07.01.09
Posted in GNU/Linux, Microsoft, Security, UNIX, Windows at 2:14 am by Roy Schestowitz
Summary: Janet Napolitano from Microsoft speaks on behalf of the DHS about the effect of Windows zombies
A couple of weeks ago we warned about the possibility that the US security czar will be a Microsoft employee. This is alarming because the new DHS secretary is a Microsoft employee (correction: that would be Phil Reitinger entering the DHS, coming from Microsoft) who has just changed jobs [1, 2]. This was enabled under pressure from the BSA, a Microsoft front. Essentially, they installed more of Microsoft DNA inside the government.
Well, this Microsoft employee the secretary is now speaking on behalf of the DHS where she warns about “cyber threat”, probably Windows botnets.
The issue of cyber security is of “great concern” to the US, the nation’s homeland security secretary has said.
Janet Napolitano told the BBC that protecting against virtual attacks was something the US was “moving forward on with great alacrity”.
“Virtual attacks” must refer to DDOS. So, she must be aware of the simple observation that hundreds of millions of Windows PCs out there are zombies. Will she recommend migrating to the more seucre UNIX/Linux? That would be a betrayal of her Reitinger’s colleagues at Microsoft. And either way, this would not block botnets in other countries. They can still hammer on any target at the behest of the botmaster.
Last week we wrote about Windows zombies costing the economy hundreds of billions per year, accroding to estimates of the cost of SPAM alone. This is the product of Windows botnets. Glyn Moody uses some of the available figures to write about “the huge cost of Microsoft software” (to its surroundings, collectively).
Yesterday I wrote about a report from ACT that brought up the issue of TCO for free software.
As I pointed out there, it’s old news that free software has costs; but what is more interesting is the fact that fans of the proprietary world always fail to point out the huge hidden costs of using poorly-written closed-source software. Here’s a great demonstration of my point:
The `Conficker worm’ caused chaos when it hit Manchester town hall in February. Now we can reveal the bug cost the council more than £43,000 in `lost’ bus lane fines.
The computer problems meant 1,609 tickets could not be issued within the 28-day legal limit - rendering them useless.
In total, the Conficker worm cost taxpayers in Manchester nearly £1.5m, the M.E.N has learned.
A £1.2m bill in the IT department, including £600,000 getting ‘consultancy support’ to fix the problems, which including drafting in experts from Microsoft;
£178,000 in extra staffing costs across the town hall – including £169,000 going to clear up a backlog of benefits claims and council tax bills;
Compensation payments due to delays in processing benefit claims.
A few things to note here.
Watch how this article gets flooded by “perception management” [1, 2] in the comments. █
VN:F [1.1.7_509]
Rating: 7.9/10 (13 votes cast)
Permalink
Send this to a friend
06.27.09
Posted in Finance, Mail, Microsoft, Security, Windows at 2:42 am by Roy Schestowitz
“Our products just aren’t engineered for security.”
–Brian Valentine, Microsoft executive
Summary: The cost of Windows to the economy is higher than most people realise
THE OLD estimates of 320,000,000 or so zombie PCs on the Web simply mean that Windows botnets are bound to cost a lot of money. They cause great damage and waste hours per week, per person, depending on the person’s occupation. Conficker shows that Windows flaws tend to be seriously severe. Microsoft continues its tradition of ignoring and overriding user settings by installing patches without permission.
SOFTWARE GIANT Microsoft has been installing updates against the wishes of users who have set up their computers to stop them deploying patches without permission.
This is done for security reasons, but it does raise serious questions. Microsoft essentially owns one’s PC once Windows is installed on it. Not even user settings are obeyed. Regardless of this practice which has gone on for years, the Windows botnets problem remains unresolved and everyone pays the price. Here are some new figures about the cost of SPAM alone (there are many other costs).
And just in time. According to Ferris Research, a San Francisco and London-based e-mail and groupware analysis firm, “spam will cost $140 billion worldwide in 2008, of which $42 billion will be in the United States alone.”
[...]
That’s largely because spam hasn’t been bound to the U.S. in years. Instead, spam comes from botnets. These are made up of anywhere from dozens to tens of thousands of malware infected Windows PCs that their controllers use to spread spam around the world.
Will Microsoft pay the bills to compensate for this? One of my Web sites, for example, goes beyond the allowed traffic because well over 90% of the traffic there is devoured by Windows zombies. It has gone on for months and it is costing a lot of money, not just time.
Those who are responsible for this chaos whine about it too. Gates describes it as “irritating”. █
“Like almost everyone who uses e-mail, I receive a ton of spam every day. Much of it offers to help me get out of debt or get rich quick. It would be funny if it weren’t so irritating.”
–Bill Gates
VN:F [1.1.7_509]
Rating: 8.5/10 (6 votes cast)
Permalink
Send this to a friend
06.25.09
Posted in Bill Gates, Java, Microsoft, Security, Windows at 2:56 pm by Roy Schestowitz
Summary: To Bill Gates, “security” is means of advancing Windows and they “need to make this an explicit goal of [their] security strategy”
THE following exhibit, Exhibit px06105 (1997) [PDF], is a real ’smoking gun’. People often complain about how TPM [1, 2], DRM and the likes of these technologies stifle interoperability and leave some platforms out in the cold.
This may be no accidental side-effect but an actual strategy that comes from the very top of a convicted monopolist. Today’s exhibit very clearly shows what subject Bill Gates has chosen to bring up. The phrase “Security as a lock in” is right there in the subject line:
From: Bill Gates
Sent: Wednesday, July 23, 1997 2:53 PM
To: Nathan Myhrvold
Cc: Paul Maritz
Subject: Security as a lock in
I believe as we evolve our security capabilities there must be some way to set this up so that our operating systems have shared secrets with each other that make them work better with each other than with other operating systems - whether it’s JAVAOS layered on top of us or clones or anything else.
I think we need to make this an explicit goal of our security strategy.
Remember Bill Gates' early writings on DRM. It may be the genesis (at least in part) of that whole mess. The memo above gets a nod from Nathan Myhrvold, currently the company's patent troll. Yasov Yacobi passes it to Paul Maritz, who passes it to Jim Allchin. There is no objection to this objectionable suggestion from Bill Gates. It is anti-competitive.
Take-home message: Bill Gates views “security” as a modality for “lock-in”. █
Appendix: Comes vs. Microsoft - exhibit px06105, as text
Read the rest of this entry »
VN:F [1.1.7_509]
Rating: 8.7/10 (7 votes cast)
Permalink
Send this to a friend
06.21.09
Posted in Asia, Interoperability, Microsoft, Novell, Patents, SLES/SLED, Security, Servers, Windows at 5:58 am by Roy Schestowitz
Summary: Novell and Microsoft a matter of national security, but whose?
THERE is an old slur about GNU/Linux being the operating system for “terrorists” (or something along those lines). Why does Microsoft get a free ride?
According to The Register, SLES 10 and Windows power some of Iran’s nuclear programs.
That second generation box, which has 16 dual-core and another 16 quad-core Opteron processors from Advanced Micro Devices, 98 GB of total memory, and 182 gigaflops of aggregate computing power, runs Novell’s SUSE Linux Enterprise Server 10 as well as Microsoft’s Windows Server 2003 Enterprise Edition.
[...]
While ComputerWorld and Iran Watch, a group dedicated to the non-proliferation of nuclear weapons technology to Iran, made much of the AMD iron and didn’t say anything about the Novell and Microsoft software, the real worry is what application software Iran is able to get its hands on to do finite element analysis and fluid mechanics in the design of the rockets.
To use some sarcasm, did Iran buy its SLES coupons from Microsoft? For software patents, obviously? Novell and Microsoft could probably issue a press release to rave about this deployment and quote the army regarding the “interoperability” advantage or "peace of mind" they receive from these coupons. Now, if only they could be sold “peace”, too.
In other security news, Microsoft’s friend Finjan [1, 2, 3, 4, 5, 6, 7] is warning (again) about Windows botnets. From Heise:
Security services provider Finjan has released a report from its Malicious Code Research Center analysing a trading platform for botnets. According to the report, the underground trade in infected computers offers a comprehensive menu of botnets at locations all around the world. Some Far Eastern networks can be had for a mere $5 a thousand PCs.
Watch the role and effect of Windows malware in this process. From the BBC (days ago):
“This emerging threat is becoming very real and is already affecting millions and millions of websites. 30,000 web pages are affected every day according to the likes of Microsoft and the security firm Sophos,” said Mr Daswani who was a senior security engineer at Google.
Ask the FBI about Windows security [1, 2]. █
VN:F [1.1.7_509]
Rating: 6.4/10 (15 votes cast)
Permalink
Send this to a friend
Posted in Mail, Marketing, NetWare, Novell, Security, Servers, Virtualization at 1:35 am by Roy Schestowitz
Summary: The remainder of the news about Novell
Read the rest of this entry »
VN:F [1.1.7_509]
Rating: 8.5/10 (6 votes cast)
Permalink
Send this to a friend
06.19.09
Posted in BSD, Deception, FOSS, Mail, Microsoft, Security, Windows at 5:26 am by Roy Schestowitz
Summary: An interesting real-world example of Microsoft’s influence on the press
Microsoft’s use of Free software is a subject that we covered many times before, e.g. in [1, 2, 3, 4]. Hotmail, for example, was running BSD long after Microsoft had acquired it, but how far did a dishonest Microsoft go to deny it? Well, Slated has picked up some old links which nicely fit and explain a newer incident.
