Introduction About Site Map

RSS 2 Feed RSS 2 Feed

Main Page | Blog Index

Archive for the ‘Security’ Category

Microsoft Watch Censored Polite Comment Highlighting Problems


Joe Wilcox, you should be ashamed of yourself.

Several days ago, I left a comment in his inherited Web site just to say that Microsoft hides some of its Vista weakness by secretly patching vulnerabilities. I even provided two links from very reliable source to support this. One of these sources was the Microsoft Blog at ZDNet. With further confirmations that this is true, I see no reason whatsoever why my comment should be removed. This leads to the suspicion that Microsoft Watch has turned from a professional Web site run by Mary Jo Foley into a Microsoft shilling dumpster. Several months ago, the site dropped its Windows server and had it replaced by Red Hat Linux. This is hypocritical, is it not?

It has become obvious (by admission) that many Microsoft employees visit the Web site and even comment without disclosure. I refuse to participate as much as I used to knowing that a site which once served me well has decided to lift and iron first and decide what is valid information and what is an inconvenient truth.

DRM in the Kernel

Security First, Only Then User Convenience

LockSadly, many people use a convenient argument to defend Windows’ security problems. They would like you to believe that security is failing because of relative market share, not inherent security, which one can attain through proper design. Windows was built to serve users’ convenience while neglecting to account for the subsequent inclusion of an Internet connection. Windows was very desktop centric, as Gates’ snubbing of the Internet has proven over the years. That, and only that, is why Microsoft struggles to rewrite a vast codebase in a quick and secure fashion that leads to mature and well-established libraries.

The following articles demonstrate and explain why Windows is simply insecure by design. Market share plays a relatively minor role in this equation.

Consider more secure platforms, preferably ones that confirm with the POSIX/UNIX model that has matured over many decades. Keep the cr4ck3rZ working much hard(er).


Browser Diversity and Security

Firefox in the dock

There has been a great deal of talk about browser statistics recently. Market share has become a measure of diversity, which ensures that Web developers tailor their site according to standards rather than for one particular application. Security remains at the heart of this debate, but it’s clear that the complexity of this problem is high.

All Web browsers are insecure to some degree, because they all must work with flawed code in the operating systems. There are some indications of progress, such as frequent patches from Microsoft and Mozilla to close security holes. Still, these actions may be too little too late if a zero-day exploit is the attack weapon.

It all comes down to patching speed, then number of flaws, as well as their severity (e.g. privilege escalation can be catastrophic).

Related article from the same day (and same Web site):

    Will Security Worries Dull Ajax’s Cutting Edge?

Software Oligopoly and Impending Transition

Vista error message

I shall continue to argue that Microsoft software (and Windows primarily) is slow and too cumbersome to work with. It discourages high productivity levels. Might this explain why that company from Redmond has produced so little in the past 5 years? Let us discuss.

I am shocked to see a software behemoth with so many employees still struggling to ship products on time. I can recall that rusty O/S called Windows XP, which was released when I was a teenager. It’s amazing that Microsoft has achieved so little in the past half a decade. All it has been able to get is just another ‘Service Pack’, to be ready some time next year. This one has a different name and a new theme, Aero Glass (see above). It also bears a hefty price tag.

Linux users may like to handle complexity, but meanwhile it seems as though their codebase is far more maintainable than that of Microsoft. In case you have not followed some key events, 60% of the codebase of Windows must be rewritten as it’s an utter pain to extend.

Let us take a step further and discuss the issues of security, diversity, and competition. Windows was not built with security or multiple users (network thereof) in mind, so it is merely ‘patched’ to bridge that crucial gap. A one-man election might work with Windows-based Diebold machine. Windows is, after all, a single-user O/S with some ‘hacks’ that make it possible to be used by multiple users in a network that involves more than a single user (e.g. Internet). And it’s worrisome. This has led to cyberstorms and makes the Internet a less pleasant place than ever before. Patches take long to issue because, in a codebase with ‘hacks’, there are just too many dependencies to consider. There is poor modularity. This monolithic approach leads to flakiness and unpredictable behaviours.

Is diversity the answer? Is a staged migration to more mature and reliable platforms the path to secure computing? I have little or no doubt about it. But this will not be easy. It is only natural to assert that Microsoft is doing illegal stuff to stifle its competition. Such a software industry vermin deliberately restricts ‘diversification’. There’s no parity in the industry that outmuscles any competitive threat before it matures to match the behemoth. It strives towards a state of mono/oligopoly and the law offers no barriers as it’s being tweaked by lobbyists.

