Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Fixing Windows 8 Flaws, But Leaving Them In Windows 7

Soulskill posted about 5 months ago | from the probably-not-fixing-them-in-win-95-either dept.

Windows 218

mask.of.sanity sends this news from El Reg: "Microsoft has left Windows 7 exposed by only applying security upgrades to its newest operating systems. Researchers found the gaps after they scanned 900 Windows libraries using a custom diffing tool and uncovered a variety of security functions that were updated in Windows 8 but not in 7. They said the shortcoming could lead to the discovery of zero day vulnerabilities. The missing safe functions were part of Microsoft's dedicated libraries intsafe.h and strsafe.h that help developers combat various attacks. [Video, slides.]"

Sorry! There are no comments related to the filter you selected.

Two bits to say here (-1, Flamebait)

icannotthinkofaname (1480543) | about 5 months ago | (#47186917)

  1. And they couldn't have taken this approach with Windows XP?
  2. I choose to believe that these involved renaming the Windows 7 libraries to intunsafe.h and strunsafe.h.

Re:Two bits to say here (1, Insightful)

Anonymous Coward | about 5 months ago | (#47186975)

I believe that the updates have not been applied to Windows XP. There was a point in time when Win7 was being updated but XP was not getting those updates.
The only significance I'm seeing in this is that WIn7 is still within its support period. Still, this could make some sense if the new security implementations actually rely on technology foundations that are actually built into Windows 8 but which are not a part of Windows 7. That's one possibility that would make some sense.
Unfortunately, Microsoft may feel an incentive to categorize updates as being appropriate only for Windows 8, simply in hopes of driving people away from older operating systems.

Rant: It's not like updating only Windows 8 is sufficiently convincing to get people to move from Windows 7 to Windows 8. Even if Microsoft refused to fix a terrible flaw threatening Windows 7 machines, that doesn't mean I would worsen the situation by going to Windows 8.1 or, even worse, Windows 8. Like Vista, Windows 8 (including 8.1) is condemned to be something that should be skipped. Hopefully Windows 9 will be less useless.

Re: Two bits to say here (1, Insightful)

binarylarry (1338699) | about 5 months ago | (#47187125)

Hopefully Google, Apple and Canonical find a way to replace Microsoft products before Windows 9 ships.

Re: Two bits to say here (1, Flamebait)

SuperTechnoNerd (964528) | about 5 months ago | (#47187441)

Hopefully Google, Apple and Canonical find a way to replace Microsoft products before Windows 9 ships.

Out of the frying pan, into the fire..

Re: Two bits to say here (1, Insightful)

symbolset (646467) | about 5 months ago | (#47187565)

1.2 billion smart devices shipped without Windows last year, and more than that number will ship this year, making over 2.5 billion devices shipped in only two years and likely still in use. There are only 7 billion humans and two thirds of them are too impoverished, young, old or uninterested to be in the market for such things. So this event you are hoping for appears to have already happened.

Shoddy Ethics (4, Interesting)

mfh (56) | about 5 months ago | (#47186935)

The bugs exist for a reason. If it's not broken now why buy the new version?

Re:Shoddy Ethics (5, Insightful)

Anonymous Coward | about 5 months ago | (#47187083)

Windows 7 is still supported, so doing this now isn't shoddy ethics, it's a breach of contract. If they think that having shorter support periods will drive more sales, then have to start with Windows 9.

Re:Shoddy Ethics (1)

hodet (620484) | about 5 months ago | (#47187385)

Huh? Read what you just wrote. I would say knowingly breaking your contract is a breach of ethics.

Re:Shoddy Ethics (2, Informative)

Anonymous Coward | about 5 months ago | (#47187487)

No, it's a breach of law meaning it can be taken to court. A breach of ethics doesn't necessarily allow that unless what they're doing is not only unethical but also unlawful due to existing laws.

Cutting off support for software isn't against the law unless you were promised updates for a specific longer term of support. Which was given with Windows 7. If there wasn't a promised amount of time for updates/patches promised beforehand, it'd just be a dick move.

Re:Shoddy Ethics (5, Funny)

Poingggg (103097) | about 5 months ago | (#47187495)

Breach of ethics is not possible for Microsoft: They never had any to break in the first place.

This makes sense... (5, Informative)

Anonymous Coward | about 5 months ago | (#47186937)

Windows Sustained Engineering is a different org across the street with different funding and goals, and they don't automatically fix all of the bugs the Windows feature teams fix. There's a triage process for deciding whether bugs are important enough to fix in downlevel releases.

Re:This makes sense... (5, Informative)

ElPerezoso (1755172) | about 5 months ago | (#47187357)

This. And there's no evidence that these changes correspond to exploitable security vulnerabilities. If you look at the slides, what they're actually complaining about is that certain OS code paths have been updated to use intsafe.h/strsafe.h functions in Windows 8, but not in Windows 7. Because intsafe/strsafe are used to help avoid overflow vulnerabilities, the conclusion the article draws is that these must be actual vulnerabilities, which are being fixed in Windows 8 without being ported to Windows 7.

It's worth noting that the entire presentation that the article is based on is an advertisement for their DiffRay diffing tool, so they have some incentive to overstate things. It's entirely possible that the changes that they're pointing out as "fixing potential 0-days in 8 but not 7" are actually just moving a couple of bounds checks from ad-hoc implementations in the functions themselves to the standardized common intsafe calls. Or it could be that there is already correct bounds enforcement elsewhere, and these checks are just added for redundancy, or to make function-local static analysis a little bit cleaner. I honestly don't know, but there are enough plausible benign explanations that the alternative of "Microsoft is deliberately exposing its largest set of customers to vulnerabilities" seems kind of absurd. Bring me the extraordinary evidence for this claim.

Disclosure: I'm a dev on the Windows team. I don't have any specific knowledge of this, and I'm not writing this in any official or compensated capacity.

Re:This makes sense... (4, Interesting)

PRMan (959735) | about 5 months ago | (#47187391)

And 8 has code that 7 doesn't have. There is a HIGH degree of likelihood that most bugs would be in the new code, the code not shared by 7, which has been well-tested for years.

Re:This makes sense... (2)

lgw (121541) | about 5 months ago | (#47187813)

If you've ever actually used those libraries, there's nothing magically safer about them. You can more easily port old code to those libraries in such a way that all vulnerabilities are maintained than you can port and do it right. So it comes down to code review during the port. You get the same safety with the same code review without actually porting anything.

Those libraries (with good code review) are like a "W2K safe" sticker of yesteryear: a sign that someone looked at the problem, which is great, but doesn't necessarily mean anything.

IME the important thing to look for in older code is not the bounds checking, but whether there's an error path at all. It's all too common for some leaf function to avoid a buffer overrun and set come error code, but the calling code was never changed to care about the error code, so something very odd happens 47 calls down the road. This is why IMO using a language with exceptions is the key to security - you don't need the language to provide bounds-checked arrays, you can always write that library, but you really want an unhandled error to be a crash, not an unpredictable state no one thought about during design!

This makes sense... (4, Interesting)

Darinbob (1142669) | about 5 months ago | (#47187669)

No, they should not consider Windows 7 a "downlevel" release. I just bought a NEW computer with Windows 7 on it for a relative, and had to pay a premium to get W7 instead of W8. I don't need a repeat of the XP debacle! Windows 7 is the MAIN operating system from Microsoft today, Windows 8 is only a trial balloon. Since I did pay for W7 I expect FULL support for its lifetime not some half assed job designed to force people to upgrade prematurely.

The advice from the computer repair shop my relative used this very week was to get W7 and avoid W8. This is not just some disgruntled people avoiding W8, it is very much mainstream.

Re:This makes sense... (0)

Anonymous Coward | about 5 months ago | (#47187825)

Since I did pay for W7 I expect FULL support for its lifetime not some half assed job designed to force people to upgrade prematurely.

So what you're asking for is Patch Tuesday, every hour on the hour, with most of the fixes being obscure text clipping issues in Chinese or threading problems that only show up when you open MMC and add all of the snap-ins twice?

It's Time To Move On. (4, Insightful)

Anonymous Coward | about 5 months ago | (#47186945)

"People are aware that Windows has bad security but they are underestimating the problem because they are thinking about third parties. What about security against Microsoft? Every non-free program is a 'just trust me program'. 'Trust me, we're a big corporation. Big corporations would never mistreat anybody, would we?' Of course they would! They do all the time, that's what they are known for. So basically you mustn't trust a non free programme."

"There are three kinds: those that spy on the user, those that restrict the user, and back doors. Windows has all three. Microsoft can install software changes without asking permission. Flash Player has malicious features, as do most mobile phones."

"Digital handcuffs are the most common malicious features. They restrict what you can do with the data in your own computer. Apple certainly has the digital handcuffs that are the tightest in history. The i-things, well, people found two spy features and Apple says it removed them and there might be more""

From:

Richard Stallman: 'Apple has tightest digital handcuffs in history'
www.newint.org/features/web-exclusive/2012/12/05/richard-stallman-interview/

Re:It's Time To Move On. (-1)

Anonymous Coward | about 5 months ago | (#47187077)

please mod parent up this is a good point!

Re:It's Time To Move On. (5, Interesting)

LordLimecat (1103839) | about 5 months ago | (#47187153)

Richard Stallman is full of crap if he is claiming that Windows is endemically, technically less secure. Anyone remember the Pwn2Own games? Anyone remember what OS fell first every time? Thats right, fully patched OSX (think that changed ~2012).

This could turn into a debate lasting days, but suffice it to say that from a technical level Windows is pretty secure. 90% of all exploits these days hit third-party applications that also happen to run on Linux and OSX (flash, java, adobe reader). Im sure Stallman would rail against those too, and he would actually be right, but the point is that the vast majority of users need those plugins and he is being deceitful if he is attempting to paint the various Flash player exploits as problems with Windows, or as problems endemic to Closed Source Software.

And you, too, have a bit of gall posting this, after some of the hugest security holes to hit the net were just released, both affecting OSS. Ideology is great until you hit the real world, and realize that things are never as simple as "I hate Microsoft, therefore Windows is technically bad", or "Closed source software has trust issues, therefore all OSS is inherently more secure". My hope is that all who take this like will grow up and abandon their zealotry before they enter the workforce.

Re:It's Time To Move On. (0)

Anonymous Coward | about 5 months ago | (#47187211)

Don't worry. They do. The moment you find how difficult it actually is to migrate a business from one OS to another you start to realize just how fucking pointless all this bullshit is anyway. There's a reason companies like Red Hat thrive on providing support. Software development costs are miniscule compared to the cost of running the damn thing and keeping it properly integrated with every other system you have.

Re:It's Time To Move On. (3, Insightful)

symbolset (646467) | about 5 months ago | (#47187583)

The problem appears to be that if you choose Microsoft you are going to get this OS migration hassle anyway, on a regular recurring cycle, because their business model requires it. So if you are migrating OS anyway you may as well do it right once, leave them, and be done with that hassle forever.

