Bonum Certa Men Certa

Despite Media Propaganda About Security, Microsoft Windows Remains the Least Secure Operating System, by Design

"It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks. Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere."

--Jim Allchin, Microsoft



Summary: Amid highly misleading security-centric reports that rely on Microsoft's bogus number of vulnerabilities (Microsoft already admitted hiding many of them) Techrights presents recent news about Windows 'security'

WINDOWS is not a secure operating system. It's not intended to be, either (Microsoft's actions show that security is not the goal). One cannot ever patch NSA back doors safely. When these are patched, it's already too late and newer back doors remain in tact or are being added. Trusting Microsoft to secure Windows is misunderstanding the goal of Windows ('privileged' access) and as Stuxnet serves to remind us, the real owners of Windows are spy agencies, not people who use Windows (renting it from Microsoft in exchange for payments). See this new report titled "Stuxnet Redux: Microsoft patches Windows vuln left open for FIVE YEARS". It says that "[w]hile most of the attention this Patch Tuesday has been focused on the FREAK encryption vulnerability, Microsoft's latest batch of fixes also addresses another longstanding threat to Windows: Stuxnet." So they hadn't fixed it for so long and finally decided to do something about it? Knowing that espionage agencies were exploiting holes and taking control of PCs that have Windows installed? Wake up and smell the coffee. These actions speak volumes.



Adding insult to injury, last week we learned that "Microsoft RE-BORK[ED] Windows 7 patch after reboot loop horror". To quote the report itself: "Reports are emerging that a twice-issued Microsoft Windows 7 patch is still causing pain for users, with some claiming the fix is triggering continuous reboots.

"The patch was first issued as KB2949927 and withdrawn in October due to system faults, before being re-released this week as KB3033929."

So our conclusion is that even when Microsoft offers so-called 'patches' or 'security' there are negative consequences which are too risky to accept. For more information see this article titled "Problems reported with Microsoft patch KB 3002657, warning issued on KB 3046049". A lot of people are still using Windows XP, which receives no patches at all. Some genius, eh?

Some Web sites are now claiming that the NSA and fellow espionage operations have been largely responsible for the SSL hole someone dubbed "FREAK". Of course, despite media spin and a clear Microsoft role (perhaps inside knowledge becoming public), the flaw affects Windows as well (all versions) and Microsoft failed to properly address the problem when it was already known (advertised as public knowledge). "The response of Microsoft and cloud companies to the Freak vulnerability has been far too slow say commentators," according to one British news site/magazine which focused on security. CBS covered this only after it had been wrongly spun as a Linux and Apple issue. "Microsoft was late with the announcement so that the press could focus on Android and iOS and make it look like their problem," said iophk. Microsoft took many weeks to do anything, which gave enough time for passwords to be intercepted and for entire networks to be compromised. So again we are being reminded that Microsoft just doesn't take security seriously. While some reports try to frame Windows as most secure because Microsoft hides many flaws and games the numbers to make the competition look bad, anyone with experience in this area ought to see that Microsoft's encryption was always bogus, and very much by design! Here is another brand-new example of Microsoft 'security' in action: "Microsoft is scrambling to block a fraudulent HTTPS certificate that was issued for one of the company's Windows Live Web addresses lest it be used by attackers to mount convincing man-in-the-middle attacks."

Soon enough, based on some observers, Microsoft Windows-running "PC will become slower as it will serve the updates to another client."

It is a peer-to-peer approach that externalises cost and liability. Is Microsoft really trusting this to work better given the above reports about man-in-the-middle attacks and fraudulent HTTPS certificates? Platforms with back doors cannot ever be relied on for serving security to other systems. It's a collective compromise. Botmasters will love it!

Our last piece of relevant news deals with Pwn2Own. The headline says that "security [is] still a myth on Windows PCs" [via] and that it took just one day to crack Windows. To quote: "Day one of the 2015 Pwn2Own hacking contest in Vancouver, Canada, saw big wins for contestants and headaches for software makers: competing teams successfully exploited fresh vulnerabilities in Adobe Flash and Reader, Microsoft's Windows and Internet Explorer, and Mozilla's Firefox, to hijack PCs."

Was it Firefox on Windows as so often is the case? Not even Tor is secure on Windows.

Recent Techrights' Posts

Security Isn't the Goal of Today's Software and Hardware Products
Any newly-added layer represents more attack surface
Godot 4.2 is Approaching, But After What Happened to Unity All Game Developers Should be Careful
We hope Unity will burn in a massive fire and, as for Godot, we hope it'll get rid of Microsoft
Purge of Software Freedom and Its Voices
Reprinted with permission from Ryan Farmer
 
