|Home » News (» Roundups)
Microsoft's War of Words
Things are hotting up.
THE INTERNET (Radsoft) -- Things are getting a bit uneasy for Microsoft in the aftermath of the Google attack. Both France and Germany - and now Australia as well - have officially advised their citizenry to abandon Microsoft's abominable Internet Explorer - a first in the relatively brief history of the World Wide Web.
The advice is of course nothing new: security experts have long cautioned against using any Microsoft products online and both this site and sister site Radsoft have been advising against them for well over ten years.
But Microsoft's reaction this time around stinks of a desperation never before witnessed - certainly more than their lame reaction ten years ago in the wake of the destructive ILOVEYOU worm when the Redmond company merely told people 'be careful when opening mail attachments'. And there's a clear reason for this desperation.
Microsoft have been systematically losing market share in the browser market. They were never out to kill the browser competition in the so-called 'browser war' - they were trying to stop cross-platform applications from invading their PC market and making Windows redundant. And for a while there they took Netscape out.
But today Google have accomplished most of the cross-platform application development themselves. Google have all their office applications online, Sun have their OpenOffice, Apple have their own office application suite, Mozilla have their Firefox browser and associated web utilities gaining considerable leverage especially outside the US - and all of them are running Unix and not Windows.
The current War of Words isn't about Apple on the one side and Microsoft on the other. It's not about Ubuntu on the one side and Microsoft on the other. It's about everybody on the one side and Microsoft all alone on the other.
Microsoft: with their Windows, with their drive letters, with their system32, with that maze they call the Registry, with their crashes and hangs and malware outbreaks heard round the world, with their hopeless standalone architecture.
All the wonderful (and humorous) things mentioned in Apple's 'Get a Mac' apps: most apply to any 'non-Windows' system. Apple, Ubuntu, Gentoo, Red Hat/Fedora, AIX - they all share the same things in common. Stability. Reliability. And above all: security.
Yet Microsoft - by far the richest software corporation in the world - can't handle the attacks. When something bad happens, Microsoft are always around the corner. The reason is well documented: as BSD/Sun cofounder Bill Joy put it: Microsoft took a standalone system incapable of being secured and put it on the Internet with no thought to the safety of their customers.
Microsoft have spent billions over the years on 'spin' - in downplaying all the calamities that beset their software. Yet these costs are minimal compared to what a sea change would cost them, just as it's good business for them to pay billions in class action lawsuits: they have no alternative. Their entire hegemony is based on the effective lock-in of their huge software base, a base that began long before the web revolution. They can't undermine these third party utilities - if they do, they undermine their own position and the battle for the desktop starts all over again.
Are those filthy rich billionaires going to risk that?
Microsoft don't have a long term strategy here. They're boxed into a corner and use every dirty trick in the book to stay the inevitable. They paid a nearly bankrupt company a lot of money just to harass IBM and the open source movement; they put spies inside open source online media companies to sow dissension; they hire on the likes of Rob and Mary Enderle to spew nonsense to quote-hungry colleagues in the media to badmouth Microsoft competition.
Through it all, Microsoft always follow the recommendations of their own 'Halloween Documents' which state unequivocally that they will be beat, that they cannot possibly win.
And that's what we see happening right now. And now when three governments come out and formally warn against use of Microsoft products, things are hotting up like never before. So it's not unexpected to see a lot of spin - to see a War of Words unleashed.
Yesterday it was Cliff Evans of Microsoft UK. His mouthfuls were embarrassing to watch. The poor sod was sweating profusely and stumbling over his words. Words it was obvious even he didn't believe.
Yesterday was also the inimitable Tony Bradley, author of 'Unified Communications for Dummies' and VIP Microsoft tool. Bradley's article was entitled 'Don't Kill the Messenger: Blaming IE for Attacks is Dangerous'. At least Cliff Evans was visibly embarrassed by having to lie so much for the BBC - Bradley will never feel shame. His article seems to use the tack 'just say outrageous things, get the opposition flustered so they lose focus'. Bradley's article deliberately skews and avoids the truth, for one obvious purpose: damage control for the crumbling world of Microsoft.