Re:It's Time To Move On. (4, Insightful)

msobkow (48369) | about 5 months ago | (#47187345)

The question is not just whether an OS is secure, but how long it takes for patches to be rolled out. While Microsoft often sits on their laurels when it comes to releasing patches, the king of procrastination is Oracle, which has left known issues in the wild for decades.

Still, I don't disagree with the general intent of your post, which I read as "closed source is not necessarily worse than open source." But that's only up to a point -- timely patches are critical to maintaining the security of a system, and when Microsoft purposely omits patches for downlevel releases that are still under support, they do a great disservice to their customers, to the 'net community as a whole, and to their own reputation and therefore bottom line.

Re:It's Time To Move On. (1)

LordLimecat (1103839) | about 5 months ago | (#47187411)

I imagine there are architectural differences between Win7 and Win8. Win7 is still supported heavily in the enterprise, and I dont believe for a second that Microsoft has some perverse desire to screw over their biggest customers.

Patching time (1)

ArchieBunker (132337) | about 5 months ago | (#47187653)

You do realize that with paying customers you can't just crank out a patch overnight and hope it doesn't affect any other piece of software. Of course when a Linux patch breaks something all you have is neckbeards sending you nasty emails. Microsoft is open to lawsuits and contract issues.

Re:Patching time (0)

Anonymous Coward | about 5 months ago | (#47187707)

Microsoft is open to lawsuits and contract issues.

LOL

Re:It's Time To Move On. (0)

Anonymous Coward | about 5 months ago | (#47187417)

Richard Stallman is full of crap if he is claiming that Windows is endemically, technically less secure.

Seems pretty clear that the GP's quote is talking about DRM and other intentional but user-hostile "features", not security holes in the traditional sense.

Re:It's Time To Move On. (5, Insightful)

RR (64484) | about 5 months ago | (#47187497)

Richard Stallman is full of crap if he is claiming that Windows is endemically, technically less secure. Anyone remember the Pwn2Own games? Anyone remember what OS fell first every time? Thats right, fully patched OSX (think that changed ~2012). This could turn into a debate lasting days, but suffice it to say that from a technical level Windows is pretty secure.

You totally misunderstand Stallman's point. Stallman is not arguing that open source leads to better quality software. That would be Eric Raymond. Stallman is arguing that you can't trust Microsoft. More of an Auguste Kirchhoffs [wikipedia.org] interpretation. And I don't see what OSX has to do with free software.

Stallman objects to closed source philosophically, and Windows especially. In addition to being proprietary, Stallman is arguing that Windows has features to report your use of Microsoft software and potentially lock you out (Windows Activation [microsoft.com] ), to add or delete software without warning (Windows Update [microsoft.com] ), to track you across any device around the world (Microsoft Account [microsoft.com] ), and to keep you from using the computer in inappropriate ways (Protected Media Path, [microsoft.com] Driver Signing, [microsoft.com] Secure Boot [microsoft.com] ). I don't see how he's wrong.

Somebody in the Chinese government seems to have noticed, and is now trying to get Windows banned [cnet.com] there.

My hope is that all who take this like will grow up and abandon their zealotry before they enter the workforce.

"The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man." - George Bernard Shaw

Re:It's Time To Move On. (0)

Anonymous Coward | about 5 months ago | (#47187709)

"from a technical level Windows is pretty secure."

stupid is as stupid does.

Re:It's Time To Move On. (1)

jones_supa (887896) | about 5 months ago | (#47187353)

Digital handcuffs are the most common malicious features. They restrict what you can do with the data in your own computer.

There's many sides to this. With all the bugs, missing features, and subpar performance, also free software restricts what I can do with my computer.

The ideas of free software can be beautiful, but if they produce crusty software which just makes my life unnecessarily more clunky compared to the proprietary alternative, it's a bit of a "meh" to me. To squeeze the most out of my computer is still the most important battle for me.

Dear Microsoft.... (5, Funny)

DigitalSorceress (156609) | about 5 months ago | (#47186951)

Dear Microsoft,

Dear gods, please catch a ride on the clue train. Businesses don't want Windows 8 - the retraining necessary is just too costly, and all the cool features involving touch are useless for the cube farm drones.

So just stop your stupid shit, realize the Windows 7 is your nex XP, make sure that Windows 9 undoes a lot of the silly bullshit, and maybe you won't completely jump the shark.

Um also while I (fail to) have your attention - the Ribbon is still stupid. Stop wasting my screen real estate and go back to proper menus. // yeah I know it's a pipe dream, but I needed to rant and rage.

Re:Dear Microsoft.... (5, Informative)

Cley Faye (1123605) | about 5 months ago | (#47186995)

You're very wrong when you say "all the cool features involving touch are useless for the cube farm drones."

After having played with a surface tablet and an "embedded" windows 8 computer (those things that combine the computer and the screen), I can tell you this about the touch features: they are broken by design, gets in the way of doing things (even moving a file is more complicated than using a mouse, and why doesn't the keyboard pop up when hitting a textbox?), and as such are useless for everyone, not just the cube farm drones.

Re:Dear Microsoft.... (1)

The MAZZTer (911996) | about 5 months ago | (#47187733)

The problem I have for Windows 8 is that the keyboard DOES pop up when hitting a textbox... when I have a hardware keyboard attached.

That said, I am developing a touch-friendly web app, so as a cube farm drone, touch is very useful for me. :)

Re:Dear Microsoft.... (1)

Cley Faye (1123605) | about 5 months ago | (#47187801)

Ooooh I only used the touch interface without a physical keyboard, that might explain things... ;)

Re:Dear Microsoft.... (5, Funny)

savuporo (658486) | about 5 months ago | (#47187067)

Dear Microsoft,

Please make Windows 9 touch only, do not give anyone any menu, use the well known principle of most surprise for the user interface design, break all possible APIs, come up with another Uncommon Language Runtime, force me log into everything with the same username and password security be damned, put Bing on the way of actually getting to internet and if you could Ribbon me another two three screenfuls, all would be dandy.

Only by implementing these urgent measures will you guarantee your local fanbase of 2 people will stay very loyal. And the rest can move on to better things and world will be a better place.

Thanks,
Your local detractor.

Re:Dear Microsoft.... (4, Interesting)

PrimaryConsult (1546585) | about 5 months ago | (#47187103)

I've successfully gotten die-hard MS Office users to use OpenOffice precisely because it had menus rather than the stupid ribbon. The Oracle branding helped, and I think the Apache one probably would be just as effective.

Re:Dear Microsoft.... (2)

JDAustin (468180) | about 5 months ago | (#47187283)

I still use Excel 2003 for 90% of my excel work as I still have several custom toolbars that cannot be recreated w/ the ribbon. Being able to do many repeated functions w/ one click makes a world of difference.

Re:Dear Microsoft.... (2)

LordLimecat (1103839) | about 5 months ago | (#47187165)

and all the cool features involving touch are useless for the cube farm drones.

Powershell 4.0 and 5.0, however, are not, nor is HyperV.

Sort of amazing that a supposedly technical community thinks that the only thing different about Windows 8 is the GUI.

Re:Dear Microsoft.... (2)

Richy_T (111409) | about 5 months ago | (#47187225)

And, of course, these are unavailable on 7 for purely technical reasons.

Re:Dear Microsoft.... (0)

Anonymous Coward | about 5 months ago | (#47187301)

Powershell is worthless. HyperV is great.

PS is worthless because, in order to do anything useful, you need to fire up visual studio. Give me a gnu userland any day.

Re:Dear Microsoft.... (0)

Anonymous Coward | about 5 months ago | (#47187293)

Hyper V is useful. We installed win8 on a bunch of machines on ou test network solely for the VM stuff. Then we decided to use VMware anyway. So the only reason we haven't switched back to Win7 (or linux since IT won't claim these machines anyway) is because we're all too lazy to install more software. I spend nearly all my time in ssh sessions or with Workstation fullscreened anyway. So it's not like the underlying OS matters too horribly much.

Re:Dear Microsoft.... (1)

PRMan (959735) | about 5 months ago | (#47187409)

I like the ribbon for one reason only. You can apply 5-6 settings at once and get a visual image of what it's going to look like. That saves a lot of time vs previous Office versions.

Naturally, they've done it before (4, Insightful)

Todd Knarr (15451) | about 5 months ago | (#47186953)

This is just an extension of the kind of coerced upgrade Microsoft's attempted before. With Vista and then with Win7, when they didn't take off on their own MS tried to force the issue by making the latest versions of IE and DirectX and such only available for Vista/7, not XP. This is the same thing: "Upgrade to Win8 or take the heat for running a vulnerable OS.". Thing is, it'll backfire the same way the "no latest DirectX on XP" did. Win7's such a large base that developers can't afford to write code that won't run on it, so they won't be able to use the new Win8-only safe functions. Which means applications will remain vulnerable on Win8, just like on Win7 where they also run.

Don't Tell Me This (4, Informative)

Nom du Keyboard (633989) | about 5 months ago | (#47186957)

I don't want to hear this. I just finished the migration from XP to Win7.
Do not want to go through that again for another 6 years.

Re:Don't Tell Me This (-1)

Anonymous Coward | about 5 months ago | (#47187061)

You'll probably get AIDS and die in 6 years anyway. Only faggots use Windoze.
 
Linux FTW!!!!

Re:Don't Tell Me This (0)

Anonymous Coward | about 5 months ago | (#47187173)

True your safe from getting Aids unless its from a blood transplant. Even your right hand wont have sex with you.

Is security a feature? (1)

Glasswire (302197) | about 5 months ago | (#47186967)

The interesting question is: should an OS vendor be able to sell a later generation of OS as "more secure" than a previous one as a feature to induce users to migrate to it, (clearly Microsoft's position on Win 8.1 vs Win 7 ) or does it have a responsibility to make all released product as reasonably secure as it can based on what it knows to and define features as capabilities, performance, etc outside of security?
I think it's fair for Microsoft to tout improvements like more secure kernel design or other elements that are core architectural advantages of a new OS (which cannot reasonably be replicated in earlier versions) but limiting fixes to common libraries, present in old and new OS, which have been found to be insecure, that could be patched for minimal effort in the old OS, to create an artificial distinction between old and new is not a security feature difference, it's a churlish forcing function. Win 8.1 is not better on security than Win 7 if the part of that difference depends on selectively responding to vulnerabilities.
Ironically, toward the end of it's life, XP got better support than Vista, because a Vista was a short-lived, poorly received follow-on that was quickly succeeded by Win 7. I'll predict that 3 years from now, after Win Next (9.0 or what ever) has been shipping for a while, the install base of Win 7 will still be far higher than that of Win 8.x and support (Microsoft and 3rd party drivers/apps) will be much better for Win 7 than it will be for Win 8.x. No doubt Microsoft will say it's most secure OS at that time will be Win 9.x but if it stopped providing critical patches to the second most popular OS way back in 2014, there's going to be trouble. (Anybody want to bet Microsoft at some point will be providing patches to vulnerabilities in Win 7 that they DON'T bother to do for Win 8.x because no one will care about "Vista-Next" anymore?)

