Reasons to Avoid Microsoft
These pages are a compilation of links and quotes to news articles and
others sources that might help convince you to switch to Linux.
Next 25 Articles
Warning: Missing argument 6 for item(), called in /var/www/lugod/microsoft/index.php on line 637 and defined in /var/www/lugod/microsoft/includes.php on line 38
- Your Loss, Their Gain
A little advice for any company looking to sell off part of its operations
during these troubled times -- you might want to check with Microsoft first
to see how much it's going to cost you. ...Software Assurance is that very
expensive maintenance program Microsoft pushed on volume-license customers
last year by eliminating separate upgrade pricing. ... Did this mean SA
customers would lose their investment on licenses that were part of a
transfer? '...you become obligated to pay for the years that remain on the
SA agreement covering those computers, but that agreement is terminated and
Microsoft provides no further upgrades under it. The acquiring party just
gets the rights to the current versions you already had on those computers.'
... Microsoft will [receive additional] license costs without providing a
- Microsoft Warns Windows Users About Flaw
Microsoft Corp. on Wednesday warned about a serious flaw in all versions of
its popular Windows software that could allow hackers to seize control of a
person's computer when victims read e-mails or visit Web sites. ... It was
particularly unusual because it affected so many different versions of
Windows, from Windows 98 to its latest Windows XP editions.
- Microsoft WinXP Update spies on other PC software
Microsoft extracts more information from a person's PC when the update
Windows facility is used running the WinXP operating system. ... [The data]
transferred to Microsoft Central whenever you connect to its update web
site ... [includes] a list of all of the software installed on an
individual's computer, including [3rd party software].
- Microsoft Media Player logs users' DVD picks
[Microsoft's] media player software keeps track of what DVDs are played
on a PC and shares that information with the software maker via the
Internet... The server is given a unique fingerprint for the DVD and the
media player client, allowing Microsoft to track what movies are watched
on a particular PC... A user could uncover what movies another user is
connects to a Microsoft server for an exchange of data...
- Experts: Microsoft security gets an 'F'
Computer security experts say the recent 'SQL Slammer' worm, the worst in
more than a year, is evidence that Microsoft's year-old security push is not
working. 'Trustworthy Computing is failing ... now I'd give it an 'F.''
... 'It would be much better if the software shipped from Microsoft with
fewer problems to begin with.'
- Sneaky Toolbar Hijacks Browsers
Xupiter is an Internet Explorer toolbar program. Once active in a system,
it periodically changes users' designated homepages to xupiter.com,
redirects all searches to Xupiter's site, and blocks any attempts to
restore the original browser settings. ...
Several versions of Xupiter also appear to download other programs, such
as gambling games, which later appear in pop-up windows. Xupiter's site
claims the toolbar isn't installed without express permission, but many
insisted that they had not agreed to install the program.
- Virus-like attack slows Web traffic
The outbreak was so severe that while it infected only back-end Internet
computers, general e-mail use and Web browsing were slowed by its effects.
... Within a few hours, 25,000 back-end database servers [running
Microsoft SQL Server] had been infected... nearly 20 percent of Internet
traffic was lost during the frantic morning attack...
- Microsoft Warns of New Vulnerabilities in Windows
Microsoft ... warned customers about a series of new vulnerabilities in
its Windows system, including one that could allow malicious programs
written in Java to take over a computer. The vulnerabilities are in
Microsoft's Virtual Machine for Java, which is in all versions of Windows
since Windows 98... Computer users could be affected by any of the eight
vulnerabilities by visiting a Web page that contains malicious Java codei
- Really critical hole in Microsoft Web software
ust one day after raising the threshold beyond which it considers security
vulnerabilities 'critical,' Microsoft Corp released a security advisory
saying there is a 'critical' hole in its browsers and web servers that could
cause serious problems, even if it is patched. ... 'This vulnerability is
rated critical because an attacker could take over an IIS server or an
Internet Explorer client and run code,' Microsoft warned. ... To make matters
worse, it is currently possible to make patched systems vulnerable again,
Microsoft said. A malicious attacker would be able to reintroduce the
vulnerable control with just a specially [written] HTML document.
Users that have their browsers configured to trust Microsoft-signed ActiveX
controls by default would have the vulnerability reintroduced without their
- DANGEROUS new security hole (How to execute programs with parameters in IE)
(alt.comp.anti-virus Usenet Newsgroup,
The above url when viewed WILL FORMAT THE A:\ drive when viewed on a
fully updated and patched windows system. ... The technique used may open up
far more dangerous attacks than seen before.
