EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS
Boycott Novell

01.08.09

The Cost — and Cause — for Security Failure, Data Breaches

Posted in Microsoft, Security, Windows at 11:30 am by Roy Schestowitz

Windows Vista is not a secure operating system and Vista 7 is the same. The ramifications can be very serious and no level of censorship can hide it. According to this report from the Identity Theft Resource Center, the leaking of sensitive data is rising sharply due to inappropriate means of securing it.

More than 35 million data records were breached in 2008 in the U.S., a figure that underscores continuing difficulties in securing information, according to the Identity Theft Resource Center (ITRC).

Each and every one of us pays for the damage, as costs are collective and our data is centralised not only on our personal computers*. Even our medical records can be compromised.

“Each and every one of us pays for the damage, as costs are collective and our data is centralised not only on our personal computers.”What is responsible for this and who is to blame? Well, based on empirical evidence, it’s Microsoft that has failed. It failed not because it’s an impossible task to secure software but because, as the manager of Windows said a few years ago, “our products just aren’t engineered for security.”

Let’s consider GNU/Linux for a second. The platform runs in an environment that’s highly connected; it runs on a very large number of boxes endlessly. In September 2008, said Steve Ballmer: “Forty percent of servers run Windows, 60 percent run Linux…”**

If GNU/Linux was not secure, wouldn’t many of the Web servers out there be compromised? Evidently, they rarely do. Software that’s installed on them with uploaders is a vector of weakness, but that too has not caused much harm.

On the other hand we have Windows, which is once again under a worm attack, according to this new report.

Business systems are being attacked by a worm exploiting a known Microsoft vulnerability, IT security experts have warned.

Sam Varghese, a GNU/Linux user, wrote about “worms, worms, worms” a few days ago. Security troubles under Windows have more of his computers migrated to GNU/Linux right now.

It would have been good to have some equivalent of Delilah on Windows to negate the role of this browser, but, sadly there is none. There are some third-party applications like XPlite , developed by Australian Shane Brooks, which do remove most of IE but then which browser do you use to update Windows? Only IE supports ActiveX.

You can, of course, move from XP to Vista where the updates are done through the control panel but that would be the equivalent of offering a man a choice between arsenic and cyanide for breakfast.

Sam mentions ActiveX, which was probably designed and implemented for anti-competitive reasons (making Web sites operating system-dependent), despite it’s obvious dangers. As Bill Gates put it on numerous occasions, they needed to leverage standards-hostile extensions. In this one E-mail [PDF] he wrote: “Another suggestion In this mail was that we can’t make our own unilateral extensions to HTML I was going to say this was wrong and correct this also.”

Where do Windows users end up because of this? Well, merely visiting a Web site can be dangerous because it gives the site great control over the entire operating system (access to local files even). At the moment, there are reports about Windows-only features in LinkedInmalicious ‘features’

[T]he sort of social media trouble quotient appears to have risen a bit as fake LinkedIn profiles are trying to send users towards malware.

We all reap what they sow.

“In one piece of mail people were suggesting that Office had to work equally well with all browsers and that we shouldn’t force Office users to use our browser. This Is wrong and I wanted to correct this.”

Bill Gates [PDF]

XHTML
Hostility towards (X)HTML came from the top

___
* Where else are they centralised? Well, a lot of people don’t know where or how their medical records are kept or how susceptible those records might be to data theft. Are medical records kept only on private networks? or are they reachable by the outside world (Chinese or Russian crackers, for example). Ordinary people pay more attention once they realise exactly how this situation can cause them harm in a very personal way.

** This is an important point, and it should probably be made even stronger. If GNU/Linux was not more secure, wouldn’t its 60 percent of the Web servers be compromised at least as often as Windows 40 percent? Yet evidence shows that they rarely are.

VN:F [1.1.7_509]
Rating: 0.0/10 (0 votes cast)
Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • StumbleUpon
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Propeller
  • Slashdot
  • Technorati
  • TwitThis
  • Webnews
  • YahooMyWeb

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channel. To use your own IRC client, join channel #boycottnovell in FreeNode.

Pages that cross-reference this one

Listed from October 23rd 2007 onwards, pingbacks and trackbacks (external) are omitted

5 Comments

  1. Needs Sunlight said,

    January 9, 2009 at 5:43 am

    Gravatar

    MS Windows allows many options for data to be compromised not just illegal access. Data corruption or loss is a big risk. Sheeple have been so browbeat into accepting the crashes and down time that they don’t notice or admit to noticing, however, if that down time comes at a time-critical moment when medicals staff need to access your record, that’s not good either.

    Since the new, incoming US administration will be looking at economic initiatives, it will be of great value to get rid of M$ products. That’s just treating the symptom and not curing the problem. What also needs to happen is that the MSFT boosters who have operated as if part of a larger organized crime ring need to be called to task. Damages need to be recouped, dues to society need to be paid, and places where the cannot make further harm need to be found.

    VA:F [1.1.7_509]
    Rating: 0.0/5 (0 votes cast)

  2. David Gerard said,

    January 9, 2009 at 1:09 pm

    Gravatar

    When we have MS software taken out and shot, can we shoot MySQL as well? Bl*sted piece of crap … why couldn’t Postgres have become popular. Gah.

    VA:F [1.1.7_509]
    Rating: 0.0/5 (0 votes cast)

  3. AlexH said,

    January 9, 2009 at 1:10 pm

    Gravatar

    @David: because of PHP ;)

    VA:F [1.1.7_509]
    Rating: 0.0/5 (0 votes cast)

  4. Roy Schestowitz said,

    January 9, 2009 at 1:29 pm

    Gravatar

    MySQL is all right.

    VN:F [1.1.7_509]
    Rating: 0.0/5 (0 votes cast)

  5. David Gerard said,

    January 9, 2009 at 3:55 pm

    Gravatar

    It’s “all right” for Windows 2000 values of “all right.” It’s a bloody pain to administer for a living. It’s also popular.

    VA:F [1.1.7_509]
    Rating: 0.0/5 (0 votes cast)

What Else is New

  1. IRC: #boycottnovell @ FreeNode: July 1st, 2009

    IRC Log for July 1st, 2009

  2. Report: Microsoft's Patent Racketeering Comes from Myhrvold

    Microsoft extorts $120 Million out of rival Intuit, using the patent troll it is grooming

  3. Poll: 62% Don't Trust Microsoft on Mono

    A lot of news about Mono with special emphasis on key developments

  4. Proprietary Software Falters

    Microsoft demonstrates that non-Free software is simply incapable of handling mission-critical tasks like GNU/Linux does (in Wall Street for example)

  5. Web Browser Links

    Mostly links about IE8

  6. Confirmed: Windows Vista Still Rejected by Customers

    Beyond the hype there is a rather colossal failure that the press actually reports on

  7. Links 01/07/2009: New Sabayon, New IBM Compiler, Virtualbox 3.0

    Links for the day

  8. Government of Portugal Ignores Procurement Rules and Gives Taxpayers' Money to Microsoft

    Another classic case of illegitimate use of money without public tender

  9. MSCOSCONF 'Winner' is a Marketing Guy, Attacks FOSS

    Microsoft is giving awards to marketing people who help its fight against GNU/Linux (and Free software in general)

  10. Rob Weir Complains About Microsoft's Manipulation of Wikipedia

    Microsoft carries on smearing ODF in public while pretending to support it

  11. Who Promotes Mono? Microsoft and Novell

    New signs lead back to Microsoft (not just Novell)

  12. Microsoft Kills Channel 8 and Channel 10

    Axing embellished as "folding", more on "perception management"

  13. Microsoft-dominated DHS Concerned About Windows Zombies (Corrected)

    Janet Napolitano from Microsoft speaks on behalf of the DHS about the effect of Windows zombies

  14. IRC: #boycottnovell @ FreeNode: June 30th, 2009

    IRC Log for June 30th, 2009

  15. More People Say “No” to Mono, Including the Software Freedom Law Center (SFLC)

    More opposition to Mono surfaces, detailed explanations offered

  16. Another Microsoft Vice President Jumps Ship, Employee Benefits Take a Dive

    At this pace of abandonment, who will be left to lead?

  17. Another Microsoft Product Dies: MSN Web Messenger

    Microsoft hangs the Messenger

  18. Microsoft Exploits Death to Advertise Its Products

    Microsoft uses Michael Jackson's tragic death to advertise itself

  19. Links 30/06/2009: KDE 4.3 Video, SourceForge Hits 4 Billion Downloads

    Links for the day

  20. In Praise of Mozilla Firefox 3.5



  21. Computer Shops Participate in Vista 7 “Scam”

    Microsoft claims a "discount" which is not

  22. Microsoft's Dublin DC Could be Indicative of the Notorious Tax Evasion Conspiracy

    Ireland receives another favour for offering a tax haven to Microsoft?

  23. Microsoft's Latest Benchmark Fraud

    Microsoft's advertising is still a scam and should be dealt with appropriately

  24. Microsoft to Cut Another 2,000+ Jobs

    Microsoft carries on shrinking while it's borrowing money

  25. IRC: #boycottnovell @ FreeNode: June 29th, 2009

    IRC Log for June 29th, 2009

  26. New Examples of Questionable Press Coverage

    Assorted brow-raising items in the news

  27. Mono Proponents Do Not Address the Real Questions

    Supporters of Mono answer questions that are not even asked -- a pattern which requires simple clarification

  28. Microsoft's ODF Lunch Paid Off

    ODF news which is more or less organised and some other picks from the news

  29. Links 29/06/2009: Core Linux 2.1 Released; FreeDOS is Now 15

    Links for the day

  30. GNOME's Evolution Proceeds as Planned?

    The prophecy of Novell's Miguel de Icaza is becoming true

An invade, divide, and conquer Grand Plan

Novell CEO Ron HovsepianHighlight: Novell was the first to acknowledge that Microsoft FUD tactics had substance. Novell then used anti-Linux FUD to market itself. Learn more

Xandros founderHighlight: Xandros let Microsoft make patent claims and brag about (paid-for) OOXML support. Learn more

Linspire CEO Kevin CarmonyHighlight: Linspire's CEO not only fell into Microsoft arms, but he also assisted the company's attack on GNU/Linux. Learn more

Hand with moneyHighlight: Microsoft craves pseudo (proprietary) standards and gets its way using proxies and influence which it buys. Learn more

Eric RaymondHighlight: The invasion into the open source world is intended to leave Linux companies neglected, due to financial incentives from Microsoft. Learn more

XenSource CEOAnalysis: Xen, an open source hypervisor, possibly fell victim to Microsoft's aggressive (and stealthy) acquisition-by-proxy strategy. Learn more

More analysis >>

Recent Posts