Cheap
Protecting the truth and insisting that the general public is made aware of things that really happened isn't cheap
Join Us Now and Share the News - Part II: Because Scarcity of Accurate Information Breeds Collective Ignorance
we too will strive to share information that's aggressively suppressed
Gemini Links 28/10/2025: More New Arrivals at Geminispace, xkcd on "Document Forgery"
Links for the day
Join Us Now and Share the News - Part I: Defence of the Truth
This year we make a very strong, firm statement for truth, even if that means explaining our work to the top media judge in the country
Links 28/10/2025: Meta and Fentanylware (CheeTok) Age-Restricted Down Under, "Britain Needs China’s Money"
Links for the day
Links 28/10/2025: Mass Layoffs at Amazon and Charter to Cut 1,200 Jobs
Links for the day
The Cocaine Patent Office - Part II: The Person Who Planted Paid-for Fake News for the European Patent Office (EPO) is a Cocaine User, Friend of António Campinos, Now on Record as Having Been Arrested
Background: High-level manager at the European Patent Office caught in public with cocaine, arrested
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, October 27, 2025
IRC logs for Monday, October 27, 2025
Google News Drowning in Slop (and Slopfarms That Hijack About Half the Results)
Google News seems to be drowning in this stuff
Gemini Links 28/10/2025: "How to Maximize Your Positive Impact" and ASCII Art and Artist Attribution
Links for the day
PETA and Activism
Being staff or volunteer in PETA isn't easy
Big Blue, Huge Debt
debt will soar again
Links 27/10/2025: Mass Surveillance Sold as "AI", People Reluctant to Lose Physical Media
Links for the day
Parties and Milestones Again
we've begun putting up about 40 balloons
Techrights' 19th Anniversary: Bronze
Time to go back to preparing for this anniversary
Our Latest European Patent Office (EPO) Series Will Last Several Weeks, Will Ask the EPO Management and the European Union (EU) Very Difficult Questions
If nobody loses a job (or jobs) over this, then the EU basically became no better than Colombia or Nicaragua
Slopwatch: LinuxSecurity, UbuntuPIT, Brian Fagioli, and Google News
We focus on stories that are fake or LLM slop that disguises itself as "news" about Linux
Links 27/10/2025: Wikipedia Vandalism, Bruce Perens Opens up on Childhood
Links for the day
This Site Could Not be Done by LLMs Even If It Wanted to (Because It's Not a Parrot of What Other Sites Say)
LLMs have no knowledge or deep understanding
Microsoft is Disloyal Towards Its Most Loyal Employees
Against its most faithful enablers
19 Years, No Censorship
No factual information is ever going to be removed, more so if it is in the public interest
We Are Not a Conventional Site, That's Why They Hate (or Love) Us
Throughout the week this week we'll be focusing on the EPO
Following the Line of Cocaine All the Way to the Top
Even a million denials and spin-doctoring won't distract from the core issue
The Cocaine Patent Office - Part I: António Campinos Brought Corruption and Nepotism to the EPO, Then Came the Cocaine
High-level manager at the European Patent Office (EPO) caught in public with cocaine, the Office has some answering to do
Purchasing/Possessing Computers Isn't the Same as Controlling Computers
Let's strive to put computers back under the control of their users, no matter who purchased these (usually the users)
Gemini Links 27/10/2025: Alhena 5.4.3 and Fixing Bash
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, October 26, 2025
IRC logs for Sunday, October 26, 2025
Thankfully We've Made Copies of More Interesting Data From statCounter
If statCounter (the Web site or the 'webapp') vanished overnight, we'd still have something left of it
More Silent Layoffs at IBM/Red Hat
when the media counts such layoffs or presents tallies the numbers are very incomplete