- Serious Internet Explorer Defect
(James Madison University,
A simple way to exploit an unfixed defect in Internet Explorer has been
discovered that allows malicious web sites, and possibly malicious email
messages read with Outlook or Outlook Express, to take control of a
computer. All you would need to do is click a web link and the owner of
the web site could take almost any action they desired on your computer.
... There is no patch to fix the problem. Anti-virus and personal firewall
software will not prevent an exploit. ... There is only one technical
defense Internet Explorer users can use against an exploit at the present
time and that is to disable scripting in Internet Explorer, Outlook, and
Outlook Express. Unfortunately, disabling scripting in Internet Explorer
will adversely affect the operation of many web sites including ... the
Windows Update Site.
- Microsoft: You Need Permission to Sell Our Software
Microsoft has objected to the sale of bankrupt KMart's Bluelight.com
Internet unit to United Online. Microsoft's objection to the sale is
based on the non-transferability of software licenses protected by
copyright law... This action... should serve as a warning to any
corporation that has a significant investment in Microsoft licenses.
Dependency on Microsoft licenses may grant Microsoft the ability to veto
your business decisions.
- Bugbear Virus Spreading Rapidly
[The] virus generates random attachment names and subject lines to
avoid easy detection by antivirus software and assigns multiple file
extensions to the virus to disguise the fact that it is an executable file...
Once activated, the virus shuts down vital processes used by antivirus and
firewall software, records user keystrokes to capture passwords, sends copies
of itself as e-mail attachments, and copies itself onto directories shared by
networks that are accessible to the computers it infects. ... Finally, Bugbear
opens a back door to the machines that it infects. Using a Web browser, the
virus author or malicious hackers can access a Web interface created by the
virus, browse local files on an infected machine, and execute programs on
- Microsoft Flaw May Allow File Theft
icrosoft's flagship word processor has for years had a security flaw that
could allow a criminal to steal computer files by 'bugging' a document with
a hidden code. The company said it will definitely repair the problem only
for owners of the most recent versions of the software. That decision...
may leave millions of users of Word 97 without a fix. All versions of Word
are susceptible to the flaw, but the problem is most severe in Word 97.
... The attacker sends the victim a bugged document, usually with a request
that the document be revised and returned to the sender - a common form of
daily communication. When the document is changed and sent back, the file
the attacker wants to steal is attached. ... A research firm reported in
May that about 32 percent of offices have copies of Word 97 running...
- Microsoft: 'Our products aren't engineered for security'
'We really haven't done everything we could to protect our customers. Our
products just aren't engineered for security,' admitted [Brian Valentine,
senior vice-president in charge of Microsoft's Windows development]. ...
In August [Microsoft] put out eight security bulletins. This month it has
released two, so far, with the latest urging users to patch a flaw in its
digital certificate technology that could allow attackers to steal a user's
credit card details.
- Expert: Banks yield to Microsoft flaw
The Swedish hacking expert... demonstrated ... how it was possible within
minutes to break through security on Web server software from Microsoft.
The expert showed how to crack the security systems for Internet banking,
breaking into three of Sweden's big four banks in quick succession. He
was then able to show how to conceal his tracks, making detection difficult
afterward. ... He relied on a variation of a weakness ... in
Microsoft's implementation of Secure Socket Layer... 'There's been a lot
of denial' ... Such flaws result from a mix of fatalistic acceptance and
technical ignorance ... ''Everything is fine,' banks say. That's clearly
- Microsoft discloses 'critical' security flaws - Office, IE lapses put millions in danger of being hacked
Microsoft Corp. said ... that 'critical' security lapses in its Office
software and Internet Explorer Web browser put tens of millions of users
at risk of having their files read and altered by online attackers. ...
[An] attacker, using e-mail or a Web page, could... alter data and
wipe out the hard drive as well as view file and clipboard contents on
a user's system. ... In addition [they] reported vulnerabilities in the
three latest versions of [Internet Explorer] that allows infiltrators
to read files.
- Exploiting design flaws in the Win32 API for privilege escalation.
Or... Shatter Attacks - How to break Windows.
The flaws presented in this paper are, at the time of writing, unfixable.