Inside The Giant Spider's Den, hacking at webs (-1)

Anonymous Coward | about 5 months ago | (#47186973)

Microsoft Kinect Spy System

THIS ARTICLE IS BEING SCRUBBED FROM THE NET. THE SITE IT WAS ORIGINALLY POSTED TO YANKED THE PLUG ON THEIR WHOLE SITE!!! COPY/PASTE THIS ARTICLE AS MUCH AS POSSIBLE TO DISCUSSION FORUMS, BLOGS, FACEBOOK, TWITTER, AND ARCHIVE AND MIRROR THIS DOCUMENT SO IT DOES NOT VANISH FOREVER!

"So you just got the Kinect/Xbox360 gaming system and you're having fun, hanging out in your underwear, plopped down in your favorite lounge chair, and playing games with your buddies. Yeah, it's great to have a microphone and camera in your game system so you can "Kinect" to your pals while you play, but did you read that Terms of Service Agreement that came with your Kinect thingy? No? Here, let me point out an important part of that service agreement.

        If you accept the agreement, you "expressly authorize and consent to us accessing or disclosing information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft, our partners, or our customers, including the enforcement of our agreements or policies governing your use of the Service; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public."

Did you catch that? Here, let me print the important part in really big letters.

"If you accept the agreement, you expressly authorize and consent to us accessing or disclosing information about you, including the content of your communications⦠on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public."

OK, is that clear enough for ya? When you use the Kinect system, you agree to allow Microsoft (and any branch of law enforcement or government they care to share information with) to use your Kinect system to spy on you. Maybe run that facial recognition software to check you out, listen to your conversations, and keep track of who you are communicating with.

I know this is probably old news to some, but I thought I would mention it because it pertains to almost all of these home game systems that are interactive. You have to remember, the camera and microphone contained in your game system have the ability to be hacked by anyone the game company gives that ability to, and that includes government snoops and law enforcement agents.

Hey, it's MICROSOFT. What did you expect?

And the same concerns apply to all interactive game systems. Just something to think about if you're having a "Naked Wii party" or doing something illegal while you're gaming with your buddies. Or maybe you say something suspicious and it triggers the DHS software to start tracking your every word. Hey, this is not paranoia. It's spelled out for you, right there in that Service Agreement. Read it! Here's one more part of the agreement you should be aware of.

        "You should not expect any level of privacy concerning your use of the live communication features (for example, voice chat, video and communications in live-hosted gameplay sessions) offered through the Service."

Did you catch it that time? YOU SHOULD NOT EXPECT ANY LEVEL OF PRIVACY concerning your voice chat and video features on your Kinect box."

###

"Listen up, you ignorant sheep. Your government is spending more money than ever to spy on its own citizens. That's YOU, my friend. And if you're one of these people who say, "Well I ain't ever done nothing wrong so why should I worry about it?' - you are dead wrong. Our civil liberties are being taken away faster than you can spit. The NSA is working away on its new "First Intelligence Community Comprehensive National Cyber-security Initiative Data Center' to keep track of every last one of us. This thing will be the size of 17 football stadiums. One million square feet, all to be filled with more technology and data storage than you could imagine. And 30,000 spy drones are set to be launched over America which can each stay aloft for about 28 hours, traveling 300 miles per hour. WHY? Why do we want these things in our skies?

The military is now taking a keen interest in the Microsoft Kinect Spy System, the fastest selling electronic device in history. Conveniently self-installed in over 18 million homes, this seemingly innocent game system, armed with facial recognition programming and real-time recording of both sound and video, will be used by our own government to spy on and record us in our own homes.

And it doesn't stop there. Other game systems such as Nintendo's WWII are also being turned into government-controlled spy systems. WHY?

That's the real question. WHY?!!! Why is our own government spending billions and billions of dollars to spy on its own people? To keep us safe? Do you really believe that?"

Microsoft's Kinect System is Watching You
Published on Apr 5, 2012 by TheAlexJonesChannel:

https://www.youtube.com/watch?... [youtube.com]

###

Big Brother alert: Microsoft wants to know how many friends you've got in your living room

- http://blogs.telegraph.co.uk/t... [telegraph.co.uk]

By Mic Wright Gadgets Last updated: November 9th, 2012

- http://blogs.telegraph.co.uk/t... [telegraph.co.uk]

"One of Microsoft's latest patent applications[1] is a humdinger. It proposes to turn the Kinect camera into a snitch for movie studios, reporting back just how many friends you've got in your living room and what they're watching. Think that sounds alarmist? Here's what it actually says: "The users consuming the content on a display device are monitored so that if the number of user-views licensed is exceeded, remedial action may be taken." It's that blatant â" a system to spy on private viewing habits.

If put into practice, Microsoft's plan could mean that the film you're watching suddenly stops playing if it detects that you've got more people squashed on to the sofa than the licence allows. You'd then be prompted to buy a more expensive licence to keep watching. It's as if Big Brother had built 1984's Telescreen not to monitor the population but to ensure no one was pirating the Two Minutes Hate.

In all likelihood, Microsoft will struggle to actually apply this patent in the real world. While copyright holders would be delighted, customers would be turned off by such a draconian system. But that's what's interesting about this application and patent applications in general: they often reveal what companies would do if they could get away with it. The black and white drawings and blandly technical language can cover immoral, scary and downright evil ideas.

There was an even more striking example from Apple earlier this year[2]. In September, it was granted a patent for "Apparatus and methods for enforcement of policies upon a wireless device", i.e. a system allowing companies or governments to remotely disable mobile phones and tablets in a particular area.

While Apple mentions benign examples such as preventing phone calls from disturbing concerts or ensuring devices are switched off on planes, it also states: "Covert police or government operations may require complete "blackout" conditions." That's exactly the kind of feature certain governments would love to use to suppress pictures and videos. The patent Apple put its stamp on is a handy form of censorship regardless of whether it will ever apply it.

Last year, Google's chairman, Eric Schmidt, said that the company would hold off from creating a facial recognition service because it would be "crossing the creepy line". Still, Google has filed for and been granted extensive patents in the area and, as its Project Glass augmented reality goggles move forward, who knows when the "creepy line" will shift?"

[1] http://appft.uspto.gov/netacgi... [uspto.gov]

[2] http://www.zdnet.com/apple-pat... [zdnet.com]

(C) Copyright of Telegraph Media Group Limited 2012

###

"People are aware that Windows has bad security but they are underestimating the problem because they are thinking about third parties. What about security against Microsoft? Every non-free program is a âjust trust me program'. âTrust me, we're a big corporation. Big corporations would never mistreat anybody, would we?' Of course they would! They do all the time, that's what they are known for. So basically you mustn't trust a non free programme."

"There are three kinds: those that spy on the user, those that restrict the user, and back doors. Windows has all three. Microsoft can install software changes without asking permission. Flash Player has malicious features, as do most mobile phones."

"Digital handcuffs are the most common malicious features. They restrict what you can do with the data in your own computer. Apple certainly has the digital handcuffs that are the tightest in history. The i-things, well, people found two spy features and Apple says it removed them and there might be more""

From:

Richard Stallman: 'Apple has tightest digital handcuffs in history'
www.newint.org/features/web-exclusive/2012/12/05/richard-stallman-interview/

###

Nobody Seems To Notice and Nobody Seems To Care - Government & Stealth Malware

In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms 87

How many rootkits does the US[2] use officially or unofficially?

How much of the free but proprietary software in the US spies on you?

Which software would that be?

Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.

How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computer's files on the basis of faith alone?

If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, don't you?

I'm now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:

APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.

Where are the commercial or free anti-malware organizations and individual's products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or 'deleted/junk posts' forum section, someone or a team of individuals will mock you in various forms 'tin foil hat', 'conspiracy nut', and my favorite, 'where is the proof of these infections?' One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed you're using the proprietary Microsoft Windows OS. Now, let's move on to Linux.

The rootkit scanners for Linux are few and poor. If you're lucky, you'll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.

Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they don't call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and I've been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.

Don't let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting and picking through bad binaries. But this still will not touch the void of the APT malware described above which will survive any wipe of r/w media. I'm convinced, on both *nix and Windows, these pieces of APT malware are government in origin. Maybe not from the US, but most of the 'curious' malware I've come across in poisoned binaries, were written by someone with a good knowledge in English, some, I found, functioned similar to the now well known Flame malware. From my experience, either many forum/mailing list mods and malware developers/defenders are 'on the take', compromised themselves, and/or working for a government entity.

Search enough, and you'll arrive at some lone individuals who cry out their system is compromised and nothing in their attempts can shake it of some 'strange infection'. These posts receive the same behavior as I said above, but often they are lone posts which receive no answer at all, AT ALL! While other posts are quickly and kindly replied to and the 'strange infection' posts are left to age and end up in a lost pile of old threads.

If you're persistent, the usual challenge is to, "prove it or STFU" and if the thread is not attacked or locked/shuffled and you're lucky to reference some actual data, they will usually attack or ridicule you and further drive the discussion away from actual proof of APT infections.

The market is ripe for an ambitious company or individual to begin demanding companies and organizations who release firmware and design hardware to release signed and hashed packages and pour this information into the cloud, so everyone's BIOS is checked, all firmware on routers, NICs, and other devices are checked, and malware identified and knowledge reported and shared openly.

But even this will do nothing to stop backdoored firmware (often on commercial routers and other networked devices of real importance for government use - which again opens the possibility of hackers discovering these backdoors) people continue to use instead of refusing to buy hardware with proprietary firmware/software.

Many people will say, "the only safe computer is the one disconnected from any network, wireless, wired, LAN, internet, intranet" but I have seen and you can search yourself for and read about satellite, RF, temperature, TEMPEST (is it illegal in your part of the world to SHIELD your system against some of these APT attacks, especially TEMPEST? And no, it's not simply a CRT issue), power line and many other attacks which can and do strike computers which have no active network connection, some which have never had any network connection. Some individuals have complained they receive APT attacks throughout their disconnected systems and they are ridiculed and labeled as a nutter. The information exists, some people have gone so far as to scream from the rooftops online about it, but they are nutters who must have some serious problems and this technology with our systems could not be possible.

I believe most modern computer hardware is more powerful than many of us imagine, and a lot of these systems swept from above via satellite and other attacks. Some exploits take advantage of packet radio and some of your proprietary hardware. Some exploits piggyback and unless you really know what you're doing, and even then... you won't notice it.

