TagsRe: Did Microsoft *Ever* Care About Security?
February 07th, 2011 - 03:33 pm ET by Rex Ballard | Report spam
Create a new topic
On Sunday, February 6, 2011 7:48:40 PM UTC-5, Justin wrote:
Microsoft tries to make the APPEARANCE of providing security, but..
YES!! Microsoft considers Windows, and all information contained on it, to be THEIRS! The End User License Agreement gives Microsoft permission to gather information for uses SUCH AS (but not limited to) problem resolution and market research. HOWEVER! The language ALSO permits Microsoft to collect ANY information and give it OR SELL IT to anyone they want. In fact, for a modest fee, you can purchase a certificate from Microsoft which will allow your software to have the same administrative rights that the user has. This INCLUDES all access to remote shares and even e-mail and web access rights.
In 1998, it became public that someone had obtained the link about the "Blue Dress" from Ken Starr's personal computer. Since then, a number of OTHER leaks to the press have been traced to e-mails, chats, and personal files stored on the personal computers of Governors, Senators, and Congressmen, as well as Mayors of major cities.
That is BY DESIGN! Microsoft absolutely insists on the right to access your computer. Their main claim is that they should have the right to detect software piracy of their products. As a result, they have put in NUMEROUS back doors which can be used to help them hack into ANY computer.
The first rule of security is that you should not download and execute software from any source you don't personally know and trust. Microsoft did an "end run" by using "Certificates" that allowed Microsoft, and it's partners, to sell certificates. These certificates allow a user to use binaries embedded in ActiveX, OLE, DDE, Office Macros, or binary XML, and execute the code without even being asked whether he trusts them or not.
A more obvious attack is the e-mail attachment, and most people can easily see how those e-mails and spam containing malware as attachments are something you shouldn't trust. Especially when someone tells you to click a link or an icon for free game software, porno, or "get rich quick" offers.
Of course, it's a trivial thing to set up the e-mail so that simply PREVIEWING the e-mail will infect your system.
Most corporate users will have external firewalls, WiFi or Ethernet Router firewall, and internal software firewalls - all of which can be buypassed instantly by anyone using Outlook on Windows with the default Outlook and Browser settings.
Vista did try to impose some real security, but most users disabled it because they got tired of getting hundreds of "Are you sure you want to let this hacker bot your system?" messages. Of course, it wasn't put that way. It was more like "Are you sure you want to run this program?".
Many countries now require that people use Linux or UNIX CLIENTS for their high security applications and environments, because they they have multiple layers of security and keep audit trails that can be checked when a system is hacked.
Hacking into a Windows system by purchasing a certificate from Windows - is completely legal, and the PC user has no recourse, nor does law enforcement.
Hacking into a Linux or UNIX workstation or server - is a federal crime, a felony, and depending on what you do, the penalties for a single attack could go as high as 25 years PER MACHINE. When caught, most defense attorneys advise their clients to cooperate with authorities so they can get a concurrent sentence and only misdemeanor charges.
Very often, Linux audit trails in servers have helped to track down perpetrators, and are used to help track and trace them in real-time.
One of my favorite stories is a bit personal. About 12 hours after my mother died, a hacker drained her bank account of thousands of dollars. Fortunately my dad checked the account less than 10 minutes after his last successful withdrawal and called the bank immediately.
It seems that he identified the victims and planted his viruses - using prayer chains.
Rex B
Its almost as if they're not even trying.
Microsoft tries to make the APPEARANCE of providing security, but..
Do they intentionally make their OS insecure and prone to rogue
installations?
YES!! Microsoft considers Windows, and all information contained on it, to be THEIRS! The End User License Agreement gives Microsoft permission to gather information for uses SUCH AS (but not limited to) problem resolution and market research. HOWEVER! The language ALSO permits Microsoft to collect ANY information and give it OR SELL IT to anyone they want. In fact, for a modest fee, you can purchase a certificate from Microsoft which will allow your software to have the same administrative rights that the user has. This INCLUDES all access to remote shares and even e-mail and web access rights.
In 1998, it became public that someone had obtained the link about the "Blue Dress" from Ken Starr's personal computer. Since then, a number of OTHER leaks to the press have been traced to e-mails, chats, and personal files stored on the personal computers of Governors, Senators, and Congressmen, as well as Mayors of major cities.
From adware to bullshit like "WindowsDisk" that actually
reboot the machine when you try to kill the process.
Why is Windows so inherently insecure?
That is BY DESIGN! Microsoft absolutely insists on the right to access your computer. Their main claim is that they should have the right to detect software piracy of their products. As a result, they have put in NUMEROUS back doors which can be used to help them hack into ANY computer.
The first rule of security is that you should not download and execute software from any source you don't personally know and trust. Microsoft did an "end run" by using "Certificates" that allowed Microsoft, and it's partners, to sell certificates. These certificates allow a user to use binaries embedded in ActiveX, OLE, DDE, Office Macros, or binary XML, and execute the code without even being asked whether he trusts them or not.
A more obvious attack is the e-mail attachment, and most people can easily see how those e-mails and spam containing malware as attachments are something you shouldn't trust. Especially when someone tells you to click a link or an icon for free game software, porno, or "get rich quick" offers.
Of course, it's a trivial thing to set up the e-mail so that simply PREVIEWING the e-mail will infect your system.
So far one has to run anti virus, anti-adware and what next?
Anti Rogue too?
Most corporate users will have external firewalls, WiFi or Ethernet Router firewall, and internal software firewalls - all of which can be buypassed instantly by anyone using Outlook on Windows with the default Outlook and Browser settings.
Vista did try to impose some real security, but most users disabled it because they got tired of getting hundreds of "Are you sure you want to let this hacker bot your system?" messages. Of course, it wasn't put that way. It was more like "Are you sure you want to run this program?".
That's just downright pathetic.
Many countries now require that people use Linux or UNIX CLIENTS for their high security applications and environments, because they they have multiple layers of security and keep audit trails that can be checked when a system is hacked.
Hacking into a Windows system by purchasing a certificate from Windows - is completely legal, and the PC user has no recourse, nor does law enforcement.
Hacking into a Linux or UNIX workstation or server - is a federal crime, a felony, and depending on what you do, the penalties for a single attack could go as high as 25 years PER MACHINE. When caught, most defense attorneys advise their clients to cooperate with authorities so they can get a concurrent sentence and only misdemeanor charges.
Very often, Linux audit trails in servers have helped to track down perpetrators, and are used to help track and trace them in real-time.
http://www.imagebam.com/image/950244118478506
One of my favorite stories is a bit personal. About 12 hours after my mother died, a hacker drained her bank account of thousands of dollars. Fortunately my dad checked the account less than 10 minutes after his last successful withdrawal and called the bank immediately.
It seems that he identified the victims and planted his viruses - using prayer chains.
Rex B
Follow the discussion
5 replies
Make a replySimilar topics
Make your own search :
June 20th, 2013 - 7:58 AM ET
Join now
Replies