The only reliable solution to these attacks requires functionality that is
not present in Windows, as well as efforts on the part of every single
Windows software vendor. Microsoft has known about these flaws for some
time; when I alerted them to this attack, their response was that they do
not class it as a flaw... This research was sparked by comments made by
Microsoft VP Jim Allchin who stated, under oath, that there were flaws in
Windows so great that they would threaten national security if the Windows
source code were to be disclosed. ... Basically, there is no simple solution,
which is why Microsoft have been keeping this under their hat. Problem is,
if I can find this, I can guarantee that other people have as well. They
might not tell anyone about it, and the next time they get into your system
as a low-priv user, you wouldn't have a clue how they got LocalSystem out
of it. After all, you're all up to date on patches, aren't you? ... Imagine
a company providing terminal service functionality to their clients, for
whatever purpose. That company is NOT going to give their users any real
privileges. Shatter attacks will allow those users to completely take over
that server; localsystem privileges are higher than the Administrator, and
on a shared server that's a problem. Oh, and it doesn't require console
access either - I've successfully executed these attacks against a Terminal
Server a hundred miles away.
- Microsoft accidentally distributes virus
Microsoft's flagship developer tools [Visual Studio .Net] picked up
[the virulent Nimda worm]... [This] is yet another stain on Microsoft's
reputation as the company works to convince the public and the tech
community that its products are secure.
- MS security hole extravaganza
MS has been sitting on a number of security holes which it's decided
to dump on us all at once. ... MS soft-pedals the severity in classic
form, labeling this one "Moderate." But the eEye bulletin rightly points
out that a target machine can be owned with a single session if the attacker
knows what he's doing. ... Apparently, users had trusted the MS
patch to fix their systems properly. Well it didn't... Apparently, the
[previously reported Gopher exploit] is a bit worse than MS had originally
thought, and affects not [just] IE...
- Security Flaw Found in Explorer
A security flaw in Microsoft's Internet Explorer browser could allow a
hacker to take control of a remote computer if its user clicks a link...
[A] hacker could take over a user's computer simply by having the user
click on a link... That one click would install and run any program the
hacker chose on the victim's computer, and the victim might never know. ...
All versions of Internet Explorer are believed to be vulnerable...
- New Hotmail settings might share your info, addresses
Microsoft has changed the privacy settings for Hotmail
What that means for subscribers ... is that the company can share a Hotmail
address with its partner Web sites. Microsoft has given itself the right to
share your e-mail address and other data with outside companies -- even if
you explicitly told Microsoft not to do so when you signed up.
It was done ... without anyone's knowledge or consent...
'It was done without our knowledge and consent in a secretive manner in
violation of Microsoft's own terms of service'...
- Microsoft Warns of Critical Instant Messaging Flaw
A security flaw in Microsoft's instant messaging services could enable
remote attackers to take control of users' computers...
[it] can be exploited through a malicious e-mail message, Web page,
'or through any other method where Internet Explorer is used to display
HTML that an attacker supplies.' ... [Even] non-active Messenger users,
or those who access the service using a third-party ... should upgrade...
'The attack doesn't happen through the chat client, so as long as you have
MSN Messenger installed, if I send you a special URL, I can
[take over your entire computer]'
- The pop-up ad campaign from hell
It's the latest in Web marketing innovation: Hijacked Web surfers, exploited
Web browser vulnerabilities and malicious spyware all wrapped up together.
... Thousands of unsuspecting visitors to a family entertainment site are
discovering a cornucopia of unwanted, potentially malicious software on
their computers -- the result of a pop-up ad campaign, a booby-trapped
Web site, [and] a compromised Web browser... code in the pages at
[the malicious website] exploited a known flaw in [the] Internet Explorer
browser to covertly download the first of 10 files onto visitors'
computers. ... 'When you exploit a security bug to get your program
onto someone's PC, you've crossed the boundary into what we consider
- Compulsory Windows: for Macs, and people without PCs?
Microsoft has come up with another novel way to make its software
compulsory - an annual subscription licensing system for schools where
you have to pay for all of the computers you're using, even if you don't
want them to run the Microsoft software you're licensing. This includes
Macs... [The] Microsoft UK Campus Agreement [has schools] paying for
software for people who don't even have computers.
Collection originally created by, donated to LUGOD by,
and maintained by
Microsoft, Internet Explorer, Outlook, IIS, XP, XBox, etc. are
trademarks or registered trademarks of Microsoft.
Linux is a trademark of Linus Torvalds.
Most category icons created by Bill Kendrick.