Back to the Windows users, a lot of them will dismiss any strange activity to, "that's just Windows!" and ignore it or format again and again only to see the same APT infected activity continue. Using older versions of sysinternals, I've observed very bizarre behavior on a few non networked systems, a mysterious chat program running which doesn't exist on the system, all communication methods monitored (bluetooth, your hard/software modems, and more), disk mirroring software running[1], scans running on different but specific file types, command line versions of popular Windows freeware installed on the system rather than the use of the graphical component, and more.

[1] In one anonymous post on pastebin, claiming to be from an intel org, it blasted the group Anonymous, with a bunch of threats and information, including that their systems are all mirrored in some remote location anyway.

[2] Or other government, US used in this case due to the article source and speculation vs. China. This is not to defend China, which is one messed up hell hole on several levels and we all need to push for human rights and freedom for China's people. For other, freer countries, however, the concentration camps exist but you wouldn't notice them, they originate from media, mostly your TV, and you don't even know it. As George Carlin railed about "Our Owners", "nobody seems to notice and nobody seems to care".

[3] http://www.stallman.org/ [stallman.org]

Try this yourself on a wide variety of internet forums and mailing lists, push for malware scanners to scan more than files, but firmware/BIOS. See what happens, I can guarantee it won't be pleasant, especially with APT cases.

So scan away, or blissfully ignore it, but we need more people like RMS[3] in the world. Such individuals tend to be eccentric but their words ring true and clear about electronics and freedom.

I believe we're mostly pwned, whether we would like to admit it or not, blind and pwned, yet fiercely holding to misinformation, often due to lack of self discovery and education, and "nobody seems to notice and nobody seems to care".

(Remotely Attacking Network Cards)
http://theinvisiblethings.blog... [blogspot.com]

(Persistent BIOS Infection)
http://www.phrack.org/issues.h... [phrack.org]

(BIOS --> Vbootkit code(from CD,PXE etc.) --> MBR --> NT Boot sector --> Windows Boot manager --> Windows Loader --> Vista Kernel)
http://www.securityfocus.com/c... [securityfocus.com]

(The ROMOS project)
http://web.archive.org/web/201... [archive.org]

Secure boot is Microsoft's attempt to maintain computer OS market share as their influences is being stripped away by the likes of Google (Android) and Apple (iOS). With HTML5 on the way, we will have WEB based applications that rival desktop versions, and run on ANY device. The OS is just a layer to get to where the real work gets done, information exchange.

AND the worst part is, secure boot doesn't actually fix the problem it pretends it solves. It can't. This is the whole DRM of DVD's and BluRay all over again. Look at how well that is working out.

DRM is broken by design."
- linux.slashdot.org/comments.pl?sid=2985953&cid=40681007

"Richard Stallman has finally spoken out on this subject. He notes that 'if the user doesn't control the keys, then it's a kind of shackle, and that would be true no matter what system it is.' He says, 'Microsoft demands that ARM computers sold for Windows 8 be set up so that the user cannot change the keys; in other words, turn it into restricted boot.' Stallman adds that 'this is not a security feature. This is abuse of the users. I think it ought to be illegal.'""
- linux.slashdot.org/story/12/07/17/2326253/richard-stallman-speaks-about-uefi

I'm concerned about new rootkits which target PCI devices, such as the graphics card and the optical drives, also, BIOS. Where are the malware scanners which scan PCI devices and BIOS for mismatches? All firmware, BIOS and on PCI devices should be checksummed and saved to match with others in the cloud, and archived when the computer is first used, backing up signed firmware.

When do you recall seeing signed router firmware upgrades with any type of checksum to check against? Same for PCI devices and optical drives and BIOS.

Some have begun with BIOS security:

http://www.biosbits.org/ [biosbits.org]

Some BIOS has write protection in its configuration, a lot of newer computers don't.

###

CIA Head: We Will Spy On Americans Through Electrical Appliances
Global information surveillance grid being constructed; willing Americans embrace gadgets used to spy on them
http://www.prisonplanet.com/ci... [prisonplanet.com]

###

Comparing the unique pattern of the frequencies on an audio recording with a database that has been logging these changes for 24 hours a day, 365 days a year provides a digital watermark: a date and time stamp on the recording.
Philip Harrison, from JP French Associates, another forensic audio laboratory that has been logging the hum for several years, says: "Even if [the hum] is picked up at a very low level that you cannot hear, we can extract this information." It is a technique known as Electric Network Frequency (ENF) analysis, and it is helping forensic scientists to separate genuine, unedited recordings from those that have been tampered with."
- http://www.bbc.co.uk/news/scie... [bbc.co.uk]
- http://cryptogon.com/?p=32789 [cryptogon.com]

###

"I'd worry about a Tempest virus that polled a personal computer's
CD-ROM drive to pulse the motor as a signalling method:

* Modern high-speed CD-ROM drive motors are both acoustically and
electrically noisy, giving you two attack methods for the price of one;

* Laptop computer users without CRTs, and the PC users that can afford
large LCD screens instead of CRTs, often have CD-ROM drives;

* Users are getting quite used to sitting patiently while their
CD-ROM drives grind away for no visibly obvious reason (but
that's quite enough about the widespread installs of software from
Microsoft CD-ROMs that prompted Kuhn's investigation in the first place.)"

http://catless.ncl.ac.uk/Risks... [ncl.ac.uk]

###

"I'd worry about a Tempest virus that polled a personal computer' personal computer' CD-ROM drive"

Yes and the hard drive and in some PC's the cooling fans as well are under CPU control.

You can also do it with PC's where the CPU does not control the fan, but the hardware has a simple thermal sensor to control it's speed. You do this by simply having a process that uses power expensive instructions in tight loops, thus raising the CPU temprature (it's one of the side channels I was considering a long time ago when thinking about how the temp inside the case changed various things including the CPU clock XTAL frequency).

The change in sound side channel is one of the first identified problems with Quantum Key Distribution. Basicaly the bod who came up with the idea whilst first testing the idea could tell the state of "Alice's polarizer" simply by the amount of noise it made...

The CD-ROM motor idea I'd heard befor but could not remember where till I followed your link.

Dr Lloyd Wood has worked with the UK's Surrey Uni, the European Space Agency and Americas NASA and one or two other places as part of his work for Surrey Satellite Technology Ltd. He has been involved with CLEO (Cisco router in Low Earth Orbit) and other work on what's being called "The Space Internet".

Of interest is his work on Delay and Disruption Tolerant Networks (DTN). It's not been said "publicaly" as far as I'm aware but the work has aspects that are important to anonymity networks such as TOR.

You can read more on Dr Wood's DTN work etc at,

Lloyd Wood - Delay-Tolerant Networking work
http://personal.ee.surrey.ac.u... [surrey.ac.uk]

The UK occupies an odd position in the "Space Race" it is the only nation who having put a satellite into space then stopped further space rocket development (the Black Knight launch platform was considerably safer and more economic than the then US and CCCP systems). The UK has however continued in the Space Game and is perhaps the leading designers of payloads for scientific and industrial satellites (it probably is on military sats as well but nobody who knows for sure is telling ;-)

Clive Robinson
Schneier on Security: Information-Age Law Enforcement Techniques
http://www.schneier.com/blog/a... [schneier.com]

###

Schneier has covered it before: power line fluctuations (differences on the wire in keys pressed).

Thereâ(TM)s thermal attacks against cpus and temp, also:

ENF (google it)

A treat (ENF Collector in Java):

sourceforge dot net fwdslash projects fwdslash nfienfcollector

No single antimalware scanner exists which offers the ability to scan (mostly proprietary) firmware on AGP/PCI devices (sound cards, graphics cards, usb novelty devices excluding thumb drives), BIOS/CMOS.

If you boot into ultimate boot cd you can use an archane text interface to dump BIOS/CMOS and examine/checksum.

The real attacks which survive disk formats and wipes target your PCI devices and any firmware which may be altered/overwritten with something special. It is not enough to scan your hard drive(s) and thumb drives, the real dangers with teeth infect your hardware devices.

When is the last time you:

Audited your sound card for malware?
Audited your graphics card for malware?
Audited your network card for malware?

Google for:

* AGP and PCI rootkit(s)
* Network card rootkit(s)
* BIOS/CMOS rootkit(s)

Our modern PC hardware is capable of much more than many can imagine.

Do you:

        Know your routerâ(TM)s firmware may easily be replaced on a hackerâ(TM)s whim?
        Shield all cables against leakage and attacks
        Still use an old CRT monitor and beg for TEMPEST attacks?
        Use TEMPEST resistant fonts in all of your applications including your OS?
        Know whether or not your wired keyboard has keypresses encrypted as they pass to your PC from the keyboard?
        Use your PC on the grid and expose yourself to possible keypress attacks?
        Know your network card is VERY exploitable when plugged into the net and attacked by a hard core blackhat or any vicious geek with the know how?
        Sarch out informative papers on these subjects and educate your friends and family about these attacks?
        Contact antimalware companies and urge them to protect against many or all these attacks?

Do you trust your neighbors? Are they all really stupid when it comes to computing or is there a geek or two without a conscience looking to exploit these areas?

The overlooked threat are the potential civilian rogues stationed around you, especially in large apartment blocks who feed on unsecured wifi to do their dirty work.

With the recent news of Russian spies, whether or not this news was real or a psyop, educate yourself on the present threats which all antimalware scanners fail to protect against and remove any smug mask you may wear, be it Linux or OpenBSD, or the proprietary Windows and Mac OS you feel are properly secured and not vulnerable to any outside attacks because you either donâ(TM)t need an antivirus scanner (all are inept to serious attacks) or use one or several (many being proprietary mystery machines sending data to and from your machine for many reasons, one is to share your information with a group or set database to help aid in threats), the threats often come in mysterious ways.

Maybe the ancients had it right: stone tablets and their own unique language(s) rooted in symbolism.

###

âoeDisconnect your PC from the internet and donâ(TM)t add anything you didnâ(TM)t create yourself. It worked for the NOC list machine in Mission Impossibleâ

The room/structure was likely heavily shielded, whereas most civvies donâ(TM)t shield their house and computer rooms. There is more than meets the eye to modern hardware.

Google:

network card rootkits and trojans
pci rootkits
packet radio
xmit âoefm fingerprintingâ software
âoespecific emitter identificationâ
forums(dot)qrz(dot)com

how many malware scanners scan bios/cmos and pci/agp cards for malware? zero, even the rootkit scanners. have you checksummed/dumped your bios/cmos and firmware for all your pci/agp devices and usb devices, esp vanity usb devices in and outside the realm of common usb devices (thumbdrives, external hdds, printers),

Unless your computer room is shielded properly, the computers may still be attacked and used, Iâ(TM)ve personally inspected computers with no network connection running mysterious code in the background which task manager for windows and the eqiv for *nix does not find, and this didnâ(TM)t find it all.

Inspect your windows boot partition in *nix with hexdump and look for proxy packages mentioned along with command line burning programs and other oddities. Computers are more vulnerable than most would expect.

You can bet all of the malware scanners today, unless they are developed by some lone indy coder in a remote country, employ whitelisting of certain malware and none of them scan HARDWARE devices apart from the common usb devices.

Your network cards, sound cards, cd/dvd drives, graphics cards, all are capable of carrying malware to survive disk formatting/wiping.

Boot from a Linux live cd and use hexdump to examine your windows (and *nix) boot sectors to potentially discover interesting modifications by an unknown party.

Re: Inside The Giant Spider's Den, hacking at webs (0)

Anonymous Coward | about 5 months ago | (#47187017)

First off: Too long; didn't read.

But seriously, people knew about the lack of privacy using a Kinect way before the Xbox One was even released, it was well publicized and MS received backlash over it.

This is like people using Facebook for 5 years and then hearing that they might be being tracked... DUH!

Get a clue, man.

Re:Inside The Giant Spider's Den, hacking at webs (1)

meerling (1487879) | about 5 months ago | (#47187019)

Somebody please mod that AC idiot offtopic, and maybe a few other things as well, and let the rest of us get back to ragging on microsoft for not doing the security patches on win7.

Re:Inside The Giant Spider's Den, hacking at webs (1)

Anonymous Coward | about 5 months ago | (#47187029)

tl;dr

Anyway, I only take me advice from APK.

Still sticking with XP... (-1, Troll)

Livius (318358) | about 5 months ago | (#47186977)

And now I know that migrating to Windows 7 would have been pointless anyway. (Plus I saved the direct expense and the 2 - 3 days lost productivity looking up how to undo the user interface damage.)

Re:Still sticking with XP... (0)

Anonymous Coward | about 5 months ago | (#47187009)

You own a 1974 Volkswagen, don't you?

Re:Still sticking with XP... (0)

Anonymous Coward | about 5 months ago | (#47187045)

Except that programs are running faster on Windows XP than on Windows 7, because the OS take less CPU resources.

Bang! Idiot destroyed.

Re:Still sticking with XP... (1)

asmkm22 (1902712) | about 5 months ago | (#47187035)

Probably best that you didn't bother upgrading if it would have taken you 2 to 3 days to learn the differences between XP and 7...

Re:Still sticking with XP... (0)

Livius (318358) | about 5 months ago | (#47187241)

Two to three days to *fix* the differences between XP and Windows 7.

Re:Still sticking with XP... (3, Insightful)

Mashiki (184564) | about 5 months ago | (#47187089)

Yep, Windows 7 and XP are so fundamentally different in terms of the UI that it *might* have taken you all of 15 minutes to learn the differences.

And of course if it was Windows 8, it might have taken you all of 10 minutes to install a UI shell which would have made the experience exactly the same. Then again if your internet is the equivalent of a string between two cans, I can see it taking 2-3 days to find this out.

Re:Still sticking with XP... (2)

Darinbob (1142669) | about 5 months ago | (#47187691)

I take it you don't have to support an older relative who lives a long distance away who calls you up every time an icon changes location. If Windows is only for the experts then it should be labeled as such, and leave Linux for the beginners.

let the hand wringing begin (0)

Anonymous Coward | about 5 months ago | (#47186985)

So basically what happened is that as part of developing 8 and 8.1, Microsoft improved the security model in various places. This is done in every major OS release from every vendor. You wanted the latest and greatest? Then upgrade.

It's not as if there are unpatched vulnerabilities that are being left in there. But neither the submitted or other commenteds so far seem to understand that.

That is scummy. (-1)

Anonymous Coward | about 5 months ago | (#47186989)

Sure, fine, lock major DirectX versions to Windows versions. Fine, lock major Office versions.
Sure, let's remove the common windowing system and change things around with no rhyme or reason.
Sure, remove useful features and never replace them.
BUT SECURITY? Hell naw. That is where it just goes from annoying to evil.
I thought even Microsoft were better than this. Seems they have fallen much farther than ever before.

Still prefer them over Google right now. Google are ruining their services harder than Microsoft are, by far.
That Google Maps update is seriously amateur. It is atrocious.
Slower, uglier, less intuitive, clicking misfires at times and ZOOMS IN to areas, they added that ass smooth-stop crap to it, which if you try to stop manually, usually causes the click misfire to zoom, that stupid images view in satellite, coming out of street view always goes back to map view, street view itself is hilariously bad, what the hell did they do to it, it used to be the best feature, now it is the WORST. Not to mention it still shows my childhood in it.
Poor poor game Google. Now even Microsoft are better than you.
At least Bing Maps is reasonably up to date. I only see my teen years in that.
I wonder how much they are going to ruin Gmail with this new update that is coming within the year.
I swear, I should seriously just drop Gmail. It has gotten slower over the years and now this update is going to ruin it even further all because tablet-shit age of websites.

Why are companies so terrible?
Why do they keep ruining things?
Why do they need to fix things that aren't broken?
Microsoft in particular could make so much more money and all while being reasonably Good.
They sorta half did that with the application store, but it is so obtuse it is barely worth it.
They need to step their game up. Hard.

Re:That is scummy. (1)

jones_supa (887896) | about 5 months ago | (#47187393)

Nerd rage, the funniest form of rage.

Windows Tax (1)

BoRegardless (721219) | about 5 months ago | (#47186993)

Pay the upgrade or you deal with the "other" costs.

Apple is pushing the envelope: Free OS updates. Works on their hardware back 4-5 years.

My suspicion is MS, likewise, must get into the hardware business & become vertical.

Re:Windows Tax (2)

BoRegardless (721219) | about 5 months ago | (#47187013)

"14% of Windows personal computers were on Windows 8", noted by Tim Cook vs "51% of Macs on Mavericks"

Heavily fractured ecosystems are difficult for both OS & App suppliers. What is "working" in the real world.

Where are we going?

Re:Windows Tax (1)

bondsbw (888959) | about 5 months ago | (#47187119)

That means about 12.3% of computers are Windows 8 vs. 3.7% Mavericks. So take from that what you will.

Re:Windows Tax (1)

Belial6 (794905) | about 5 months ago | (#47187695)

That was my first thought on the numbers. For all of the "Everyone is now buying Macs." that we keep getting astroturfed with, OSX market share is still far closer to that of Desktop Linux than it is Windows adoption. (Of course, we have to limit the linux market share to "Desktop" because it would otherwise completely eclipse OSX market share.)

Article is dumb. (3, Insightful)

Kaenneth (82978) | about 5 months ago | (#47187001)

These are mostly new functions added for Windows 8, they don't exist in the Windows 7 SDK.

If you wrote your programs to use them, they wouldn't work on 7, only 8, which everyone seems to hate.

If MS added them to a patch for 7, there would then be 2 fragmented versions of Windows 7, so if a customer calls you asking if your software works on Windows 7, you would have to ask if they have installed KB######, and they would say 'I don't know.', or they might lie and say yes, or no, and you'll have to walk them through checking installed Windows updates...

Dude, you left me hanging! (0)

Anonymous Coward | about 5 months ago | (#47187205)

These are mostly new functions added for Windows 8, they don't exist in the Windows 7 SDK.

If you wrote your programs to use them, they wouldn't work on 7, only 8, which everyone seems to hate.

If MS added them to a patch for 7,

written from scratch,

there would then be 2 fragmented versions of Windows 7

and wouldn't be done.

And that is why windows 7 would be shunned.

Re:Article is dumb. (1)

msobkow (48369) | about 5 months ago | (#47187367)

Have you ever noticed the runtime libraries that application installers check for and auto-install while installing the application?

Is there some reason you couldn't do the same for these magical Win7 patch libraries/DLLs?

Re:Article is dumb. (0)

Anonymous Coward | about 5 months ago | (#47187587)

This "fragmentation" situation has happened before. Say, requires XP SP2 or greater. The versioning model is the service pack.

Nope, not gonna downgrade to Windows 9 (5, Interesting)

penguinoid (724646) | about 5 months ago | (#47187011)

Sorry Microsoft, people use your product for two reasons: 1) it's well entrenched 2) it's easy to use and familiar. If you want them to switch from win 7 to win 8, you have to do it by ruining the usability of win 7, not its security.

Re:Nope, not gonna downgrade to Windows 9 (0)

Anonymous Coward | about 5 months ago | (#47187403)

If you want them to switch from win 7 to win 8, you have to do it by ruining the usability of win 7, not its security.

Aha! Just dump metro your captive Windows 7 audience, MS.

It's not like changing OS core radically in between Windows versions is new; the [optional] IE4 installs had major changes to Win95's explorer shell behavior, beyond the largest one (remember Active Desktop? well how about the fact that JPEG wallpapers were impossible until then?). The PC had to reboot twice after that one, and on 4MB ram the experience was much slower after that. Updated File copy dialogs were slower even for single item copies.

Metro would still be pretty huge a change for a non-number upgrade, but at that point, Win7 Metro would leave you cursed with little to do but move forward for security updates. Genius.

Amazed (1)

asmkm22 (1902712) | about 5 months ago | (#47187027)

I'm just amazed that no matter how horrible Microsoft handles their Windows dominance, there is literally no competitor ready to pick up the slack. Open Source is largely a joke when it comes to most businesses, and Apple seems more interested in the hipster and grandma crowd than actual networks. Where is the competition? It's like Microsoft has managed to reach a natural position of "too big to fail." Is it just because the young startups are more interested in creating the next Cloud Service (tm) or Flappy Birds? Is it a funding issue, where you can't get VC support on something that won't show a massive return in under a year? What's the deal?

Re:Amazed (3, Interesting)

Funk_dat69 (215898) | about 5 months ago | (#47187057)

Why would anyone new enter a market that has clearly peaked? Smartphones and tablets are replacing PCs for web surfing, video watching, social media, email and some gaming. You basically have your enthusiast gamers (not really that big of a market) content creators and developers left.
And I don't see how you call open source a joke. The only thing funny is that some people still look to Microsoft or Apple to tell them what technology to use. Why?
Windows 8 is a very confused product, reflecting the confusion of it's parent company.

Who needs this crap? Give Linux a chance. On the server it's a no-brainer. On the desktop, it takes some getting used to, but it is more than adequate for what you need from desktop OS.

Re:Amazed (1)

asmkm22 (1902712) | about 5 months ago | (#47187115)

My clients range from property management to law firms to multi-million dollar construction contractors. Every single one of them has one or more bits of software that won't run on Linux. Quickbooks, Sage products, Office (to properly open files their clients send), medical software, etc, all depends on Windows. "More than adequate" simply doesn't cut it.

Re:Amazed (2)

Attila Dimedici (1036002) | about 5 months ago | (#47187305)

Let's see, you have clients who need software that only runs on Windows...and you ask why no competitor has come out with an OS to compete with Windows? Um maybe the answer is because there are so many business applications that only run on Windows?

Re:Amazed (1)

Funk_dat69 (215898) | about 5 months ago | (#47187397)

There are small business accounting software applications for Linux. Now maybe your or your clients prefer ones that are not on Linux, but that doesn't mean others are not satisfied with them when running Linux.

Check out GnuCash or Lazy8. Also quickbooks online works with Linux.

Re:Amazed (1)

Belial6 (794905) | about 5 months ago | (#47187743)

I am still confounded by the fact that any businesses send or are willing to accept files other than PDF or CSV. Really I get that there are some extreamly unusual cases where something else might be needed, but for 99.999% of all cases anything that could be sent as an MSOffice file would be better served as a PDF or CSV file.

Re:Amazed (0)

Anonymous Coward | about 5 months ago | (#47187223)

Or maybe, just maybe, writing an OS, driver, and productivity application ecosystem to appease a large majority of people in the REAL WORLD is HARD.

GUIs on Linux are at at better advantage because they get to pick and choose what works and what doesn't, based on what Microsoft attempts to do first.

Microsoft comes out with a feature or element that is a huge success: copy it
Microsoft comes out with a feature or element that is an embarrassing failure: claim you're better because you don't have that feature.

Re:Amazed (1)

Anonymous Coward | about 5 months ago | (#47187431)

GUIs on Linux are at at better advantage because they get to pick and choose what works and what doesn't, based on what Microsoft attempts to do first.

I haven't seen that kind of trend in the OSS world. Linux desktop environments are usually something between Windows and Mac, and just when all the bugs are ironed out, the whole damn thing is completely rewritten from scratch. Rinse and repeat.

Re:Amazed (0)

Anonymous Coward | about 5 months ago | (#47187405)

You are right about one thing: Open Source is a joke.

Windows 8 would be fine without that new UI (1)

Joe_Dragon (2206452) | about 5 months ago | (#47187031)

Windows 8 would be fine without that new UI.

Enterprise users are on 7 and moving to 8 now when windows 9 maybe hear next year and some have just moved to windows 7?

While you get 3rd party tools to make windows 8 like windows 7 in Enterprise useing them can be iffy.

Re:Windows 8 would be fine without that new UI (0)

Anonymous Coward | about 5 months ago | (#47187281)

It's just fine with the new UI. Faggots, assholes, and idiots have always bitched about UI changes. That won't ever change. With a growing population, the number of those people is continuously rising. Hence, increased bitching. 99% of these people NEVER understood how to customize the original start menu and left their desktop splattered with shortcuts of which only about 15% of them they actually use frequently. Fuck em'.

Giant Spider's Blood (-1)

Anonymous Coward | about 5 months ago | (#47187081)

### Stay Thirsty My Friends ###

Microsoft Kinect Spy System

THIS ARTICLE IS BEING SCRUBBED FROM THE NET. THE SITE IT WAS ORIGINALLY POSTED TO YANKED THE PLUG ON THEIR WHOLE SITE!!! COPY/PASTE THIS ARTICLE AS MUCH AS POSSIBLE TO DISCUSSION FORUMS, BLOGS, FACEBOOK, TWITTER, AND ARCHIVE AND MIRROR THIS DOCUMENT SO IT DOES NOT VANISH FOREVER!

"So you just got the Kinect/Xbox360 gaming system and you're having fun, hanging out in your underwear, plopped down in your favorite lounge chair, and playing games with your buddies. Yeah, it's great to have a microphone and camera in your game system so you can "Kinect" to your pals while you play, but did you read that Terms of Service Agreement that came with your Kinect thingy? No? Here, let me point out an important part of that service agreement.

        If you accept the agreement, you "expressly authorize and consent to us accessing or disclosing information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft, our partners, or our customers, including the enforcement of our agreements or policies governing your use of the Service; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public."

Did you catch that? Here, let me print the important part in really big letters.

"If you accept the agreement, you expressly authorize and consent to us accessing or disclosing information about you, including the content of your communications⦠on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public."

OK, is that clear enough for ya? When you use the Kinect system, you agree to allow Microsoft (and any branch of law enforcement or government they care to share information with) to use your Kinect system to spy on you. Maybe run that facial recognition software to check you out, listen to your conversations, and keep track of who you are communicating with.

I know this is probably old news to some, but I thought I would mention it because it pertains to almost all of these home game systems that are interactive. You have to remember, the camera and microphone contained in your game system have the ability to be hacked by anyone the game company gives that ability to, and that includes government snoops and law enforcement agents.

Hey, it's MICROSOFT. What did you expect?

And the same concerns apply to all interactive game systems. Just something to think about if you're having a "Naked Wii party" or doing something illegal while you're gaming with your buddies. Or maybe you say something suspicious and it triggers the DHS software to start tracking your every word. Hey, this is not paranoia. It's spelled out for you, right there in that Service Agreement. Read it! Here's one more part of the agreement you should be aware of.

        "You should not expect any level of privacy concerning your use of the live communication features (for example, voice chat, video and communications in live-hosted gameplay sessions) offered through the Service."

Did you catch it that time? YOU SHOULD NOT EXPECT ANY LEVEL OF PRIVACY concerning your voice chat and video features on your Kinect box."

###

"Listen up, you ignorant sheep. Your government is spending more money than ever to spy on its own citizens. That's YOU, my friend. And if you're one of these people who say, "Well I ain't ever done nothing wrong so why should I worry about it?' - you are dead wrong. Our civil liberties are being taken away faster than you can spit. The NSA is working away on its new "First Intelligence Community Comprehensive National Cyber-security Initiative Data Center' to keep track of every last one of us. This thing will be the size of 17 football stadiums. One million square feet, all to be filled with more technology and data storage than you could imagine. And 30,000 spy drones are set to be launched over America which can each stay aloft for about 28 hours, traveling 300 miles per hour. WHY? Why do we want these things in our skies?

The military is now taking a keen interest in the Microsoft Kinect Spy System, the fastest selling electronic device in history. Conveniently self-installed in over 18 million homes, this seemingly innocent game system, armed with facial recognition programming and real-time recording of both sound and video, will be used by our own government to spy on and record us in our own homes.

And it doesn't stop there. Other game systems such as Nintendo's WWII are also being turned into government-controlled spy systems. WHY?

That's the real question. WHY?!!! Why is our own government spending billions and billions of dollars to spy on its own people? To keep us safe? Do you really believe that?"

Microsoft's Kinect System is Watching You
Published on Apr 5, 2012 by TheAlexJonesChannel:

https://www.youtube.com/watch?... [youtube.com]

###

Big Brother alert: Microsoft wants to know how many friends you've got in your living room

- http://blogs.telegraph.co.uk/t... [telegraph.co.uk]

By Mic Wright Gadgets Last updated: November 9th, 2012

- http://blogs.telegraph.co.uk/t... [telegraph.co.uk]

"One of Microsoft's latest patent applications[1] is a humdinger. It proposes to turn the Kinect camera into a snitch for movie studios, reporting back just how many friends you've got in your living room and what they're watching. Think that sounds alarmist? Here's what it actually says: "The users consuming the content on a display device are monitored so that if the number of user-views licensed is exceeded, remedial action may be taken." It's that blatant â" a system to spy on private viewing habits.

If put into practice, Microsoft's plan could mean that the film you're watching suddenly stops playing if it detects that you've got more people squashed on to the sofa than the licence allows. You'd then be prompted to buy a more expensive licence to keep watching. It's as if Big Brother had built 1984's Telescreen not to monitor the population but to ensure no one was pirating the Two Minutes Hate.

In all likelihood, Microsoft will struggle to actually apply this patent in the real world. While copyright holders would be delighted, customers would be turned off by such a draconian system. But that's what's interesting about this application and patent applications in general: they often reveal what companies would do if they could get away with it. The black and white drawings and blandly technical language can cover immoral, scary and downright evil ideas.

There was an even more striking example from Apple earlier this year[2]. In September, it was granted a patent for "Apparatus and methods for enforcement of policies upon a wireless device", i.e. a system allowing companies or governments to remotely disable mobile phones and tablets in a particular area.

While Apple mentions benign examples such as preventing phone calls from disturbing concerts or ensuring devices are switched off on planes, it also states: "Covert police or government operations may require complete "blackout" conditions." That's exactly the kind of feature certain governments would love to use to suppress pictures and videos. The patent Apple put its stamp on is a handy form of censorship regardless of whether it will ever apply it.

Last year, Google's chairman, Eric Schmidt, said that the company would hold off from creating a facial recognition service because it would be "crossing the creepy line". Still, Google has filed for and been granted extensive patents in the area and, as its Project Glass augmented reality goggles move forward, who knows when the "creepy line" will shift?"

[1] http://appft.uspto.gov/netacgi... [uspto.gov]

[2] http://www.zdnet.com/apple-pat... [zdnet.com]

(C) Copyright of Telegraph Media Group Limited 2012

###

"People are aware that Windows has bad security but they are underestimating the problem because they are thinking about third parties. What about security against Microsoft? Every non-free program is a 'just trust me program'. 'Trust me, we're a big corporation. Big corporations would never mistreat anybody, would we?' Of course they would! They do all the time, that's what they are known for. So basically you mustn't trust a non free programme."

"There are three kinds: those that spy on the user, those that restrict the user, and back doors. Windows has all three. Microsoft can install software changes without asking permission. Flash Player has malicious features, as do most mobile phones."

"Digital handcuffs are the most common malicious features. They restrict what you can do with the data in your own computer. Apple certainly has the digital handcuffs that are the tightest in history. The i-things, well, people found two spy features and Apple says it removed them and there might be more""

From:

Richard Stallman: 'Apple has tightest digital handcuffs in history'
www.newint.org/features/web-exclusive/2012/12/05/richard-stallman-interview/

###

Nobody Seems To Notice and Nobody Seems To Care - Government & Stealth Malware

In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms 87

How many rootkits does the US[2] use officially or unofficially?

How much of the free but proprietary software in the US spies on you?

Which software would that be?

Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.

How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computer's files on the basis of faith alone?

If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, don't you?

I'm now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:

APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.

Where are the commercial or free anti-malware organizations and individual's products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or 'deleted/junk posts' forum section, someone or a team of individuals will mock you in various forms 'tin foil hat', 'conspiracy nut', and my favorite, 'where is the proof of these infections?' One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed you're using the proprietary Microsoft Windows OS. Now, let's move on to Linux.

The rootkit scanners for Linux are few and poor. If you're lucky, you'll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.

Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they don't call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and I've been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.

Don't let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting and picking through bad binaries. But this still will not touch the void of the APT malware described above which will survive any wipe of r/w media. I'm convinced, on both *nix and Windows, these pieces of APT malware are government in origin. Maybe not from the US, but most of the 'curious' malware I've come across in poisoned binaries, were written by someone with a good knowledge in English, some, I found, functioned similar to the now well known Flame malware. From my experience, either many forum/mailing list mods and malware developers/defenders are 'on the take', compromised themselves, and/or working for a government entity.

