How lies can lead to deaths

Jeff Jones Output Needs to be Embargoed

LIES AND LIES AND LIES just carry on coming from Microsoft's Jeff Jones. While deleting legitimate comments that he does not like (including mine) from his blog, he's pushing -- on behalf of his employer -- bogus statistics that they deliberately 'massage' in order to daemonise Firefox and glorify Internet Explorer (with ActiveX and other competition- and security-hostile add-ons). Way to go, censorship!

Despite Microsoft's great control in the Washington Post (also mentioned in relation to the Abramoff fiasco), one of its writers is challenging these lies from Microsoft and Jeff Jones.

In analysis published on his Technet Security Blog and at cio.com, Jeff picked apart research I conducted in 2007, which found that Microsoft's Internet Explorer browser was unsafe for 284 days in 2006.

According to Jones's analysis, Firefox users were instead more "at risk" than their IE counterparts in 2006 -- albeit just by a single day -- 285 days in 2006, he concludes.

What Jones neglected to mention was that in my analysis I only examined the longevity of unpatched browser vulnerabilities that by each company's definition earned the most dangerous security ratings.

In addition to being a Big Lie, these fake numbers conveniently tend to confuse "Firefox" with "Firefox on Windows". Many of the flaws are inherent in the platform, not the Web browser alone.

"In one piece of mail people were suggesting that Office had to work equally well with all browsers and that we shouldn’t force Office users to use our browser. This Is wrong and I wanted to correct this. [...] Another suggestion In this mail was that we can’t make our own unilateral extensions to HTML I was going to say this was wrong and correct this also."

--Bill Gates [PDF]

Spyware-Soft?

Internet Explorer suffers from other deficiencies, general characteristics or problems that are user hostile. Internet Explorer 7 was already spying (eavesdropping) on people's surfing habits by default and since it is installed and cannot be removed from Windows, it makes Windows nothing less than spyware, by the very conservative definition of the word. According to this report from The Register, Internet Explorer 8 makes it even worse. It compares what Microsoft is doing to deep packet inspection, which was implicitly ruled illegal by the EU Commission.

Privacy activists are crying foul over the "Suggested Sites" feature in IE8, but Microsoft insists concerns about the feature, such that it might be used to serve up targeted advertising or that it poses a security risk, are misplaced.

Speaking of Phorm, which was mentioned only among our daily links on occasions [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17], there is something truly bizarre about the British Government's attitude towards Web surveillance (for purely commercial reasons). This is disturbing on so many levels and The Register has the following new article about it:

Digital Britain: A tax, a quango and ISP snooping

Did anyone expect more from Stephen Carter CBE? The former Ofcom boss and No.10 strategy chief (sic) has spent his career moving between the world of advertising and public relations, quangos and party. So it's no surprise that the "vision thing" involves a tax, a quango and a burden by private parties to snoop on the public. It's an administrator's answer.

This might explain why the British government is so deep in the pockets of Microsoft, as we have shown time and time again [1, 2]. They think alike.

Government and Microsoft in Bed

The Opera complaint is taking its toll, but it has no effect in the country where Microsoft operates from. People like Richard Stallman treat the US Department of Justice like it's a joke (RMS puts scare quotes around "Justice") and they have many valid reasons to [1, 2, 3, 4, 5]. In fact, it has become rather conventional to say that the USDOJ is simply riddled with corruption, much like the FTC and even like the FCC. It is therefore not surprising that, according to this report from Dow Jones, the USDOJ is not willing to properly intervene, despite all the pressure that constantly arrives from the EU. Why can't a national authority take appropriate action against reckless/rogue companies within its own borders but instead rely on justice that's enforced or restored from overseas?

Federal and state antitrust regulators involved in a long-running settlement with Microsoft Corp. (MSFT) told a federal judge Wednesday that they could not yet say if they will ask for court oversight of the software giant to extend beyond this year.

Microsoft, meanwhile, assured U.S. District Court Judge Colleen Kollar-Kotelly in Washington, D.C., that none of its recent announced layoffs will reduce the number of employees working to satisfy the company's antitrust obligations.

This whole case has been a farce [1, 2, 3] for many years and there's new hope that the European Commission can resist and overcome pressure from talking points/Microsoft pressure groups.

A bad soap opera?

[...]

A trial against Microsoft on any particular point of its monopoly (and for that matter, on any corporation perverting the market because of its illegitimate monopolistic position) essentially conveys the message that regardless of the possible sanction against the company, its wrongdoings are not morally tolerable anymore. Were it only because of this last point, I still do find that that legal actions are sometimes justified.

Obama Fights Windows

Well, not the president but the worm. Yes, how privileged he must feel to already have a worm named after him.

The worm spreads via USB drive, using the Windows autorun feature to install itself automatically on any drive it connects with. Unlike most of today's profit-driven malware, the Obama worm doesn't steal your credit card number or turn your PC into a remote-controlled zombie system. In fact, it isn't designed to do anything besides float a small picture of Obama at the bottom right corner of your desktop all day every Monday.

Will there be shunning of Windows? Not likely [1, 2, 3]. It might not even matter that entire nations are under attack by Windows zombies, as we noted yesterday. Today we find another new artifact of Windows botnets: extortion.

The botnet-powered assault was accompanied by blackmail demands posted on the site's forum through compromised zombie machines. These threatening messages claimed the site was been carpetbombed with spurious traffic generated through a 9,000 strong botnet of compromised machines.

And herein we close a loop. As long as people like Jeff Jones are permitted to lie in public, they are simply allowed to spread the illusion that Windows is not more vulnerable than counterparts, so Windows botnets weighing hundreds of millions of computers carry on wreaking havoc without legislation that bars them from the Internet. That's why the Internet becomes dangerous, its infrastructure unreliable, E-mails a SPAM-filled mess, and people die too.

It all begins with a Big Lie. That's an issue that must be addressed because Microsoft is knowingly contradicting itself. ⬆

"Our products just aren't engineered for security."

--Brian Valentine, Microsoft executive