EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS
Boycott Novell

08.08.08

Another Reason to Avoid Mono: Security

Posted in Microsoft, Windows, GNU/Linux, Novell, Mono, Security at 5:27 pm by Roy Schestowitz

“At Microsoft I learned the truth about ActiveX and COM and I got very interested in it inmediately [sic].”

Miguel de Icaza

For reasons and factors that make OOXML not secure, Mono is a security hazard as well. For those who are not yet convinced, there is this brand-new article which highlights the architectural failures of .NET and their impact on security. Read it.

Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.

Also in the news today is this alarming issue of 7 “critical” flaws (the highest level of severity) in Microsoft software.

Does anyone want GNU/Linux to inherit this nightmare? Is this something which belongs in the operating system which NASA, the NSA and the Department of Defense use? What about the cost implications? Beyond the issue of acquisition cost also exist the costs of maintenance, repair, and damage control. Losses incurred by leaks (espionage) and data loss are sometimes invaluable.

A few hours ago, one reader sent us the following message regarding the consequences of poor security.

Note that the bad engineering promoted by Bill Gates and his movement is probably costing Joe Sixpack upwards of 8 hours lost effort per week from malware, instability and poor interoperability. With the US in the economic situation it is in, that may be enough to knock the floor out of the recession. The failure that is Microsoft Vista may be the last straw and take down what’s left of the economy.

“The failure that is Microsoft Vista may be the last straw and take down what’s left of the economy.”Until recently, Microsoft people have been able to stifle security information. However, the EFF’s recent win paves the way forward for better technology to become more visible.

I look forward to the seeing Back-To-School Security Packets in Walmart, Best Buy, and others consisting of Xubuntu CDs.

The last 10 years have shown us nothing if not that FOSS helps make your business more recession-proof.

What we have here is an old and odd spin trotted out yet another time. The spin tries to be negative, but at the end of the day, use of FOSS has boosted the economy there by some $60 billion on unnecessary sunk costs.

Further, since were FOSS tends to lead, it leads due to better performance, quality, interoperability and maintenance, not just cost. So that leads to secondary and tertiary savings. After all, if the IT team is not having to spend all its time chasing fires, it can be far more than $60 billion in savings once the total cost of ownership is settled.

Sure a small wedge of the software sellers might have lost, but the large part of the pie consists of software users. We win here.

____
1) “EFF Wins Protection for Security Researchers” (2007)

2) “Vista’s Security Rendered Completely Useless by New Exploit” (2008)
“… a technique that can be used to bypass all memory
protection safeguards that Microsoft built into Windows
Vista…”
“… the work is a major breakthrough and there is very little
that Microsoft can do to fix the problems…”

3) “This Bug Man Is a Pest” (2008)
“…His syllabus is partly a veiled attack on McAfee,
Symantec and their ilk, whose $100 consumer products he
sees as mostly useless. If college students can beat
these antivirus programs, he argues, what good are they
for the people and businesses spending nearly $5 billion
a year on them? …”

4) “USENIX WOOT07, Exploiting Concurrency Vulnerabilities in System Call Wrappers, and the Evil Genius” (2007)

For those wondering about highly-restrained criticism of Microsoft/Windows security, a mandatory background would be the smear campaigns against security researchers. Smear campaigns are something that Microsoft is intimately familiar with [1, 2, 3, 4, 5, 6, 7, 8, 9]. Remember the Geer saga, too [1, 2] (little more in [1, 2, 3]). He lost his job for saying the truth about Microsoft’s security shortcomings and the horrific state of the Web, caused largely by Microsoft and its back doors.

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channel.

Pages that cross-reference this one

Listed from October 23rd 2007 onwards, pingbacks and trackbacks (external) are omitted

Leave a Comment

What Else is New

  1. US Army Becomes Zombies Army; London Hospitals Still Ill (Windows Viruses)

    Security issues that are staggering hit the Web, US military, hospitals

  2. Quick Mention: Novell is Helping Microsoft OOXML Again

    Microsoft's work with Novell bears fruit: ODF 'killer'

  3. “Twisted Ideological Crusade” and Other Excuses

    Known critic of Boycott Novell tries to justify choice of SUSE; GNU India responds to Boycott Novell protest

  4. Beware the Mono

    Another explanation of the Mono problem; Miguel de Icaza makes Windows software

  5. EU Commission re ACTA: STFU

    The European Commission comments about the ACTA whilst things continue to escalate

  6. IRC: #boycottnovell @ FreeNode: December 2nd, 2008 - Part 2

    IRC Log for December 2nd, 2008 - Part 2

  7. IRC: #boycottnovell @ FreeNode: December 2nd, 2008 - Part 1

    IRC Log for December 2nd, 2008 - Part 1

  8. Links 03/12/2008: GNU/Linux Called Better Than Vista; Nokia Linux Phones Rumoured

    Links for the day

  9. (Another) Microsoft-Commissioned 'Study' Inverses Truths

    Microsoft lies about gains in search, using Microsoft-commissioned pseudo-studies

  10. Microsoft's Own Servers Become Zombies, Spew Out SPAM

    Microsoft's search engine servers are reportedly being hijacked to send SPAM

  11. FOSDEM 2009: Sponsored by Microsoft Partner

    Novell is a prominent organiser/sponsor

  12. Patents Roundup: From Microsoft's Trolls to Obama Policies

    A summary of news about patents across the world (mostly software related)

  13. Links 01/12/2008: North South Wales for F/OSS or GNU/Linux, OpenMoko Expands

    Links for the day

  14. IRC: #boycottnovell @ FreeNode: December 1st, 2008 - Part 3

    IRC Log for December 1st, 2008 - Part 3

  15. IRC: #boycottnovell @ FreeNode: December 1st, 2008 - Part 2

    IRC Log for December 1st, 2008 - Part 2

  16. IRC: #boycottnovell @ FreeNode: December 1st, 2008 - Part 1

    IRC Log for December 1st, 2008 - Part 1

  17. Exploring the BECTA-Microsoft Relationship

    Boycott Novell takes a look at who runs BECTA and how BECTA's judgment is made

  18. A Gradual Fall of W|Intel... Thanks to OLPC?

    Intel is confronted with a problem that was introduced inevitably, amid rise of the OLPC

  19. Leaked: Microsoft Pays Companies to Recommend Windows

    Confidential documents were leaked to us and they show how Microsoft controls advertisements even in the channel

  20. Links 01/12/2008: FreeBSD 6.4 Released; City Moves to OpenOffice.org

    Links for the day

  21. IRC: #boycottnovell @ FreeNode: November 30th, 2008

    IRC Log for November 30th, 2008

  22. Antitrust Complaint About Microsoft, a So-called 'Pirate'

    Microsoft is reported to the EC for overcharging, media contains a lot of Microsoft-imposed daemonisation

  23. Boycott Novell Leaps

    3.2 million hits this month

  24. Microsoft's Forecast Suffers Fresh Blow, Online Problems Linger on

    Microsoft pressured by pessimistic analysts, profitability online remains a struggle

  25. On Lipstick, Pigs, and Windows

    Problems for Windows Mobile (ridicule of the idea of a Microsoft phone) and continued demise of Windows Vista

  26. Stuffing It Up, Microsoft Edition

    Microsoft sneaks its way into various consortia, events and press via familiar pressure groups and known 'loyals'

  27. Eye on Microsoft: Another Messy Week for Security

    Summary of large-scale, high-impact security issues in Windows

  28. Microsoft Hijacked Yahoo! from the Inside (Updated)

    Microsoft is stepping up to buy Yahoo!, but history must not be neglected

  29. Mono Critique Goes a Long Way Back

    Quick look back at criticism of Mono

  30. Links 30/11/2008: GNU/Linux Consistency; Netbook Summit Coming

    Links for the day

An invade, divide, and conquer Grand Plan

Novell CEO Ron HovsepianHighlight: Novell was the first to acknowledge that Microsoft FUD tactics had substance. Novell then used anti-Linux FUD to market itself. Learn more

Xandros founderHighlight: Xandros let Microsoft make patent claims and brag about (paid-for) OOXML support. Learn more

Linspire CEO Kevin CarmonyHighlight: Linspire's CEO not only fell into Microsoft arms, but he also assisted the company's attack on GNU/Linux. Learn more

Hand with moneyHighlight: Microsoft craves pseudo (proprietary) standards and gets its way using proxies and influence which it buys. Learn more

Eric RaymondHighlight: The invasion into the open source world is intended to leave Linux companies neglected, due to financial incentives from Microsoft. Learn more

XenSource CEOAnalysis: Xen, an open source hypervisor, possibly fell victim to Microsoft's aggressive (and stealthy) acquisition-by-proxy strategy. Learn more

More analysis >>

Recent Posts