Microsoft: Apple Must Be Stopped
February 10, 2022
I read “Microsoft Says That If Apple Isn’t Stopped Now, Its Antitrust Behavior Will Just Get Worse.” Amazing if the information in the write up is accurate. The article states as “real” news:
Microsoft has filed an amicus brief supporting Epic Games in its appeal against Apple, and argues that, “the potential antitrust issues stretch far beyond gaming.”
But here’s the killer passage from a write up provided to legal eagles as a friend to one and all:
Microsoft’s amicus filing included below, sets out what it describes as its own “unique – and balanced – perspective to the legal, economic, and technological issues this case implicates.” As a firm which, like Apple, sells both hardware and software, Microsoft says it “has an interest” in supporting antitrust law. Describing what it calls Apple’s “extraordinary gatekeeper power,” Microsoft joins Epic Games in criticizing alleged errors in the original trial judge’s conclusions.
Okay, Microsoft had a run in with some anti-trust types a few years ago. Apple, like Facebook and Google, are increasing their communication efforts among the duly elected government officials.
But Microsoft wants to buy a game company even though there are signals that the deal for an enlightened and responsible firm will be subject to scrutiny. The mom and pop stores which look out the the little people want to make sure that the alleged monopolists don’t prevent other alleged monopolists from dominating certain markets.
How helpful. From my point of observation, one company operating in an allegedly unfair manner is probably is a good spot to recognize another outfit using the same playbook.
And how about those revenues? There’s nothing like a secure, customer oriented, friendly data environment! Some might call this hypocritical; others, ironical.
I am a simple oldster. I call it — what’s the word? “Criminal”. No. Maybe “diabolical?” No. Not that word. How about “maniacal”? Yeah, not the best but I need to check the latest Microsoft security alert on the for fee Apple news service now. Wait, wait. How about “asocial?”
Stephen E Arnold, February 10, 2022
Has the Redmond Giant Marginalized Facezuck and Googzilla
February 3, 2022
I read an interview which seems to be part of the Financial Times (paywalled, of course) and Ars Technica (not paywalled). The article is “Satya Nadella: Microsoft has “Permission to Build the Next Internet.”
I am not sure about who did what to get the interview with the softest Microsoftie, but I think I spotted which colloquially might be termed a “dis”:
To me, just being great at game building gives us the permission to build this next platform, which is essentially the next Internet: the embodied presence.
Will Facezuck and Googzilla interpret the message as, “Microsoft will build the digital world from this day.” Is the permission granted by someone of global importance, or is the permission assumed like the security of Azure and Exchange Server. Maybe the permission is generated by Microsoft’s confidence resulting from regulators’ attention attracted to other bright, sparkling companies?
I like the permission and the prediction that the next Internet is engineered for “embodied presence.” How’s that work out in the real world; for example, homeless people in Seattle, the posturing in Washington, DC, and the genuine concern in many government agencies around the world that Microsoft’s systems and software are conduits for bad actors.
Yep, embodied. Permission. Prediction.
Stephen E Arnold, February 3, 2022
Microsoft Defender: Are There Other Winners?
February 1, 2022
I believe everything I read on the Internet, of course. One of the fascinating aspects of being old and doing the 21st century equivalent of clipping coupons is coming across “real” research studies. I read “Still Think Microsoft Defender Is Bad? Think Again, Says AV-TEST.”
The write up in Make Use Of Dot Com believes in Windows Defender. It article states:
A recent report by AV-TEST revealed that not only does Microsoft Defender perform well, it actually outperforms many highly-recommended antiviruses
The article included a link to the AV-Test December 2021 Report, and I downloaded it. The AV Test outfit is “the independent IT security institute.” The investment firm Triton owns Swiss IT Security, which is the outfit which “owns” AV-Test.
What does Swiss IT Security Group AG do? Security, consulting, the cloud, and related services.
What does the SITS Group care about Microsoft and its assorted products? With Microsoft’s wide use in organizations, SITS Group probably has an above average keenness for the Redmond wizards’ constructs.
What does this mean for the victory of the Windows Defender system in the AV-TEST Report? For me, I formulated several hypotheses:
- Windows Defender is now able to deal with the assorted threats directed at Microsoft operating systems? Rest easy. Malware popping up on a Windows device is obviously something that is unlikely to occur. Thank goodness.
- Cheerleading for Windows Defender probably makes Microsoft’s security team feel warm and fuzzy which will allow their efforts to deal with Exchange Server issues a more pleasant experience.
- Bad actors will have to rethink how to compromise organizations with Microsoft software. Perhaps some of these individuals will give up criminal activity and join the Red Cross or its equivalent.
For me, institutes which do not reveal their ownership are interesting outfits. But how many antivirus vendors achieved the lofty rank of Windows Defender, according to the report dated December 2021? Here they are:
Avira
Bull Guard
ESET
F Secure
Kaspersky
McAfee
Norton 360
Total Security
Viper.
Windows Defender makes 10 “winners.”
Now of these 10 which is the one that will make SolarWinds, ransomware, compromised Outlook emails, and Azure Cosmos excitement a thing of the past? Another question: “Which of these sort of work in the real world?” And, “If there is a best, why do we need the nine others?”
These are questions one can ask Triton / Swiss IT Security Group AG / AV Test to answer?
Net net: Marketing.
Stephen E Arnold, February 1, 2022
An Encomium to Microsoft: Just Some Small, Probably Irrelevant, Omissions
January 31, 2022
I read “Don’t Forget Microsoft.” Back in the days when my boss at Booz Allen & Hamilton was the toast of business schools, he dragged me along to order bottled water and carry his serious looking briefcase. The most enjoyable part of these excursions to assorted business schools, conferences, and meetings was the lingo. There was a self-importance in the people to whom my boss lectured. The fellow had a soft, gentle voice, and it would output jargon, truisms gleaned from Norm Augustine, and BAH precepts like hire people smarter than you are and look for “Type A” people who will work 60 hours a week.
This write up reminded me of those interesting discussions with those who wanted wisdom about how to be a baller in business. If one looks at the essay/analysis of Microsoft Corporation, one sees mountain tops. These are indeed important; for example:
- The prediction that MSFT will become a $10 trillion dollar company. Translation: Buy stock now.
- The cloud and the new things Microsoft is doing. Translation: AWS and Google are toast.
- Games. Yes, the meta thing. Translation: If you are a coding young gun, apply for a job and ride the tsunami named Softie.
And there are other peaks poking above the intellectual “clouds.”
However, I noted a small, probably irrelevant, omission or two from the write up. These are my opinions, and I assume that those younger and much smarter than I will point out that I am a crazy old coot. Here goes, so take a deep breath.
- Microsoft is unable to address the security issues its software and systems spawn; that is, the cat-and-mouse game between bad actors and good actors pivot in a large part on the seemingly infinite number of security-related issues. These range from decades old Word macros to zippy new methods like those still creating headaches in the aftermath of the SolarWinds’ misstep, the Exchange Server issues, and the soothing information presented on the Microsoft Security Alert page which has not been update for four days as I write down my thoughts. (MSFT tells me that it will take only two hours to read the document.
- Issues related to stuff that happens between different Microsoft employees. I don’t want to belabor the point but “Microsoft Will Review Sexual Harassment Investigation Of Bill Gates, Others” presents some interesting information.
- Clumsy distractions as innovation. I am thinking of the Android enhanced Windows 11 and the announcement of a big deal for an electronic game company. These “big” moves distract people from other facets of the organization.
Net net: Interesting essay, quite positive, and only a few minor omissions. Who cares about security, employee well being, and masterful public relations? I sure don’t.
As my former boss and mentor at BAH told me, “As long as it generates money, everything will be okay.” Plus, I haven’t forgotten Microsoft, okay?
Stephen E Arnold, January 31, 2022
Microsoft and Games: A Different Take
January 19, 2022
I have been monitoring the breathless write ups about Microsoft responding like a good digital soldier in Call of Duty. The news hits the cash deal for more than $65 billion in cash. There are signals from the incredibly efficient government machinery that acquisitions will be subject to scrutiny, rules, and maybe more upfront testimony. I love these preambles: “Senator, thank you for the question.” Then the crystal clear responses. Thrilling.