Search enough, and you'll arrive at some lone individuals who cry out their system is compromised and nothing in their attempts can shake it of some 'strange infection'. These posts receive the same behavior as I said above, but often they are lone posts which receive no answer at all, AT ALL! While other posts are quickly and kindly replied to and the 'strange infection' posts are left to age and end up in a lost pile of old threads.

If you're persistent, the usual challenge is to, "prove it or STFU" and if the thread is not attacked or locked/shuffled and you're lucky to reference some actual data, they will usually attack or ridicule you and further drive the discussion away from actual proof of APT infections.

The market is ripe for an ambitious company or individual to begin demanding companies and organizations who release firmware and design hardware to release signed and hashed packages and pour this information into the cloud, so everyone's BIOS is checked, all firmware on routers, NICs, and other devices are checked, and malware identified and knowledge reported and shared openly.

But even this will do nothing to stop backdoored firmware (often on commercial routers and other networked devices of real importance for government use - which again opens the possibility of hackers discovering these backdoors) people continue to use instead of refusing to buy hardware with proprietary firmware/software.

Many people will say, "the only safe computer is the one disconnected from any network, wireless, wired, LAN, internet, intranet" but I have seen and you can search yourself for and read about satellite, RF, temperature, TEMPEST (is it illegal in your part of the world to SHIELD your system against some of these APT attacks, especially TEMPEST? And no, it's not simply a CRT issue), power line and many other attacks which can and do strike computers which have no active network connection, some which have never had any network connection. Some individuals have complained they receive APT attacks throughout their disconnected systems and they are ridiculed and labeled as a nutter. The information exists, some people have gone so far as to scream from the rooftops online about it, but they are nutters who must have some serious problems and this technology with our systems could not be possible.

I believe most modern computer hardware is more powerful than many of us imagine, and a lot of these systems swept from above via satellite and other attacks. Some exploits take advantage of packet radio and some of your proprietary hardware. Some exploits piggyback and unless you really know what you're doing, and even then... you won't notice it.

Back to the Windows users, a lot of them will dismiss any strange activity to, "that's just Windows!" and ignore it or format again and again only to see the same APT infected activity continue. Using older versions of sysinternals, I've observed very bizarre behavior on a few non networked systems, a mysterious chat program running which doesn't exist on the system, all communication methods monitored (bluetooth, your hard/software modems, and more), disk mirroring software running[1], scans running on different but specific file types, command line versions of popular Windows freeware installed on the system rather than the use of the graphical component, and more.

[1] In one anonymous post on pastebin, claiming to be from an intel org, it blasted the group Anonymous, with a bunch of threats and information, including that their systems are all mirrored in some remote location anyway.

[2] Or other government, US used in this case due to the article source and speculation vs. China. This is not to defend China, which is one messed up hell hole on several levels and we all need to push for human rights and freedom for China's people. For other, freer countries, however, the concentration camps exist but you wouldn't notice them, they originate from media, mostly your TV, and you don't even know it. As George Carlin railed about "Our Owners", "nobody seems to notice and nobody seems to care".

[3] http://www.stallman.org/ [stallman.org]

Try this yourself on a wide variety of internet forums and mailing lists, push for malware scanners to scan more than files, but firmware/BIOS. See what happens, I can guarantee it won't be pleasant, especially with APT cases.

So scan away, or blissfully ignore it, but we need more people like RMS[3] in the world. Such individuals tend to be eccentric but their words ring true and clear about electronics and freedom.

I believe we're mostly pwned, whether we would like to admit it or not, blind and pwned, yet fiercely holding to misinformation, often due to lack of self discovery and education, and "nobody seems to notice and nobody seems to care".

(Remotely Attacking Network Cards)
http://theinvisiblethings.blog... [blogspot.com]

(Persistent BIOS Infection)
http://www.phrack.org/issues.h... [phrack.org]

(BIOS --> Vbootkit code(from CD,PXE etc.) --> MBR --> NT Boot sector --> Windows Boot manager --> Windows Loader --> Vista Kernel)
http://www.securityfocus.com/c... [securityfocus.com]

(The ROMOS project)
http://web.archive.org/web/201... [archive.org]

Secure boot is Microsoft's attempt to maintain computer OS market share as their influences is being stripped away by the likes of Google (Android) and Apple (iOS). With HTML5 on the way, we will have WEB based applications that rival desktop versions, and run on ANY device. The OS is just a layer to get to where the real work gets done, information exchange.

AND the worst part is, secure boot doesn't actually fix the problem it pretends it solves. It can't. This is the whole DRM of DVD's and BluRay all over again. Look at how well that is working out.

DRM is broken by design."
- linux.slashdot.org/comments.pl?sid=2985953&cid=40681007

"Richard Stallman has finally spoken out on this subject. He notes that 'if the user doesn't control the keys, then it's a kind of shackle, and that would be true no matter what system it is.' He says, 'Microsoft demands that ARM computers sold for Windows 8 be set up so that the user cannot change the keys; in other words, turn it into restricted boot.' Stallman adds that 'this is not a security feature. This is abuse of the users. I think it ought to be illegal.'""
- linux.slashdot.org/story/12/07/17/2326253/richard-stallman-speaks-about-uefi

I'm concerned about new rootkits which target PCI devices, such as the graphics card and the optical drives, also, BIOS. Where are the malware scanners which scan PCI devices and BIOS for mismatches? All firmware, BIOS and on PCI devices should be checksummed and saved to match with others in the cloud, and archived when the computer is first used, backing up signed firmware.

When do you recall seeing signed router firmware upgrades with any type of checksum to check against? Same for PCI devices and optical drives and BIOS.

Some have begun with BIOS security:

http://www.biosbits.org/ [biosbits.org]

Some BIOS has write protection in its configuration, a lot of newer computers don't.

###

CIA Head: We Will Spy On Americans Through Electrical Appliances
Global information surveillance grid being constructed; willing Americans embrace gadgets used to spy on them
http://www.prisonplanet.com/ci... [prisonplanet.com]

###

Comparing the unique pattern of the frequencies on an audio recording with a database that has been logging these changes for 24 hours a day, 365 days a year provides a digital watermark: a date and time stamp on the recording.
Philip Harrison, from JP French Associates, another forensic audio laboratory that has been logging the hum for several years, says: "Even if [the hum] is picked up at a very low level that you cannot hear, we can extract this information." It is a technique known as Electric Network Frequency (ENF) analysis, and it is helping forensic scientists to separate genuine, unedited recordings from those that have been tampered with."
- http://www.bbc.co.uk/news/scie... [bbc.co.uk]
- http://cryptogon.com/?p=32789 [cryptogon.com]

###

"I'd worry about a Tempest virus that polled a personal computer's
CD-ROM drive to pulse the motor as a signalling method:

* Modern high-speed CD-ROM drive motors are both acoustically and
electrically noisy, giving you two attack methods for the price of one;

* Laptop computer users without CRTs, and the PC users that can afford
large LCD screens instead of CRTs, often have CD-ROM drives;

* Users are getting quite used to sitting patiently while their
CD-ROM drives grind away for no visibly obvious reason (but
that's quite enough about the widespread installs of software from
Microsoft CD-ROMs that prompted Kuhn's investigation in the first place.)"

http://catless.ncl.ac.uk/Risks... [ncl.ac.uk]

###

"I'd worry about a Tempest virus that polled a personal computer' personal computer' CD-ROM drive"

Yes and the hard drive and in some PC's the cooling fans as well are under CPU control.

You can also do it with PC's where the CPU does not control the fan, but the hardware has a simple thermal sensor to control it's speed. You do this by simply having a process that uses power expensive instructions in tight loops, thus raising the CPU temprature (it's one of the side channels I was considering a long time ago when thinking about how the temp inside the case changed various things including the CPU clock XTAL frequency).

The change in sound side channel is one of the first identified problems with Quantum Key Distribution. Basicaly the bod who came up with the idea whilst first testing the idea could tell the state of "Alice's polarizer" simply by the amount of noise it made...

The CD-ROM motor idea I'd heard befor but could not remember where till I followed your link.

Dr Lloyd Wood has worked with the UK's Surrey Uni, the European Space Agency and Americas NASA and one or two other places as part of his work for Surrey Satellite Technology Ltd. He has been involved with CLEO (Cisco router in Low Earth Orbit) and other work on what's being called "The Space Internet".

Of interest is his work on Delay and Disruption Tolerant Networks (DTN). It's not been said "publicaly" as far as I'm aware but the work has aspects that are important to anonymity networks such as TOR.

You can read more on Dr Wood's DTN work etc at,

Lloyd Wood - Delay-Tolerant Networking work
http://personal.ee.surrey.ac.u... [surrey.ac.uk]

The UK occupies an odd position in the "Space Race" it is the only nation who having put a satellite into space then stopped further space rocket development (the Black Knight launch platform was considerably safer and more economic than the then US and CCCP systems). The UK has however continued in the Space Game and is perhaps the leading designers of payloads for scientific and industrial satellites (it probably is on military sats as well but nobody who knows for sure is telling ;-)

Clive Robinson
Schneier on Security: Information-Age Law Enforcement Techniques
http://www.schneier.com/blog/a... [schneier.com]

###

Schneier has covered it before: power line fluctuations (differences on the wire in keys pressed).

There's thermal attacks against cpus and temp, also:

ENF (google it)

A treat (ENF Collector in Java):

sourceforge dot net fwdslash projects fwdslash nfienfcollector

No single antimalware scanner exists which offers the ability to scan (mostly proprietary) firmware on AGP/PCI devices (sound cards, graphics cards, usb novelty devices excluding thumb drives), BIOS/CMOS.

If you boot into ultimate boot cd you can use an archane text interface to dump BIOS/CMOS and examine/checksum.

The real attacks which survive disk formats and wipes target your PCI devices and any firmware which may be altered/overwritten with something special. It is not enough to scan your hard drive(s) and thumb drives, the real dangers with teeth infect your hardware devices.

When is the last time you:

Audited your sound card for malware?
Audited your graphics card for malware?
Audited your network card for malware?

Google for:

* AGP and PCI rootkit(s)
* Network card rootkit(s)
* BIOS/CMOS rootkit(s)

Our modern PC hardware is capable of much more than many can imagine.

Do you:

        Know your router's firmware may easily be replaced on a hacker's whim?
        Shield all cables against leakage and attacks
        Still use an old CRT monitor and beg for TEMPEST attacks?
        Use TEMPEST resistant fonts in all of your applications including your OS?
        Know whether or not your wired keyboard has keypresses encrypted as they pass to your PC from the keyboard?
        Use your PC on the grid and expose yourself to possible keypress attacks?
        Know your network card is VERY exploitable when plugged into the net and attacked by a hard core blackhat or any vicious geek with the know how?
        Sarch out informative papers on these subjects and educate your friends and family about these attacks?
        Contact antimalware companies and urge them to protect against many or all these attacks?