Competition, you argue? I see none, but luckily people begin to see this and respond accordingly. It’s a false sense of competition when a startup needs and depends on vendor X in order to develop a product to compete with vendor X. That’s what Microsoft does through operating systems, distribution channels, licensing, and programming languages. A stronghold on the market may soon be broken, at least in Europe. The remainder of the world is secretly/quietly migrating to Linux, albeit the scale of this is not being blown out of proportion using advertisements. There is no marketing department in a Free software initiative.

Microsoft Code Contains Bad DNA

Windows XP

A flood of bad news (for Microsoft) has rolled its way onto the headlines. It all happened yesterday, as well as earlier on today. I believe some quotes will speak better than their detailed interpretation.

Worm duo tries to hijack Windows PCs

The pair of worms surfaced over the weekend, several security companies said in alerts. The malicious software tries to hijack the computer for use in a network of commandeered PCs that can be remotely controlled, popularly called a botnet.

It makes one wonder how games are affected. The XBox series shares the same DNA as Windows.

Microsoft warns game developers of security risk

Using malware or software designed to infiltrate a computer system, hackers steal account information for users of MMO games and then sell off virtual gold, weapons and other items for real money.

Windows mobile likewise.

Vulnerability Summary: Windows Mobile Security Software Fails the Test

Since developers are not in a hurry to keep their users information secure… we feel compelled to publish – with exclusivity granted to us by author till August 21, 2006 – an article, that reveals various problems with Windows Mobile software from various software vendors! This article is a “must read” for any serious user of Windows Mobile…

Lastly, a security expert implicitly explains why Windows needs to be rebuilt. Jim Allchin, the main architect of Windows, has already said that 60% of the source code needs to be rewritten! It is no wonder that there was a “development collapse” in September 2005, according to Steve Ballmer. Windows Vista is the product of just 6 months in development (plus testing).

Perspective: Why Internet security continues to fail

Failing to acknowledge or fix an infrastructure plagued with problems raises many doubts about any security product’s ability to function in such a foundation. Placing more complexity on top of existing (and flawed) complexity does not lead to increased protection, but rather, fosters a false sense of increased protection.

That is a lot of trouble to digest in just one day. The implications are SPAM and DDOS attacks, the vast majority of which is spewed from hijacked Windows machines (‘zombie armies’ or ‘botnets’). Sadly, I am among those who are affected by both detriments.

Microsoft Windows is Creating Jobs

  • For malware developers
  • For spammers
  • For extortionate botmasters
  • For spam filter developers
  • For firewall developers
  • For anti-virus developers

All of the above are nasties or software that defends against them. All of them exist and prosper owing to the fact that Windows was never built with security in mind. I can’t help feeling bitter as I am among the sufferers, despite the fact that I touch no Microsoft software. In a matter of just one week, a 30-megabyte mail account got clogged up by SPAM. The amount that comes in is so sheer that I cannot afford to even look at all the subject lines; rather, I go by patterns and highlighting-type filters. It is unbearable as I am skipping some genuine mail.

Windows botnets have brought the Internet to a dark age. Some people question themselevs as to whether conceding the use of E-mail altogether is the better way. And as for collaboration-based, Web 2.0-ish software, I have already been forced to disable much of its function (e.g. registrations, comments, and open Wikis). I also needed to block 2 IP address yesterday, due to continuous abuse involving heavy and continuous spidering of my main site. At least the abusers’ ISP‘s were alert and they quickly took action. These attacks came to their end yesterday. They were not the first though. It is a recurring pattern.

Several years ago I said that SPAM was a problem that did not affect me and I would rather just ignore it. But I am afraid that it is no longer possible. And if Microsoft does not protect its O/S (Vista was already proven to be hijackble) or loses a very significant market share, things will not improve any time soon. They will only get much, much worse.

Junk mail

Retrieval statistics: 21 queries taking a total of 0.193 seconds • Please report low bandwidth using the feedback form
Original styles created by Ian Main (all acknowledgements) • PHP scripts and styles later modified by Roy Schestowitz • Help yourself to a GPL'd copy
|— Proudly powered by W o r d P r e s s — based on a heavily-hacked version 1.2.1 (Mingus) installation —|