What’s Microsoft itself say? Here’s one example: “Microsoft to Acquire Activation Blizzard to Bring the Joy and Community of Gaming to Everyone, Across Every Device.” The words that caught my eye were the names of the company. Those entities evoke thoughts of the antics of gamers in articles like “Activision Fires More People in Sexual Harassment Probe” and “California Sues Activision Blizzard, Alleging Culture of Sexual Harassment.” Perhaps these are allegations, but the message seems clear. Then there are strategic notions like this one from Inc. Magazine’s “1 Word Explains the Biggest Challenge Facing Microsoft’s $68.7 Billion Acquisition of Activision Blizzard”:
The goal is to feed the company’s Game Pass strategy, which has failed to gain traction among developers who aren’t particularly excited about handing over their flagship properties to a subscription service when they can easily command $50 or $60 apiece. Microsoft wants to let users pay $15 a month to play any game.
We have big money, sexual harassment matters, developers, gamers, and a reorganization.
My view is different.
Think back to late 2020 when news of the SolarWinds’ supply chain misstep circulated. FireEye (now part of Norton and renamed Trellix) reported the fact that a vaunted cyber security outfit (namely FireEye itself) was compromised. In short order, security professionals issued Emergency Directives like 21-02, tried to figure out what happened, and how many entities were compromised. Microsoft suggested that the issue was a result of 1,000 programmers beavering away in Eastern Europe. Rumors surfaced that the SolarWinds’ misstep had taken place months, possibly more than a year, before the FireEye announcement in December 2021. Public disclosures about breaches appear after lawyers and public relations professionals wordsmith. How long does this take? It varies in my experience. “Troubling Trend: It Takes Nine Months to Detect and Respond to a Cyberattack” makes clear that breaches have been implemented and performing the stipulated tasks for a considerable period of time.
Many pundits, consulting firms, investment outfits, and even SolarWinds itself realized that a certain large software company’s systems and methods were the surf board the bad actors were riding across the flows of digital data.
How do some individuals and companies respond when one subject — in this case, questionable engineering, insecure systems, and a snappy security breach that left US government agencies wondering who was pawing around in their allegedly secure servers — dominated the headlines.
My view was that a distraction was needed. What was that distraction? I interpreted the launch of what is known as Windows 11 was that distraction. Pundits took the red herring and gnawed. Familiar functions were suddenly unfamiliar. The October 2021 release of Windows 11 caught some people by surprise. Hello, Windows watchers working for Leo LaPorte and the TWIT TV operation.
My view was that Windows 11 was pushed out in order to create a point of discussion of some magnitude. My view is that chatter about Windows 11 would help mute the conversation about Microsoft security and its engineering practices.
Did it work? Sort of.
What’s up with the big news about the Activision Blizzard deal is that it looks to me like another distraction. Sure, one can make a business case about games, the metaverse, and the need for adult supervision of a gamer outfit. (This is interesting in light of Microsoft’s new found interest in alleged dalliances among the Softies.)
My take, which I admit is contrarian, is that Microsoft is using what looks like a major, super deal to focus attention on matters other than the security of Azure, Exchange, and even kicked to the kerb Word application.
Many arguments can be raised to point out that Microsoft’s senior management is not trying to distract anyone from anything. Windows 11 shipping without Android app functionality is just one of those things. Buying a game outfit saddled with some potentially costly legal allegations is just a bold move.
For me, Microsoft is using a magician’s method. Get the audience looking away from the nimble fingers palming a card or removing a divider so a rabbit can be pulled from a hat.
Why? My view is that the security issues remain is certain important Microsoft software systems. How did 2022 begin? “Microsoft Kicks Off 2022 With 96 Security Patches” explains that 89 of these were important. And what about virtual private network support? Oh, right, fixed now. And what about Windows Server vulnerabilities. There are fixes now for the issues created with those January patches. For details see “Microsoft Rolls Out Emergency Updates for Windows Server and VPN Bugs.”
But let’s talk about games, shall we? No, I would prefer to ask, “Why not apply those Microsoft billions toward addressing security issues?”
Stephen E Arnold, January 19, 2022
Microsoft: Putting Teeth on Edge
January 11, 2022
Usually a basic press release for an update to Microsoft receives little discussion, but OS News recently posted a small quip: “Update For Windows 10 And 11 Blocks Default Browser Redirect, But There Is a Workaround” and users left testy comments. The sting fighting words were:
“It seems that Microsoft has quietly backported the block, introduced a month ago in a Dev build of Windows 11, on tools like EdgeDeflector and browsers from being the true default browser in Windows 10, with the change being implemented in Windows 11 too. Starting from KB5008212, which was installed on all supported versions of Windows 10 yesterday with Patch Tuesday, it is no longer possible to select EdgeDeflector as the default MICROSOFT-EDGE protocol.”