Do you trust your neighbors? Are they all really stupid when it comes to computing or is there a geek or two without a conscience looking to exploit these areas?

The overlooked threat are the potential civilian rogues stationed around you, especially in large apartment blocks who feed on unsecured wifi to do their dirty work.

With the recent news of Russian spies, whether or not this news was real or a psyop, educate yourself on the present threats which all antimalware scanners fail to protect against and remove any smug mask you may wear, be it Linux or OpenBSD, or the proprietary Windows and Mac OS you feel are properly secured and not vulnerable to any outside attacks because you either don't need an antivirus scanner (all are inept to serious attacks) or use one or several (many being proprietary mystery machines sending data to and from your machine for many reasons, one is to share your information with a group or set database to help aid in threats), the threats often come in mysterious ways.

Maybe the ancients had it right: stone tablets and their own unique language(s) rooted in symbolism.

###

'Disconnect your PC from the internet and don't add anything you didn't create yourself. It worked for the NOC list machine in Mission Impossible'

The room/structure was likely heavily shielded, whereas most civvies don't shield their house and computer rooms. There is more than meets the eye to modern hardware.

Google:

network card rootkits and trojans
pci rootkits
packet radio
xmit 'fm fingerprinting' software
'specific emitter identification'
forums(dot)qrz(dot)com

how many malware scanners scan bios/cmos and pci/agp cards for malware? zero, even the rootkit scanners. have you checksummed/dumped your bios/cmos and firmware for all your pci/agp devices and usb devices, esp vanity usb devices in and outside the realm of common usb devices (thumbdrives, external hdds, printers),

Unless your computer room is shielded properly, the computers may still be attacked and used, I've personally inspected computers with no network connection running mysterious code in the background which task manager for windows and the eqiv for *nix does not find, and this didn't find it all.

Inspect your windows boot partition in *nix with hexdump and look for proxy packages mentioned along with command line burning programs and other oddities. Computers are more vulnerable than most would expect.

You can bet all of the malware scanners today, unless they are developed by some lone indy coder in a remote country, employ whitelisting of certain malware and none of them scan HARDWARE devices apart from the common usb devices.

Your network cards, sound cards, cd/dvd drives, graphics cards, all are capable of carrying malware to survive disk formatting/wiping.

Boot from a Linux live cd and use hexdump to examine your windows (and *nix) boot sectors to potentially discover interesting modifications by an unknown party.

Re:Giant Spider's Blood (1)

ledow (319597) | about 5 months ago | (#47187095)

TL;DR

(but wrote you off as a nutter anyway)

Hitting The Geek's Berzerk Button (2)

westlake (615356) | about 5 months ago | (#47187085)

From a post to the The Register:

NumptyScrub :

The fact that these extra functions are aimed at developers, and as far as I can tell are intended to provide bounds checked variables (e.g. protected against buffer overflow shenanigans) could be cause for some concern. It does not count as a fix of existing broken functionality though, so I don't see how it would qualify as MS ''ending support'' for Win7 if they chose not to add these extras to all existing OSs of theirs.

Redmond is patching Windows 8 but NOT Windows 7, say security bods [theregister.co.uk]

This is super! (-1)

Anonymous Coward | about 5 months ago | (#47187099)

I hope Windows users will see how greedy Microsoft is and stop using it!
Windows sucks on many levels, so move on to good OS like what MAC uses or a Linux OS!

My explaination (2)

yuhong (1378501) | about 5 months ago | (#47187195)

Well, it is relatively cheap to do things like this during development of a new major version but relatively expensive to do a security update or hotfix, so they need proof there is actually an exploitable bug, though they will often review surrounding code and do additional fixes when developing security updates.

Dear Microsopft (0)

Anonymous Coward | about 5 months ago | (#47187213)

Every time I hear what this company is doing or not doing next, I have to take a shit.

Do they still sell windows 7? (1)

nurb432 (527695) | about 5 months ago | (#47187287)

If not, that is what you get for using out of date software. Get your wallet out and climb on board the upgrade train, or accept the situation and be happy.

Sarcasm aside, who honestly expects a company to support non-products ? I dont.

Re:Do they still sell windows 7? (0)

Anonymous Coward | about 5 months ago | (#47187477)

Except that Microsoft has promised to support Windows 7 until January 2020 [microsoft.com] .

Re:Do they still sell windows 7? (1)

Belial6 (794905) | about 5 months ago | (#47187763)

Really? I expect every reputable company to do that. They don't tend to support them forever, but if they drop support as soon as a new version comes out, I don't trust buying the new product from them.

Squeeze blood from the rocks! (1, Insightful)

Your Average Joe (303066) | about 5 months ago | (#47187339)

I say de-support all OSes but Windows Server 2012r2 and Windows 8.1 x64!

Force all users to buy the latest OS and use it! I am sure the shareholders will LOVE that card trick.

Open source many eyes is pure BULLSHIT PR (0)

Anonymous Coward | about 5 months ago | (#47187433)

Debian had a REDUCED ENTROPY random number generator for TWO YEARS

https://www.schneier.com/blog/archives/2008/05/random_number_b.html

All these claims of openness and MANY EYES, is PURE BULLSHIT.

These features are HIGH SECURITY IMPACTING, HBI (High Business impact) yet open source FAILED for TWO YEARS.

Linux is NOT the answer.

Re:Open source many eyes is pure BULLSHIT PR (2)

Poingggg (103097) | about 5 months ago | (#47187639)

First: how long would this have lasted when the source had not been open? Three years? Four? Ten?
Second: The article you mention is from 2008, SIX years old so no longer relevant,
Third: Open Source is not ideal, nor is Closed Source. But WHEN a fault is found in OSS, as a rule it will be fixed. Failures may exist in CSS for long times, and be exploited, without anyone but the exploiter knowing about it. And when such a failure is exposed, you have to wait if and when the maker of the software fixes it.
So, OSS is, as a rule, safer then CSS. Maybe Linux is not THE answer, Windows should not even be asked for.

Maybe... (0)

Anonymous Coward | about 5 months ago | (#47187491)

all you crotchety nerds should stop whining. Windows 8 and 2012 are here and are the future. If you can't sell it to your business, you're doing it wrong. But hey, keep your old OSes. There will be more jobs for me. Dear Microsoft, please keep innovating and providing a solid platform for those of us that actually see what your products can do.

Re:Maybe... (1)

symbolset (646467) | about 5 months ago | (#47187621)

You tell 'em! "Get over it. It's not like you have a choice. We have all your data locked up in proprietary apps on our proprietary system so there is no escape. Your helpless pleas only bring us joy. We have no compassion for you, you feeble wretch. Hahahahaha."

I absolutely HATE to say this but... apk (0)

Anonymous Coward | about 5 months ago | (#47187557)

Sometimes, Microsoft REALLY disappoints me: & I'm one of their BIGGEST fanboys out there + possibly certainly here as well on this forums - they're turning into the Roman Empire near its decline (then again, so is the USA)... I suppose it's really the nature of man himself & greed.

I say that, since we all KNOW it doesn't have to be that way... but, there's how it OUGHT to be, & then there's the way it really is.... especially due to the TRUE "root of all evil" the big crap table, the stockmarket - since when all that matters becomes money in the end for a company (& it should be about QUALITY PRODUCT, or the money goes "bye bye" eventually when folks wise up to that fact happening when it's not), it's over, or near to it, & you're on the way down.

APK

P.S.=> Where's it all come from? The "top" of their mgt. chain & boards of directors, like anything else does in a stratified organization... I wish "King Billy" would come back in there & "clean house", I really do - beneath him, MS could essentially do no wrong & was batting a 1000 constantly imo @ least (for the most part, most of the time) - that doesn't seem to be the case anymore. I just hope they do a GREAT JOB on Windows 9, bringing back the desktop interface we all used for decades last seen in Windows 7, & concentrate on shoring up their code vs. security issues + of course, optimizations for speed/performance too & STEERING CLEAR OF "CLOUDIFYING" IT & THEIR OFFICE SUITES... & per my subject-line? I don't *think* that's going to happen, @ least not on ALL counts I just noted... makes me sad, like it does anything in life - especially when I see GREAT THINGS start to go bad!

... apk

Re:I absolutely HATE to say this but... apk (5, Insightful)

Opportunist (166417) | about 5 months ago | (#47187829)

MS is the IBM of the new century. No, really.

IBM was the "computer company" up 'til about the 1980s. You could simply not ignore IBM if you had anything to do with computers in a way that goes beyond hobbyist interests. You had a company and that company used computers? You had IBM. You might have had some other tools and toys, but the core of your computer system, the backbone, the framework and pretty much everything that was relevant to actually getting and keeping your computer system running was IBM.

This of course led to some serious hubris by IBM. The same "my way or the highway" attitude you can see in MS today. We tell you what you buy and you will eat our shit and call it chocolate fudge. I guess it goes without say that this didn't really sit too well with the various companies, but, well, what can you do? If you need computers in your company, you can't ignore IBM.

Times changed and PCs came, and IBM ignored them as petty machines that don't fit their paradigm of the mainframe - terminal ideal. They did enter the PC market halfheartedly, but when they noticed that the PC is here to stay, they tried to regain control over it. The MCA [wikipedia.org] illustrates this very well. It was a bus vastly superior to the (then standard) ISA bus. Their licensing practice ignored completely the emerging PC clone market, though, the market that became more and more important as small companies and private people wanted to use PCs and considered money a deciding factor for the choice of computers. Add that companies so far using IBM wanted to get out of their stranglehold and one can easily see why the "clones" became more and more popular and why a bus that was at least on par with the later very popular PCI bus never became popular or widely supported by third party manufacturers.

MS is now following that "my way or the highway" hubris. I guess they need to learn it, too, that you can only force people to drink your cool-aid as long as they don't have an alternative.

No matter how you "upgrade" Win8 (0)

Opportunist (166417) | about 5 months ago | (#47187717)

Coming from Win7, it still is invariably a downgrade.

How about the delete problem (1, Interesting)

Murdoch5 (1563847) | about 5 months ago | (#47187731)

Windows 7 is the only operating system I have ever used that has trouble deleting information from the Operating System. I just had to deal with being told that a file / folder didn't exist and couldn't be removed. This kind of issue, even though small, shows the lack of refinement and the false young nature of the Operating System. In contrast Linux is the adult in the Operating System war, I'm not saying that just to blow smoke or be a Linux fan boy, I'm saying that because when I run into issues in Windows, I don't run into them in Linux.

This is not news (0)

Anonymous Coward | about 5 months ago | (#47187741)

It is widely known that Microsoft ended support for Windows 7 at the same time it ended support for XP.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?