12.23.09

Gemini version available ♊︎

Government Shoots Itself in the Foot by Letting Microsoft Control Insecurity Departments

Posted in GNU/Linux, Microsoft, Security, UNIX, Windows at 6:06 am by Dr. Roy Schestowitz

Rooster

Summary: President Obama puts a fox in change of the hen house with yet another appointment of Microsoft for security; Microsoft helps malware writers

THE United States government is not engineered for security because it hires "security" people from the very same company that causes a lot of the problems. The DHS is already affected and Obama pondered making Scott Charney, head of Microsoft’s cybersecurity division, the US cybersecurity czar. Eventually he picked another person from Microsoft for this job (also in [1, 2, 3, 4]):

The White House is naming a former Microsoft and eBay executive as the government’s new cyber security coordinator. Former Bush administration official Howard Schmidt will lead the effort to shore up the country’s computer networks.

More here:

Obama names former Microsoft exec new U.S. cybersecurity czar

President Obama this morning named a new U.S. cybersecurity coordinator: Howard Schmidt, a longtime computer security specialist who has worked as an executive for companies including Microsoft and eBay, and as a security adviser to the administration of George W. Bush.

How shameful. We have already explained why this is a mistake and when poor decisions are made in the future it may be possible to blame them on bias. One reader of ours wrote in relation to this news: “If they already have the technical knowledge, then why haven’t they made a computer that can’t be compromised to be used in botnets, merely by clicking on a URL or opening an e-mail attachment?

Also in yesterday’s news we now find:

Microsoft AV advice may aid attackers, researcher warns

A security researcher is taking Microsoft to task for advising customers to exclude certain files and folders from anti-virus scanning, arguing the practice could be exploited by pushers of malware.

Microsoft shows malware writers where to hide

In a document published on its support site, Microsoft suggests that users do not need to scan some files and folders for malware as a way to improve performance in Windows 2000, XP, Vista, Windows 7, Server 2003, Server 2008 and Server 2008 R2. “These files are not at risk of infection. If you scan these files, serious performance problems may occur because of file locking,” the Vole said.

Microsoft accused of helping virus writers [via]

Security firm Trend Micro has accused Microsoft of giving malware writers a helping hand by advising users not to scan certain files on their PC.

In an article published on Microsoft’s Support site the company claims it’s safe to exclude certain file types from virus scans because “they are not at risk of infection”. Microsoft claims ignoring these files will help improve scanning performance and avoid unnecessary conflicts.

Yes, Microsoft does not seem to have a clue about security.

Microsoft’s influence in the United States government is increasing and this is becoming a matter of national security. They spread that so-called “Microsoft religion” to areas that are mostly UNIX- and Linux-based. They ignore many decades of good practices.

“It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks. Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere.”

Jim Allchin, Microsoft

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

2 Comments

  1. Needs Sunlight said,

    December 23, 2009 at 9:26 am

    Gravatar

    The US government is shooting more than its foot in this mistake. Schmidt, for his role as an insecurity specialist, and for his ongoing role in spreading Microsoft malware throughout the US economy should be sitting in jail awaiting arraignment. Or if the scope of and forethought behind the damage is taken into the equation, maybe Camp X-Ray is more appropriate.

  2. Yuhong Bao said,

    December 26, 2009 at 4:00 am

    Gravatar

    Well, looks like this is a case where MS advised specific areas to be excluded from scanning, and anytime you exclude areas from scanning from AV software, there always is a risk that viruses may hide in there. So you should always be careful when you do that.
    “If they already have the technical knowledge, then why haven’t they made a computer that can’t be compromised to be used in botnets, merely by clicking on a URL or opening an e-mail attachment?”
    Well, non-admin would help a lot on both Windows and Linux. Admin users can compromise the entire computer, non-Admin users can only compromise only the user account itself.

DecorWhat Else is New


  1. Links 27/11/2022: EasyOS 4.5.2 and Pixel Wheels 0.24.0

    Links for the day



  2. Microsoft is the Problem, Not the Solution

    The media is doing anything it can to suppress discussion about the national or international security crisis caused by Microsoft; instead, some publishers go as far as lionising Microsoft, portraying it as the 'Jesus' of computer security



  3. GNU Emacs Pointing to Microsoft Servers With Microsoft Ads (Spying) and Other Brainwash

    An attempt to study another Gemini client resulted in a disturbing revelation; Unless something went very wrong, it seems like GNU Emacs doesn't exercise caution with users' privacy; it leaks out information to Microsoft in its Web browser mode



  4. Links 26/11/2022: Maui 2.2.1 and Wine 7.22

    Links for the day



  5. IRC Proceedings: Friday, November 25, 2022

    IRC logs for Friday, November 25, 2022



  6. Legislating Against Free Software in the United States and in Europe, Thanks to Lobbying by Microsoft et al

    There’s legislation that would discriminate against Free software, boosted by Microsoft and its creeping interests, which include the so-called ‘Linux’ Foundation (a force of corporate occupation against the GNU/Linux community and its collective interests)



  7. Unitary Patent Lobbying: Stacked UPC Panel With 250 People in Attendance Spun as “3000 Viewers Followed the Conference” (a Lie)