The first link he picked is this one where Microsoft admits being a BSD user.
Despite the company’s bitter campaign against open source software, Microsoft continues to use FreeBSD to power important functions of its Hotmail free e-mail service. Much to the chagrin of the folks at Redmond, FreeBSD and Apache continued to run Hotmail for several years after it was purchased in 1997. Microsoft publicly claimed to have removed all traces of FreeBSD last summer, and even published a case study documenting its experiences. Microsoft told BetaNews that solutions such as FreeBSD are in use throughout its IT infrastructure. A spokesperson also clarified the the software giant’s position on OSS technologies, and views on GPL licensing.
Microsoft maintains however, that it is migrating to its own proprietary software and any delays are meant to ensure a positive experience for its customers.
Contrary to recent claims, the popular Hotmail service does not run entirely on the Windows 2000 platform. First reported by the Wall Street Journal, FreeBSD developer Trevor Johnson determined that Microsoft was still using the open source operating system for DNS hosting and also for tracking advertisements. It has also been reported that FreeBSD software components are utilized in Microsoft products, such as Windows 2000. BSD’s TCP/IP stack, a vital communication protocol, is rumored to have been used in several Windows operating systems, enabling users to connect to the Internet.
Slated does not stop there. “The original WSJ article,” he points out, “has mysteriously disappeared, but fragments remain elsewhere.”
Wall St. Journal: Microsoft Uses Open-Source Code Despite Denying Use of Such Software
Lee Gomes, the reporter who wrote the friendly (and curiously MSNBC-edited) piece last week about “Microsoft’s Uphill Battle Against Linux” is back this week with an amplification on Microsoft’s use of open source software:
“Microsoft Corp., even while mounting a new campaign against open-source software, has quietly been using such free computer code in several major products, as well as on key portions of a popular Web site — despite denying last week that it did so.
Software connected with the FreeBSD open-source operating system is used in several places deep inside several versions of Microsoft’s Windows software, such as in the “TCP/IP” section that arranges all connections to the Internet. The company also uses FreeBSD on numerous “server” computers that manage major functions at its Hotmail free e-mail service, whose registered users exceed 100 million and make it one of the Web’s busiest sites.
Microsoft acknowledged its repeated use of open-source code Friday, in response to questions about the matter. Just two days earlier, it had specifically denied the existence of any such software at Hotmail.”
Also from LinuxToday (as per yesterday):
Why is the NY Times so Dumb About Linux and Windows?
The New York Times seems hard-wired to rarely identify any Windows malware as Windows malware, but rather as “computer malware.” They seem to share this illness with other people too, such as researchers and professors. Can it be that all these educated people who make their livings knowing things and uncovering new knowledge really don’t know that there are other computer operating systems besides Microsoft Windows?
Their latest failure at making this distinction is China Orders Patches to Planned Web Filter, and they also missed the real story: since this censoring software is required to be installed on all computers sold in China, does that mean that Mac, Linux, and Unix computers are banned? Because it’s a Windows program.
Microsoft and the New York Times are very close. Steve Ballmer publishes articles in there sometimes. A year ago we wrote about the New York Times promoting Silverlight and this was hardly surprising given the strong relationship between those two. Just months ago there was a rumour that Microsoft would buy the debt-saddled New York Times.
So, what Carla points out above is that the New York Times, which enjoys a wide daily distribution, consistently defends Microsoft through omission of critical details. The BBC too perpetuates the belief that computers and Windows are synonymous. We previously explained why the BBC and NBC cannot ever be trusted on Microsoft and Novell matters and returning to Slated’s links, he also shows that “The MSNBC even tried to censor the story [about Hotmail running on Free software].”
MSNBC has been caught doctoring copy originating from the Wall Street Journal to make it more favourable to the news channel’s co-owner Microsoft. The changes introduced by MSNBC also had the effect of removing references to Microsoft competitors.
Amongst many fairly harmless edits, designed to improve readability, were some more ominous changes.
The original WSJ report gave a harsh analysis of Microsoft’ offensive against open source software and the GNU General Public License, initiated six weeks ago by Craig Mundie. The WSJ cited Microsoft’s own dependence on open source software, and cited lawyers who were critical of its interpretation of the General Public License.
“Microsoft said that since last summer, Hotmail has been running on both Windows 2000 and the Solaris operating system from Sun Microsystems Inc.,” noted the original copy from the WSJ.
MSNBC amended this to:-
“Microsoft said Hotmail has been running on Windows since last summer.”
By Friday, the original version of the story that appeared in the WSJ had been restored to MSNBC.
“Here’s the best rebuttal I could find,” writes Slated, “although the author still does not actually deny that Microsoft benefited from “freeloading” the BSD code.”
I worked at Microsoft for ten years, most of it on the core Windows NT/2000 (hereafter referred to as NT) networking code. As such I briefly dealt with the Hotmail team, mostly to hear them complain about the lameness of the telnet daemon in NT (a valid point). I do know that when Microsoft bought Hotmail, the email system was entirely running on FreeBSD, and Microsoft immediately set about trying to migrate it to NT, and it took many years to do so. Now it seems that the transition is not complete. Well, what are you gonna do.
[...]
Now, some of Spider’s code (possibly all of it) was based on the TCP/IP stack in the BSD flavors of Unix. These are open source, but distributed under the BSD license, not the GPL that Linux is released under. Whereas the GPL states that any software derived from GPL’ed software must also be released under the GPL, the BSD license basically says, “here’s the source, you can do whatever you want, just give credit to the original author.”
Eventually the new, from scratch TCP/IP stack was done and shipped with NT 3.5 (the second version, despite the number) in late 1994. The same stack was also included with Windows 95.
However, it looks like some of those Unix utilities were never rewritten. If you look at the executables, you can still see the copyright notice from the regents of the University of California (BSD is short for Berkeley Software Distrubution, Berkeley being a branch of the University of California, for some reason referred to as “Berkeley” on the East Coast and “California” on the West Coast…and “Berkeley” is one of those words that starts to look real funny if you stare at it too long - but I digress).
Keep in mind there is no reason to rewrite that code. If your ftp client works fine (no comments from the peanut gallery!) then why change it? Microsoft has other fish to fry. And the software was licensed perfectly legally, since the inclusion of the copyright notice satisfied the BSD license.
To conclude, Slated writes:
Did Microsoft satisfy the BSD license?
Yes.
Are they “freetards”, according to [some] definition?
Yes.
Microsoft and their anti-Freedom supporters are a bunch of hypocrites. Or, to use the words of the above author, it’s “like the event horizon calling the kettle black”.
So when can we expect Microsoft (or even Spider Systems Ltd.) to compensate The Regents of the University of California for “all their hard work”?
It sure changes one’s perspective. █
VN:F [1.1.7_509]
Rating: 8.8/10 (15 votes cast)
Permalink
Send this to a friend
06.15.09
Posted in Finance, Microsoft, Security, Windows at 9:56 am by Roy Schestowitz
Summary: Financially-driven and favours-motivated government unable to make reasonable decisions that are defensible
SOME MONTHS after Bill Gates had advised Obama (good cop) Steve Ballmer decided to blackmail him (bad cop). Microsoft’s influence on the new government is no secret and it shows in every way. Microsoft lobbyists fund this new government and so do William Gates (Bill Senior), Bill Gates, Melinda Gates, Steve Ballmer, and his wife Connie, who used to work for Waggener Edstrom, Microsoft's current PR Department. For people who think that Microsoft families are distant from Obama, think again and witness the evidence.
More recently we saw the BSA lobbying the government to put industry in charge of national security, so its no surprising that a Microsoft person was almost immediately put at the top of the Department of Homeland Security (DHS) [1, 2]. The government soon recruited Microsoft’s Mundie (who hates Free(dom) software) to assist with technology policy. According to new reports, President Barack Obama may make Microsoft’s security person a cybersecurity czar. This is not a joke. Yes, Microsoft and security.
Ex-government cyber official, exec mulled for czar job
[...]
Microsoft’s security chief and a veteran of Clinton’s and Bush’s national security teams are leading candidates for cybersecurity czar, a job that needs White House access and clout to protect networks that underpin the U.S. economy.
President Barack Obama promised last month that he would personally decide who would lead the fight against an epidemic of cybercrime and organize a response to any major cyber attack.
[...]
A leading candidate for the post is Scott Charney, head of Microsoft’s cybersecurity division, who has said he won’t take the job, according to a source who had direct knowledge of the matter but was not authorized to discuss it. The source said, however, that Charney would change his mind if pressed.
There is more information here:
Two leading candidates have emerged for this job. The first is Scott Charney, head of Microsoft’s cybersecurity division.
Coming from the company which says that “[O]ur products just aren’t engineered for security,” this is black comedy.
One of our readers says: “It’s a bad joke to even consider putting an alleged cyber racketeer in charge of national security. There’s conflict of interest and he’s not qualified.
“Notice that from a business perspective, MS executives have been in constant trouble with both foreign and domestic courts for both unethical and illegal practices. These range from predatory marketing, contract violations, false advertising and They maintained that long-established reputation through lots of hard work and many decisions that could have easily gone the right direction instead. These are crooks.
“On qualifications, just look at MS security track record. Microsoft’s own “childish” executives(1) point out that their software is not designed with security in mind(2) and that some (which may very well be *all*) Microsoft code is so in secure that it endangers national security. Ongoing incidents demonstrate(3) that even Microsoft HQ can’t secure its own software from Windows worms. That conclusion is made final in their bid to enter the aftermarket anti- Windows-virus software.
“Security is also making sure that material is available when it’s needed. Microsoft-style write-only backups don’t cut it. So be sure to also look at the unmitigated disaster regarding turnover of the Bush administration’s electronic records.
“Ok, that’s the tip of the ice berg for Windows security. Then there is also a conflict of interest.
“The government post must be able to fight organized crime and it is dubitable whether an individual who has been part of the problem can suddenly, simply because he is “pressured” to do a 180 and start fighting organized crime.
“Law enforcement, including police, are one of several mechanisms to mitigate social or economic damage. Dams, powergrids, hospitals, and so on are protected because of the great social or economic damage that would come from their destruction or disabling. Unfortunately, MS products have been implicated in air traffic outages, suspected in the East Coast power grid failure, and appear responsible now for great numbers of hospital deaths due to Windows worms.
“Law enforcement in many countries is usually pretty good about community outreach and crime prevention. There are even special units that deal with organized crime. An old method has been to turn a blind eye to “lesser” crimes or criminals in return for something else. Traditionally this include the use of finks to rat on their cohorts. This makes a wide, gray area around a Faustian gamble that the returns at the end will justify the means. In some cases, the give-and-take becomes a way of life rather than a means to an end. However, add the clause “…with a computer” to any known crime and law enforcement becomes paralyzed and, at best, reluctant to help.
“It would be a bad position if law enforcement had somehow become beholden to MS, now that Windows botnets are bought, sold, trade, and fought over by other organized crime groups. These Windows worms are responsible for tens of billions of dollars of damage per Worm. With Windows entering hospitals and health care, this ideology means a real body count, just like another ideologically motivated group the Taliban. Deaths and/or major damage usually are indicators that intervention is needed.
“Really, Charney, and his cohorts at MS, should be considered for a special place in the government: Camp X-Ray.” █
(1) US DOJ
(2) “… Microsoft code was so flawed it could not be safely disclosed.”
– eWeek
(3) ‘”Our products just aren’t engineered for security,” admitted Valentine,who since 1998 has headed Microsoft’s Windows division.’
– “Microsoft: “Our products aren’t engineered for security,” ComputerWeekly. (2002)
VN:F [1.1.7_509]
Rating: 10.0/10 (4 votes cast)
Permalink
Send this to a friend
06.13.09
Posted in Microsoft, Security, Windows at 11:09 am by Roy Schestowitz
Summary: MSN Canada the latest to be compromised, Windows botnet tools put up for display
SOME weeks ago we learned that even 'amateur' users like the FBI are unable to dodge Windows viruses. Just a few weeks ago we also saw a Microsoft Web site (MSN New Zealand) falling victim to crackers and it has just happened again, proving that even Microsoft cannot secure its servers. How do they expect others like their clients to succeed?
MSN Canada Website Compromised by Hackers
[...]
Researchers from net security company Websense warn that a particular section of the MSN Canada website has fallen victim to hackers who injected rogue code into a page used for redirection.
In other news, CNET shows that even kids can now create their own Windows botnet.
The abstract concepts of “botnet” and “Trojan” just became a lot more concrete for me.
In less than an hour on Thursday, I was able to use programs readily available on the Internet underground for as little as $300 to infect several Windows clients and take complete control of them in a test environment.
No wonder so many teenagers are wreaking havoc across the Internet (some are too young to be held accountable by national law) and ~320,000,000 computers are estimated to be zombies. Some researchers are rather astounded by the fact that the Web keeps standing at all. But at what cost? Damages are huge. We too are among the victims. █
VN:F [1.1.7_509]
Rating: 8.9/10 (8 votes cast)
Permalink
Send this to a friend
« Previous entries
