Posted on 06/28/2024 11:02:47 AM PDT by ShadowAce
I've been pointing out Windows security bugs since Windows for Workgroups showed up in 1992 and I showed how you could steal data from your coworker's spreadsheets using Object Linking and Embedding (OLE). You'd think Microsoft would have figured security out by now.
But no. It's only gotten worse – much worse.
In June 2023, Chinese hacking group Storm-0558 stole US government "secure" messages from Microsoft's Exchange Online. I was only surprised that the Feds managed to catch them – Microsoft certainly didn't figure it out.
Former senior White House cyber policy director AJ Grotto said it best: he asserted it was fair to classify Microsoft and its products as a national security concern.
Think about it for a minute. What other business could get away with having products that are so bad that every month – every month – we have a day, Patch Tuesday, devoted to the latest fixes to their seemingly endless flaws?
These problems don't tend to be small corner cases either. No, take for example the latest one: CVE-2024-30080, a Microsoft Message Queuing (MSMQ) remote code execution (RCE) issue, which earned a 9.8 out of 10 CVSS severity rating. A 9.8 on that scale, for those who don't know it, is a "Patch it now or you will be pwned" level.
Let's not forget CVE-2024-30078, a Wi-Fi driver remote code execution hole, rated 8.8. Microsoft admitted this one could enable an attacker to hack your PC to remotely, silently, and wirelessly run malware or spyware.
Boy, does that make me feel warm and fuzzy about Microsoft or what!?
Really, that's just life with Windows. In the decades I've been covering technology, I've seen this level of security crapola over and over again.
What's really annoying me today is the security holes Microsoft is adding – by design – into Windows.
I mean of course Microsoft Recall. This delightful AI addition to the next generation of Windows PCs would have taken regular snapshots of everything you do on your computer.
Let me emphasize the word "everything." Your bank account numbers, your passwords, your cheat codes, your My Little Pony porn stash, how much money you lost betting on real-life ponies, etc. What would your partner think if they could scroll through your entire online life? Your mom? Or your boss using Microsoft Purview?
GDPR? What's that?
But, hey, who needs to worry? It's all safe on your computer, right? No one could get into your PC over Wi-Fi and start hoovering up all your Recall data, right?
Oh, wait.
Recall, which will now be optional, is a security hole pretending to be a feature. Even if it were not such an invitation for privacy invasion, I'm hard pressed to imagine what practical use it would be for anyone. We have more than enough useless data clogging up our drives without adding even more.
Finally, thinking of over-filling our storage, in another "What were they thinking!?" moment, with the latest releases Microsoft made it nigh on impossible to install Windows 11 without a Microsoft online account. I'm not happy about that, but I could tolerate it.
What I can't stand is Microsoft automatically sets up OneDrive to back up my folders whether I want it to or not. Not cool, Microsoft! Not cool at all. If I want to back up my files, I'll decide where I want them to go – not you.
I only have 5GB of free OneDrive storage, while I have terabytes of data in my personal directories. And, no, I won't be paying you for more storage, thank you very much. Instead, I'll use one of my Rocky Linux servers running Nextcloud, and I won't have to worry about Microsoft looking over my shoulder.
Besides, consider what the OneDrive automatic backup could do if paired with Recall? I, for one, don't want all my files open to Microsoft or Windows hackers. Do you?
Is it any wonder I've been a Linux desktop user for over 30 years? The only question I have is: Will any of these latest Windows security fiascos finally get the rest of you to join me? I mean, how much punishment are you willing to take? ®
One would think it was practically designed to be that way........................
It’s the Kodak formula.
Gets windows for free and pay for the anti malware and virul protection.
 |  |
|---|
Thanks to ShadowAce for the ping!
Gates has always been a crooked business-critter. He created nothing by himself.
Windows began life as an outgrowth of MSDOS, an application running on MSDOS, then NT was born, and slowly with XP and Vista it tried to bolt on some semblance of security.
Windows has improved tremendously since then. Win7 was outstanding in many respects, and Win10 was an security improvement over that, although it also introduced some unloved quasi-spyware features.
But it's still the case that "back-compatibility" with the older releases has been one sticking point throughout. Microsoft's people just can't wrap their head around the concept of "Security-By-Design" and instead they settle for "Security-By-Incremental-Bolt-On-Patches".
It's unfortunate. But it's unavoidable, given the Microsoft mentality, and the perceived necessity of remaining compatible with ancient releases.
Ha! I recently had to get a new desktop & of course, had to get Windows 10. I asked the computer guy if there was an anti-virus program he recommended. He said Windows Defender was as good as anything else on the market. Oh well...
I’ve always wondered why Windows didn’t implement and app that would easily show you when someone is connected to your computer.
Defender is at least as good overall as any of the third-party add-on packages whose names you recognize (McAfee, Norton, etc.).
One you might not recognize because it is primarily an enterprise product is CrowdStrike Falcon. There's a version of it available for home/small-business use, around $60:
I have not used the home/small-business product myself. But I use the enterprise version at work in my role in IT and it's very good. So I'll suggest taking a look at that.
Personally, at present I'm using Windows Defender and MalwareBytes, but I'm considering Falcon Go for future use.
Bkmk
Windows has some tools in the Server versions and even some in Pro versions that can detect some intrusions, but overall, there are too many trivial ways an attacker can hide their activities.
“Is it any wonder I’ve been a Linux desktop user for over 30 years?”
I run an older Windows and use only the Office products and Keil development studio, and Terraterm for downloading to a device.
Where is the pain and uncertainty if I change to Linux desktop?
Why folks continue to abuse themselves with MS I have no clue.
With a little effort there really is a simple way out.
And you will realize you should have done it years ago...
You can have both MS and Linux in the same machine if you like. MS for that ONE game or app you can’t live without. And more secure Linux for everything else like surfing, banking, shopping, etc.
Terraterm is just a terminal emulator. You have NO IDEA how rich THAT environment is under Linux. I think you would be more than pleased with those choices.
Given that information, moving to Linux should be rather painless for you.
I would start by putting a Live ISO on a flash drive and booting up to that, and see if you like that particular flavor. If not, you can always replace that ISO with another one and reboot.
That way, you can test drive Linux and it's different distros to see which one best fits you and the way you work.
Big River Online Store
....
$113.46
Click to Buy
********************************
One ringy dingy, two ringy dingy
Message from Your Bank
You have apparently made a purchase from Big River Online Store.
Please authorize us to pay the vendor by texting us the amount and your birth date to complete the transaction.
Online fraud can be made difficult.
I appreciate the advice. It’s really hard to know what to use these days, & I am definitely not a computer guru.
Microsoft had another urgent update today.
I’ve wasted lots of time over the years.
PCs apparently can’t be made secure, so make the banking system more secure.
“Why folks continue to abuse themselves with MS I have no clue.”
MS is menu-based.
You can see what your choices are and what you might have to do.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.