    Bolstering the criminal acts of António Campinos from the EPO is a supportive “conference in Brussels” which was more like staged Unified Patent Court (UPC) propaganda for lobbying purposes; Kangaroo courts are being promoted to legitimise fake European Patents, granted in violation of the European Patent Convention (EPC)



  8. [Meme] Monopolies Presumed Valid

    The EPO is trying to put patent maximalists in charge of a court it wishes to control, in effect dismantling independent auditory functions for the granting of European Patents



  9. “Bringing Teams Together” at the EPO Means Exactly the Opposite

    The European Patent Office’s (EPO) staff is complaining that the EPO's “Bringing Teams Together” or “New Management of Office Space” is basically done without consulting staff and to the detriment of staff, in effect making life miserable for those who can stop or prevent unwarranted monopolies



  10. Links 25/11/2022: Bugfixes in Linux and podlators 5.00

    Links for the day



  11. Links 25/11/2022: Uruk GNU/Linux 3.0 and Ubuntu Touch OTA-24 Released

    Links for the day



  12. Geminispace Can Graduate at 3,000 Capsules Quite Soon (2,900 This Week)

    From less than 500 capsules to 2,900 capsules in 24 months? That's how quickly Gemini is spreading.



  13. [Meme] Kiss the Ring (of the Patent Litigation Mafia)

    Patent litigation giants and their international lobbies/clients are working to create an absurd situation where the courts themselves exist in violation of constitutions, laws, and international conventions (they're also run by corporations)



  14. This Won't End Well for the UPC Lobby (Unitary Patent Profoundly Discredits the Rule of Law)

    Unified Patent Court (UPC) lobbyists may be acting jubilant and triumphant, but they're in effect dancing on the grave of the real legal system they're working to bury, replacing it with something that cannot and will not stand



  15. Taking Communications Private With Mumble (Privacy by Self-Hosting and End-to-End Encryption)

    The prospects of self-hosting for communications have improved greatly; for voice chat, Mumble is definitely worth a look



  16. IRC Proceedings: Thursday, November 24, 2022

    IRC logs for Thursday, November 24, 2022



  17. Links 24/11/2022: AudioTube Improved

    Links for the day



  18. [Meme] Judges That Break the Rules to Get Richer

    The EPO‘s latest controlled ‘judge’ is a proponent of software patents and opponent of proper due process or presumption of innocence; can they fake their way into a Unified Patent Court? It would be a breach of laws, constitutions, and conventions, dismissing any notion that the “legal industry” honours legality while tarnishing the reputation of some key institutions and governments.



  19. Klaus 'Kangaroo' Grabinski Does Not Understand Software Development 'As Such', He is a Symptom of the Patent System's Loss of Legitimacy (Acting to Curtail, Not Advance, Science)

    EPO corruption has become a major threat to the legitimacy of the German government, the German legal system, the European Union, and the European Commission because the Unified Patent Court (UPC) is advancing through the political process without consultation with actual scientists and in defiance of laws, constitutions, and conventions



  20. Links 24/11/2022: Stratis 3.4 and LibreOffice 7.4.3

    Links for the day



  21. Links 24/11/2022: OBS Studio 29.0 Beta

    Links for the day



  22. IRC Proceedings: Wednesday, November 23, 2022

    IRC logs for Wednesday, November 23, 2022



  23. Links 24/11/2022: Redox OS 0.8.0, Mozilla Turns Privacy Into Product

    Links for the day



  24. Links 23/11/2022: Proton 7.0-5 and Cockpit 280

    Links for the day



  25. Links 23/11/2022: Tor Browser 11.5.8

    Links for the day



  26. IRC Proceedings: Tuesday, November 22, 2022

    IRC logs for Tuesday, November 22, 2022



  27. Links 23/11/2022: GNU Parallel 20221122 and Proxmox VE 7.3

    Links for the day



  28. Links 22/11/2022: Alpine Linux 3.17 and Tails 5.7

    Links for the day



  29. Kangaroo Tribunal For Xmas? Santa Klaus Grabinski Breaking the Law, Crushing Constitutions, Violating International Conventions For Personal (Financial) Gain... Again

    Now that António Campinos is doing photo ops with Klaus Grabinski (for lobbying purposes; they both know this kangaroo court is still illegal/verboten) it’s time to remember who Klaus Grabinski really is (patent maximalist) and what a liability this becomes to the German 'justice' system, not just to the EU (this perpetuates the growing and correct perception that the Government of Germany looks the other way while EPO commits crimes on German soil because it's economically beneficial to Germany although the EPO is presented to the public as an office by — and for — nearly 40 members states)



  30. From About 2-3 Blog Posts Per Day to Not Even One Per Day (After Covering Up for 'Good' EPO Under António Campinos)

    While it’s totally debatable whether the problem is IP Kat’s deletion of comments critical of António Campinos (among other such factors after pressure from the EPO) or blogs in general perishing, this blog certainly peaked when it covered EPO scandals (864 blog posts in 2015 and 879 in 2014 — the highest ever in the blog’s almost-20-year history)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts