Reasons to Avoid Microsoft
These pages are a compilation of links and quotes to news articles and
others sources that might help convince you to switch to Linux.
Next 25 Articles
Warning: Missing argument 6 for item(), called in /var/www/lugod/microsoft/index.php on line 637 and defined in /var/www/lugod/microsoft/includes.php on line 38
- Double MyDoom for Internet Explorer flaw
The viruses use a vulnerability in Microsoft's Internet Explorer 6.0
that allows an attacker to run a program on a computer just by getting
the user to click on a link.
- ATMs in peril from computer worms?
Some anti-virus firms are trying to carve out a new market for
their technology by trying to persuade banks that Automatic Teller
Machines (ATMs) running Windows need protecting from computer
worms. ... 'Previously isolated cash machines can now be infected by
self-launching network viruses via the banks' IP networks. Infections
have the potential to bring down ATM machines, incurring downtime,
customer dissatisfaction and increased costs fixing infected
- ASP.NET Security Flaw Can Bypass Password
A security flaw in Microsoft's ASP.NET technology could allow
intruders to enter password-protected areas of a web site by altering
a URL. ... It also apparently allows authenticated users to bypass
password protection on administrative areas of a site.
- New, dangerous Microsoft JPEG exploit released
New computer code that exploits a recently disclosed hole in Microsoft
Articles) Corp.'s Internet Explorer Web browser is circulating on
the Internet and could allow remote attackers to take full control
of vulnerable Windows machines, according to warnings from antivirus
companies and Internet security experts. ... The new exploits could be
spread by a virus in corrupted JPEG images sent as e-mail attachments
or served from Web sites.
- Hackers Jump On Reported Windows Flaws
Tuesday, Microsoft noted that a bug in Windows XP, Windows XP SP1,
and Windows Server 2003, as well as many of the company's flagship
applications, could allow attackers to grab control of PCs. ... Because
the [flaw] is widespread--not only in the operating systems but also
in such popular applications as those in the Office XP and Office 2003
suites--administrators may be hard-pressed to patch before an exploit
is circulating. ... Worse, even patched systems can later be turned
into vulnerable computers, Weafer adds, if applications with the flawed
image processing .dll are later installed on made-safe PCs.
- Windows XP SP2 Has a Dangerous Hole
Windows XP Service Pack 2 promises to raise the security
bar for the sometimes beleaguered operating system. Unfortunately,
one of the new features could be spoofed so that it reports misleading
information about system security, or worse, lets a malicious program
watch for an opportunity to do damage without being detected. ... it's
almost like Microsoft has given attackers the path, door and keys,
Windows itself contains a test utility, WBEMTEST.EXE, that allows
you to view, add and edit the values in the [Windows Management
Instrumentation, where firewall and security information is managed.]
- Winamp Skin File Arbitrary Code Execution Vulnerability
A vulnerability has been reported in Winamp,
which can be exploited by malicious people to compromise a user's
- Meet the Peeping Tom worm
A worm that has the capability to using webcams to spy
on users is circulating across the Net. Rbot-GR, the latest variant
of a prolific worm series, spreads via network shares, exploiting a
number of Microsoft security vulnerabilities to drop a backdoor Trojan
horse program on vulnerable machines as it propagates. Once a backdoor
program is installed on a victim's PC it's game over and an attacker
can do whatever takes their fancy. ... 'If your computer is infected
and you have a webcam plugged in, then everything you do in front of
the computer can be seen, and everything you say can be recorded...'
- Is Microsoft's Firewall Secure?
Some say Win XP SP2 enhancements cause conflicts, don't protect as
claimed. [The] software suffers from two major flaws, critics say:
it does not block outbound traffic, and it can be switched off by
another application, possibly even by a clever worm.
- Microsoft Internet Explorer Multiple Vulnerabilities
in Internet Explorer [allow] malicious people to bypass security
restrictions and potentially compromise a vulnerable system. ...
Successful exploitation allows execution of arbitrary script code in the
context of another website. This could potentially allow execution of
arbitrary code in other security zones too. ... Successful exploitation
may potentially cause users to open harmful files or do other harmful
actions without knowing it.
- U.S., citing security concerns, steers consumers away from IE
of Homeland Security's U.S. Computer Emergency Readiness Team touched
off a storm this week when it recommended for security reasons using
browsers other than Microsoft Corp.'s Internet Explorer. ... The
particular virus initiated this week ... allows keystroke analysis of
user information. The target is believed to be credit card numbers. CERT
estimated that as many as tens of thousands of Web sites may [have been
infected with the malicious code, via a vulnerability in Microsoft's
'Internet Information Services' webserver software].
- Security Group Warns Of Newly Discovered IE Flaw
Internet Explorer doesn't block
malicious Web sites from inserting 'arbitrary content' in an arbitrary
frame in a browser window ... [The] malicious content will appear
as if it originated from a trusted site, which is an attack commonly
known as spoofing.
- New scam targets bank customers
The victim of the attack found that a file ... been
loaded onto their machine. ... The second half of the file consists
of a ['Browser Helper Object', which Internet Explorer loads when
it starts up]. Created BHO's then have access to all the events and
properties of that browsing session. This particular BHO watches for
HTTPS (secure) access to URLs of several dozen banking and financial
sites in multiple countries. [The malicious code] grabs any outbound
POST/GET data from within IE before it is encrypted by SSL.
- Internet Explorer Is Just Too Risky
People who browsed there on Windows
computers got infected with malicious code without downloading
anything. ... The biggest security problem in IE, one that has plagued
Microsoft and its customers for at least four years and is at the
heart of the recent exploit, is a flaw that lets a Web site trick the
browser into running an alien program in violation of its own security
settings. In effect, an unknown program on a Web site is treated as
though it were a trusted program on your computer. Compromised Web
sites can covertly install programs ranging from nuisances that cause
ad pop-ups to real threats that record your keystrokes, allowing the
site to steal your passwords and account information.
- Web browser flaw prompts warning
Users are being told to avoid using Internet Explorer
until Microsoft patches a serious security hole in it. The loophole
is being exploited to open a backdoor on a PC that could let criminals
take control of a machine. The threat of infection is so high because
the code created to exploit the loophole has somehow been placed on
many popular websites.
- Microsoft warns on IIS 5 and IE attack
of web pages that, when executed, attempts to access a file hosted
on another server. 'This file may contain malicious code that can
affect the end user's system. US-CERT is investigating the origin of
the IIS 5 compromises and the impact of the code that is downloaded
to end-user systems,' the organisation said.
- DoS Attack May Tap Web Graphics Flaw
When visitors to a few particular Web sites-including
popular auction, shopping and price-comparison sites-request pages
that include the malicious graphics, the code automatically downloads
itself onto their machines. Once installed, the code unpacks itself
and loads a keystroke logger on the PC. NetSec officials said the
attack seems to exploit a vulnerability in Internet Explorer.
- Internet Explorer carved up by zero-day hole
Two new vulnerabilities have been
discovered in Internet Explorer which allow a complete bypass of
security and provide system access to a computer, including the
installation of files on someone's hard disk without their knowledge,
through a single click. Worse, the holes have been discovered from
analysis of an existing link on the Internet and a fully functional
demonstration of the exploit have been produced and been shown to affect
even fully patched versions of Explorer. ...finally [another part of
the attack takes advantage of] an exploit that Microsoft Corp. has
been aware of since August 2003 but hasn't patched.
- Zombie PCs spew out 80% of spam
Four-fifths of spam now emanates from computers
contaminated with Trojan horse infections... Trojans and worms
with backdoor components such as Migmaf and SoBig have turned
infected Windows PCs into drones in vast networks of compromised
zombie PCs. Instead of using open mail relays or unscrupulous hosts
(so-called 'bullet-proof' hosting - in reality, ISPs in developing
countries who pull the plug on spammers when enough complaints are
received by their upstream provider), spammers are using compromised
machines to get their junk mail out. Many security firms reckons many
of the most well-publicized worm attacks in recent months (such as
MyDoom and Bagle) were launched expressly to install spam Trojans on
unsuspecting end users' machines - waiting to be utilized later as a
spam delivery relay.
- Microsoft Discloses Huge Number Of Windows Vulnerabilties
The total number of vulnerabilities in the four security bulletins tallied
an astounding 20 separate flaws in Windows and Outlook Express. ...
Sixteen of the 20 vulnerabilities can be exploited remotely, the most
dangerous type of bug because hackers can conduct an attack over the
Internet. ... The most severe of the dozen-plus-two vulnerabilities -- six of
the bugs are rated 'Critical' -- could allow an attacker to take complete
control of an system, including installing programs, deleting data, or
creating new user accounts that have full access privileges.
- Vulnerability in Internet Explorer ITS Protocol Handler
[A] vulnerability in Microsoft Internet Explorer (IE) could allow an
attacker to execute arbitrary code with the privileges of the user running
IE. The attacker could also read and manipulate data on web sites in other
domains or zones.
- 'Witty' Worm Wrecks Computers
A quickly spreading Internet worm destroyed or damaged tens of thousands of
personal computers worldwide Saturday morning by exploiting a security flaw
in a firewall program designed to protect PCs from online threats... Unlike
many recent worms that arrive as e-mail attachments, it spreads automatically
to vulnerable computers without any action on the part of the user.
- Spammers target home PCs
You may hate getting spam but unless you are careful you could be
responsible for sending some of it. It is estimated that at least
one-third of all junk mail messages is being relayed by home computers.
And to make matters worse your humble home PC was probably turned into
a spam-spewing relay by one or more computer viruses.
- Lurking 'spyware' may be a security weak spot
One in twenty computers with an internet connection may be harbouring
unwanted 'spyware' programs that can record a user's computer use, generate
nuisance pop-up ads and may pose a security risk, suggests a US study. ...
Spyware may record a user's keystrokes or web browsing activity for
market-research purposes. Or it may cause pop-up adverts to appear when a
user is browsing the web. Some programs may even alter browser settings to
redirect to a particular search engine. Many are difficult to remove without
special software tools.
- Does open source software enhance security?
There are advantages to openness per se, though not the one most often
cited. Open source developers have got to be more careful and
security-conscious than their closed-source counterparts. This encourages
a better product overall. There is a corresponding disadvantage in
closed-source software: obscurity may inconvenience blackhats a bit and help
limit the number of potential attackers, but it works only so long as
obscurity is maintained. Secrecy can be useful, but it is a fragile defense.
Once the code is released, the software becomes an easier target than it
once had been; but because it was developed with the assumption that it
would not be released, it is likely to be sloppier and easier to exploit
than [Open Source code].
Collection originally created by, donated to LUGOD by,
and maintained by
Microsoft, Internet Explorer, Outlook, IIS, XP, XBox, etc. are
trademarks or registered trademarks of Microsoft.
Linux is a trademark of Linus Torvalds.
Most category icons created by Bill Kendrick.