There's been speculation that these tools are being paid to spin for the Redmond company. This doesn't have to be true. It doesn't have to be like it was with Dan Geer who put his signature on a security research paper along with Bruce Schneier and was promptly relieved of his duties at @stake who had Microsoft as their biggest client. It doesn't have to be like it's rumoured with Brian Krebs who never castigated Microsoft but whose research showed unequivocally what everyone already knew: that thanks to Microsoft, corporations were losing hundreds of millions each year.
No, all that's needed is that they're already on the payroll or have 'vested interests'. Some have them in abundance.
For Cliff Evans, it's a job. Just as it is for the Microsoft's so-called 'chief security advisors' placed around the globe. Don't get the wrong picture here: most of these 'advisors' have no background in IT - they're hired on for their ability to create contacts, to cultivate government representatives, to organise 'damage control'. They're not ringing Redmond all day long to tell them of their latest brilliant suggestions to make their products secure. Their job title is a deliberate misnomer.
They're on location to engender a profitable goodwill and to stop people from abandoning the platform in a fright. They're also tasked with effecting media blackouts when things get really bad. Such as now.
To those concerned, the names Ed Gibson, Peter Watson, Bruce Cowper, William Billings, John Weigelt, Roger Halbheer, Ole-Tom Seierstad, Kimberly Nelson, and Laurent Signoret are all too familiar. They probably regard these people as good friends, as drinking buddies. And these are but a few.
They're placed in almost all local offices. And Microsoft have local offices everywhere. And officially they're all 'chief security advisors' - supposed 'security experts'. And on a median level they know less than nothing. And are not expected to. They're tasked with using their offices to skew public opinion and organise damage control.
The War of Words: the words aren't important; the actors on stage are. And now Steve Ballmer has been unleashed as well. So you know it's serious stuff. Brian Krebs reports.
I had just finished opening an account at the local bank late last week when I happened to catch a glimpse of the bank manager's computer screen: he had about 20 web browser windows open, and it was hard to ignore the fact that he was using Internet Explorer 6 to surf the web.
For more than a second I paused, and considered asking for my deposit back.
'Whoa', I said. 'Are you really still using IE6?'
'Yeah', the guy grinned sheepishly, shaking his head. 'We're supposed to get new computers soon, but I dunno, that's been a long time coming.'
'Wow. That's nuts!' I said. 'You've heard about this latest attack on IE, right?'
I might as well have asked him about the airspeed velocity of an African swallow.
Dude just shook his head, and so did I.
'You can't really blame the poor guy for not knowing', philosophises Krebs generously. 'Just hours before, Microsoft chief executive Steve Ballmer looked a bit like a deer in headlights when, standing in front of the White House in a planned CNBC interview on how the Obama administration is looking to use technology to streamline its operations, he was suddenly asked about a report just released from McAfee effectively blaming a slew of recent cyber break-ins at Google, Adobe and more than 30 top other Silicon Valley firms on a previously unknown flaw in IE.'
'Cyber attacks and occasional vulnerabilities are a way of life', Ballmer said.
'If the issue is with us, we'll work through it with all of the important parties. We have a whole team of people that responds very real time to any report that it may have something to do with our software, which we don't know yet.'
'Occasional vulnerabilities'? 'A way of life'? 'Very real time'? And 'may have something to do' but you 'don't know yet'?
There are two things Microsoft will hide at any cost.
- They're not secure. And never will be.
- They're done for. They're washed up. Finished.
How many builders have put smoke detectors in the new homes and houses? How many people have put fences around their pools to protect children? Safety and security have never ever been market driven. They've always been driven by regulatory, by society itself, and that's the role of government.
- Bill Caelli, Information Security Institute, Queensland University of Technology
This story has been amended under pressure from Microsoft's chief security advisor and local legal office to reflect the Microsoft claim that instead of moving to secure software, idiots can install sloppy fixes from Microsoft when they're available.
Postscript: African Swallows
The average cruising airspeed velocity of an unladen European swallow is approximately 11 metres per second or 38.6 kilometres per hour. Calculating the average cruising airspeed velocity of an unladen African swallow is more difficult. There are namely nearly 50 varieties of African swallow. But the results should be about the same.