After reading comments on this blog by supporters of that other OS and critics of GNU/Linux I was shocked (really, “How is this possible?” and “I don’t believe this is happening.” shocked…) to read some of the details of recently patched vulnerabilities in that other OS.
The matter is that one of the vulnerabilities allows privilege escalation for a local user. That’s just like in the movies where a guy logs in and steals the crown jewels… The matter is that deep in the heart of that other OS is a piece of code that deals with the layout of the keyboard, you know, “is it a US/UK/French keyboard and such?”. The software creates a “callback” and does not check the parameters properly. That is, the system will allow the user to have arbitrary code executed allowing anything to be done to the system.
See the problem? Users wanting to mess up IT to extend coffee-break, spy on the other user, open the blue-print to project Zulu-4, or divert information to the foreign power paying him handsomely, can do whatever they want. A spy-master could just provide the puppet a USB drive or a link with something to be clicked and do anything with the system.
M$ classifies this vulnerability with catastrophic possibilies “important”… and it occurs in just about every version of that other OS since XP, including 64bit and Itanium versions. Gasp. It doesn’t get much more important does it?
The sad thing from a global IT perspective is that the jokers at M$, having pushed crapware to the world suffer no consequences while putting the safety/security/livlihood of a billion people at risk. Where is the justice? The pawns who believe security is paramount at M$ are blind to the fact that to make this happen, M$ must have copied the same buggy code for a decade on everything they touched. No rewriting. No code-review. No examination of anything not uttered by the bosses who are all salesmen. Come on. It’s Computer Science 101. Check everything, because if anything can go wrong it will and in the worst possible way.
This is a sharp example of what I call bloat and spaghetti code. Callbacks for a keyboard layout? Get real. M$ deliberately chose to ignore security for the benefit of adding some useless feature so the salesmen could say the stuff was new and improved. It was neither new nor improved. It was old and worse than what they had in ancient days.
I recommend Debian GNU/Linux. It’s an operating system designed by paranoids for paranoids and it takes care of you and your data.
and, if you are not in tears already, you can read what M$ wrote about it at
Microsoft Security Bulletin MS12-047 – Important : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523)
It reads like a weather report with a stalled high-pressure region overhead. No guilt/shame is expressed. No public execution of the miscreants who wrote this malware for the world. Fire them all. Use GNU/Linux.