Followed by this sarcastic line: “They spent engineering resources on this.”
Users were upset because it meant Microsoft blocked other Web browsers from becoming a system’s default. It is a corporate strategy to normalize anti-competitive restrictions, but there are users who defended Microsoft’s move. They stated that blocking other Web browsers protected vulnerable users, like the elderly, from accidentally downloading malware and adware.
The comments then turned into an argument between tech-savvy experts and the regular users who do not know jack about technology. The discussion ended with semi-agreement that users need protection from freeware that forcefully changes a system, but ultimately users have the choice on their system settings.
In the end, the comments shifted to why Microsoft wants Edge to be the system default: money and deflecting attention from its interesting approaches to security.
Whitney Grace, January 11, 2022
Windows 11: Loved and Wanted? Sure As Long As No One Thinks about MSFT Security Challenges
January 10, 2022
I hold the opinion that the release of Windows 11 was a red herring. How does one get the tech pundits, podcasters, and bloggers to write about something other than SolarWinds, Exchange, etc.? The answer from my point of view was to release the mostly odd Windows 10 refresh.
Few in my circle agreed with me. One of my team installed Windows 11 on one of our machines and exclaimed, “I’m feeling it.” Okay, I’m not. No Android app support, round corners, and like it, dude, you must use Google Chrome, err, I mean Credge.
I read “Only 0.21%, Almost No One Wants to Upgrade Windows 11.” Sure, the headline is confusing, but let’s look at the data. I believe everything backed by statistical procedures practiced by an art history major whose previous work experience includes taking orders at Five Guys.
The write up states:
According to the latest research by IT asset management company Lansweeper, although Windows 10 users can update Windows 11 for free, it is currently only 0.21%. Of PC users are running Windows 11.
I am not sure what this follow on construction means:
At present, Windows 11 is very good. Probably the operating system with the least proportion.
I think the idea is that people are not turning cartwheels over Windows 11. Wasn’t Windows 10 supposed to be the last version of Windows?
I am going to stick with my hypothesis that Windows 11 was pushed out the door, surprising Windows experts with allegedly “insider knowledge” about what Microsoft was going to do. The objective was to deflect attention from Microsoft’s significant security challenges.
Those challenges have been made a little more significant with Bleeping Computer’s report “Microsoft Code Sign Check Bypassed to Drop Zloader.”
Is it time for Windows 12, removing Paint, and charging extra for Notepad?
Possibly.
Stephen E Arnold, January 10, 2022
The Value of Turning Off Malware Scanning: Allow Exchange to Function?
January 1, 2022
Happy New Year. Problems with Microsoft Exchange 2019? The fix is quite special and you can get some suggestions for getting mail working again from Reddit’s sysadmin forum. Try this link to learn how to by pass the malware engine. The trick is to disable malware scanning or use the bypass method described in the Reddit post.
Several thoughts:
- Useful issue for computer science classes in certain countries unfriendly toward the US to explore
- There is room for improvement in Microsoft software quality control processes
- This Microsoft Exchange issue matches nicely with netlogon and no-auth exchange RCE missteps.
Here’s the link to the fix: https://bit.ly/3FPNBYc
Outstanding work, Microsoft.
PS. The Register added another MSFT Happy New Year in its post “Going Round in Circles with Windows in Singapore.” There is an illustration of the helpful, detailed, extremely useful error notification. Outstanding work, price war cloud people called Redmondians.
Stephen E Arnold, January 1, 2022
Microsoft Security? Just Super Duper
December 31, 2021
I installed software on one of my test machines. Windows’ Defender tool told me I had malware. Not true. To see what would happen, I clicked the offered Defender button and Windows killed a program from a developer doing business as Chris-PC. Helpful? You bet.
I mention this because I think I am the only person in Harrod’s Creek who believes that the Windows 11 release was a way to distract people from Microsoft’s security challenges. I like words like “challenges” and “misstep” because “dumpster fire” is too colorful and “disaster” has been overused.
What’s up with Microsoft security challenges as we creep toward what will be a banner year for some actors? How about these two news stories?
