Monday 22nd January, 2007
The "Security Fix" blog on the Washington Post website compared the relative security of Internet Explorer and Mozilla Firefox during 2006:
... analysis found that for 284 days in 2006, bad guys were either exploiting critical, unpatched security holes in IE or blueprints for said instructions were published online for any criminals to use. In contrast, the data showed that there just nine days in 2006 in which exploit code was available for similarly serious, unpatched security holes in Mozilla's Firefox browser.
These statistics are shocking. There's not a lot more which can be said about them; one can only guess as to the reasons behind Microsoft's apparent lack of commitment to security for Internet Explorer. However, let me represent this data for you graphically:
It just seems unreal.
Thursday 18th January, 2007
This article from Silicon.com, and another from the BBC give accounts of how the European Commission has published a report (PDF format) saying that in "almost all cases" switching from proprietary to open source software could offer considerable savings to organisations with little effect on their business.
Sunday 14th January, 2007
It's interesting looking back on this in light of the Snowdon revelations. And were the NSA involved in "helping Microsoft" with more recent versions of Windows?
Rob. April 2015.
On the face of it, getting the NSA to help with Vista security seems like a pretty good idea. So good, in fact that Microsoft are willing to surreptitiously advertise this fact (in the full knowledge that once the news gets out, it will be broadcast all over the Web in a matter of days) as yet another reason why Vista is going to be so secure.
Microsoft also admit that this is not the first time it has sought help from the NSA. Apparently the NSA has helped with security aspects for the consumer version of Windows XP and Windows Server 2003.
What they don't acknowledge is the nearly forgotten news that the NSA seems to have had significant input in every version of Windows since the second release of Windows 95. So significant in fact, that some researchers believe that the NSA were allowed to plant back doors in these operating systems.
So now when you read that Microsoft is and has been repeated involved with the NSA, for "security enhancement", does it make you feel more, or less secure?
Friday 12th January, 2007
An article on Computer Business Review Online reports:
UK schools and colleges that have signed up to Microsoft Corp's academic licensing programs face the 'significant potential' of being locked in to the company's software, according to an interim review by the UK government agency responsible for technology in education.
The article goes on to state:
The British Educational Communications and Technology Agency (Becta) report also states that most establishments surveyed do not believe that Microsoft's licensing agreements provide value for money, while a separate review has recommended against the deployment of Vista and Office 2007.
No, really? Isn't vendor lock-in one of Microsoft's main strategies? Have a look at these excerpts from an internal Microsoft memo, drafted for Bill Gates (see the Wikipedia article on "vendor lock-in" for more details):
"The Windows API is so broad, so deep, and so functional that most ISVs would be crazy not to use it. And it is so deeply embedded in the source code of many Windows apps that there is a huge switching cost to using a different operating system instead...
"It is this switching cost that has given the customers the patience to stick with Windows through all our mistakes, our buggy drivers, our high TCO, our lack of a sexy vision at times, and many other difficulties [...] Customers constantly evaluate other desktop platforms, [but] it would be so much work to move over that they hope we just improve Windows rather than force them to move.
"In short, without this exclusive franchise called the Windows API, we would have been dead a long time ago."
Well, duh, all those crazy Open Source fanboys were right after all. Too late, you're stuck now. Probably.
Monday 8th January, 2007
Following on a from an earlier post, which only hinted at future plans to monitor (Windows) PC users, here is a truly frightening story about an ActiveX control which seems to have been installed on all Acer laptops since 1998. This particular program which has been marked "safe for scripting" appears to allow any web page to run any command on your (Acer) laptop. The link provides more details, as well as a test for those who are concerned.
The two questions which spring to my mind are: "What exactly are Acer up to?", and "Who else is doing this?" All this has been going on unnoticed for eight years.