Links 25/09/2023: Patent News and Coding
some remaining links for today
Steam Deck is Mostly Good in the Sense That It Weakens Microsoft's Dominance (Windows)
The Steam Deck is mostly a DRM appliance
SUSE is Just Another Black Cat Working for Proprietary Giants/Monopolies
SUSE's relationship with firms such as these generally means that SUSE works for authority, not for community, and when it comes to cryptography it just follows guidelines from the US government
IBM is Selling Complexity, Not GNU/Linux
It's not about the clients, it's about money
Birthday of Techrights in 6 Weeks (Tux Machines and Techrights Reach Combined Age of 40 in 2025)
We've already begun the migration to static
Linux Foundation: We Came, We Saw, We Plundered
Linux Foundation staff uses neither Linux nor Open Source. They're essentially using, exploiting, piggybacking goodwill gestures (altruism of volunteers) while paying themselves 6-figure salaries.
Linux Too Big to Be Properly Maintained When There's an Incentive to Sell More and More Things (Complexity and Narrow Support Window)
They want your money, not your peace of mind. That's a problem.
Modern Web Means Proprietary Trash
Mozilla is financially beholden to Google and thus we cannot expect any pushback or for Firefox to "reclaims the Web" a second time around
GNU/Linux Has Conquered the World, But Users' Freedom Has Not (Impediments Remain in Hardware)
Installing one's system of choice on a device is very hard, sometimes impossible
Another Copyright Lawsuit Against Microsoft (or its Proxy) for Misuse of Large Works by Chatbot
Some people mocked us for saying this day would come; chatbots are a huge disappointment and they're on very shaky legal ground
Privacy is Not a Crime, Reporting Hidden Facts Is Not a Crime Either
the powerful companies/governments/societies get to know everything about everybody, but if anyone out there discovers or shares dark secrets about those powerful companies/governments/societies, that's a "crime"
United Workforce Always Better for the Workers
In the case of technology, it is possible that a lack of collective action is because of relatively high salaries and less physically-demanding jobs
GNOME and GTK Taking Freedom Away From Users
Reprinted with permission from Ryan Farmer
GNOME is Worse Today (in 2023) Than When I Did GTK Development 20+ Years Ago
To me it seems like GNOME is moving backward, not forward, mostly removing features and functionality rather than adding any
HowTos Are Moving to Tux Machines
HowTos (or howtos) are very important in their own right, but they can easily distract from the news and howtos are usually quite timeless or time-insensitive
Proprietary Panda: Don't Be Misled by the Innocent Looks of Ubuntu (and Microsoft Canonical)
Given the number of disgruntled employees who leave Canonical and given Ubuntu's trend of just copying whatever IBM does in Fedora, is there still a good reason to choose Ubuntu?
Debian GNU/Linux is a Fine Operating System, But What if People Die Making It for Somebody's Corporate/Personal Gain?
Will companies that exploited unpaid volunteers ever be held accountable for loss of life, caused by burnout, excessive work, or poverty?
Links 24/09/2023: 5 Days' Worth of News (Catchup)
Links for the day
Leftover Links 24/09/2023: Russia, COVID, and More
Links for the day
Forty Years of GNU and the Free Software Movement
by FSF
Gemini and Web in Tandem
We're already learning, over IRC, that out new site is fully compatible with simple command line- and ncurses-based Web browsers. Failing that, there's Gemini.
Red Hat Pretends to Have "Community Commitment to Open Source" While Scuttling the Fedora Community (Among Others)
RHEL is becoming more proprietary over time and community seems to boil down to unpaid volunteers (at least that's how IBM see the "community")
IBM Neglecting Users of GNU/Linux on Laptops and Desktops
Reprinted with permission from Ryan Farmer
Personal Identification on the 'Modern' Net
Reprinted with permission from Ryan Farmer
Not Your Daily Driver: Don't Build With Rust or Adopt Rust-based Software If You Value Long-Term Reliance
Rust is a whole bunch of hype.
The Future of the Web is Not the Web
The supposedly "modern" stuff ought to occupy some other protocol, maybe "app://"
YouTube Has Just Become Even More Sinister
The way Google has been treating the Web (and Web browsers) sheds a clue about future plans and prospects
Initial Announcement of GNU (for Gnu's Not Unix) on September 27, 1983
History matters
Upgrade and Migration Status
Git is working, IPFS is working, IRC is working, Gemini is working
Yesterday in the 'Sister Site', Tux Machines (10 More Stories)
Scope-wise, many stories fit neatly into both sites, but posting the same twice makes no sense logistically
The New Techrights Will be Much Faster
A prompt response to FUD is important. It's time-sensitive.
Slanderous Media Campaigns Trying to Link Linux to 'Backdoors'
Backdoors are typically things that exist by design or get added intentionally (ask Microsoft!), but when it comes to "Linux" in the media the rules are different
The Spamification of GNU/Linux News Sites (or the Web as a Whole) and Why It's Time to Move on, Writing More Stories and Analysis
If you are an enthusiastic Free software user, consider setting up a blog or GemLog (Gemini log)
Techrights is Upgrading
Over the next few days Techrights will be archiving over 40,000 older pages
YouTube Was Never Free Hosting and It Turns Hard-Working People Into Hostages
An accusation, with presumed guilt, seems sufficient for some
The Right to Strike Underutilised by Workers in the Technology Sector
Geeks need to learn how to strike, too.
Welcome to the New Techrights
Looking ahead, we'll probably produce more stories than before because lessening the underlying complexity lets us focus on substance
A Short History of Content Management Systems or Data Shuffles in Boycott Novell and Techrights
In 2006 the site was 'purely' WordPress
GNU Turns 40 This Coming Week
4 decades of "4 Freedoms" show the world that the original definition withstood the test of time