First, we have “Microsoft Teams Bug Allowing Phishing Unpatched Since March.” The main idea is that nine months have bustled by. Teams users could fall victim to some missteps in Microsoft Teams. The write up states:
German IT security consultancy firm Positive Security’s co-founder Fabian Bräunlein discovered four vulnerabilities leading to Server-Side Request Forgery (SSRF), URL preview spoofing, IP address leak (Android), and denial of service (DoS) dubbed Message of Death (Android). Bräunlein reported the four flaws to the Microsoft Security Response Center (MSRC), which investigates vulnerability reports concerning Microsoft products and services. “The vulnerabilities allow accessing internal Microsoft services, spoofing the link preview, and, for Android users, leaking their IP address and DoS’ing their Teams app/channels,” the researcher said. Out of the four vulnerabilities, Microsoft addressed only the one that attackers could use to gain access to targets’ IP addresses if they use Android devices.
Second, we have “Stealthy BLISTER Malware Slips in Unnoticed on Windows Systems.” I learned:
… Blister, acts as a loader for other malware and appears to be a novel threat that enjoys a low detection rate. The threat actor behind Blister has been relying on multiple techniques to keep their attacks under the radar, the use of code-signing certificates being only one of their tricks.
Nope, let’s block Windows 11 users from installing another browser. Let’s kill Chis-PC software. The path forward is to enter 2022 with the ghost of SolarWinds laughing and the ghosts of Christmas yet to come licking their lips in glee.
Stephen E Arnold, December 31, 2021
Microsoft Has a Digital Death Star and Windows 11
December 21, 2021
If you are not familiar with Microsoft’s digital Death Star, you will want to watch the story in the December 26, 2021, Dark Cyber video news program. You can find it in the mini player at this link. More than a year after the SolarWinds’ security misstep became public, the Redmond giant can digitally slay the 1,000 malefactors responsible for some data exfiltration. Quick.
My hunch has been that Microsoft rolled out Windows 11 as part of a red herring campaign. The idea may have been that Windows 11 would capture the attention of “real” journalists, thus reducing the blow torch directed at the Microsoft enterprise software processes. It seems to have worked. No one I have spoken with knows much about the Death Star meme and quite a few people are excited about Windows 11.
ZDNet remains firmly in the camp of writing about Windows 11. Why not? Users who want to use a browser other than Edge or a specialized software to perform a specific PDF function find that some noodling is required. Windows 11 is supposed to be simpler better cheaper faster more wonderfuler, right?
“8 Harsh Realities of Being a Windows 11 User” presents a distinguished lecturer’s view of some Windows 11 foibles. Let’s take a quick look at three of the eight and then circle back to the year long wait for digital retribution against the 1,000 engineers who created the SolarWinds’ misstep and made the Softies look inept and sort of silly in the security department.
Reality 1. The Browser Lock In
Microsoft does not want a Windows 11 user to load up a non Microsoft browser. I find this amusing because Edge is not really Microsoft code. Microsoft pulled out what I call soft taco engineering; that is, the Chrome engine is wrapped in a tortilla crafted in the kitchens of Microsoft Café 34. I am a suspicious type; therefore, I think the browser lock in is designed to make darned sure the geek bloggers and the “real” journalists have something to Don Quixote.
Reality 5. Control Panel / Settings Craziness
Okay, where is the widget to have the weird File Explorer show me “details”? And what about Display controls? I have a couple of places to look now. That’s helpful. Exactly what is the difference between a bunch of icons grouped in one place under one jargonized name? I am not sure about the logic of this bit of silliness, but, hey, one has to do more than clean the microwave in the snack area or hunt for the meeting room on the campus. (Where did the alleged interpersonal abuses take place? Is there a Bing Map for that?)
Reality 8. What Runs Windows 11?
Now if there is a super sized red herring being dragged over the SolarWinds’ misstep it is this one: Will my PC run Windows 11? Lame? You bet, but we are in the distraction business, not in the useful software business. Subscribe and pay now for the greatness which may not run on your PC, you computer dolt. But why? Maybe SolarWinds’ stuff saying, “Look here, not there.”
You have to navigate to the distinguished lecturer’s cited post for Realities of 2, 3, 4, 6, and 7. There are more Dusies too.
Now the circle back: SolarWinds’s misstep is still with us and Microsoft. At least I can understand Windows 11 as a quick and dirty distraction. Can users?
Stephen E Arnold, December 21, 2021
-
- Subscribe to Beyond Search
Feature archive
News archive
-
