A Defensive Computing Checklist    by Michael Horowitz
HOME | About | Domain Names | VPNs | Rules of the Road | DC Presentation | ChangeLog | Stats |

MICROSOFT

My experience has been that Microsoft is not good at creating software and even worse at maintaining it. This opinion has been formed over many years, the articles below are just some recent confirmations of this opinion.

In light of this, I suggest avoiding all software from Microsoft such as their web browser (Edge), their email clients (Outlook in particular), their Office suite (try Libre Office instead), their Search Engine (Bing) and their email server (Exchange). Personally, while I do use Windows, it is the only Microsoft software that I use.

March 28, 2024: If you have a Microsoft account, be sure there is a valid recovery email address. For details see: What Is My Microsoft Account Recovery Email? by Leo A. Notenboom.

MICROSOFT BAD

There are many examples of Microsoft being bad and inept that formed my opinion. Here are just a few.

July 17, 2024: Quoting from the Risky Business newsletter by Catalin Cimpanu: "Microsoft CVD disaster: ZDI's Dustin Childs has published a comprehensive critique of Microsoft's vulnerability disclosure program that has consistently failed to treat researchers properly, fix bugs in time, pay bounties, and even communicate properly with bug hunters over the past year. It's actually a pretty bleak reading and something I can also confirm from our coverage of various Microsoft bug reports over the past year." This is the article in question: Uncoordinated Vulnerability Disclosure: The Continuing Issues with CVD by Dustin Childs July 15, 2024.

June 13, 2024: Proof, from a whistleblower, of the obvious, Microsoft does not care at all about the security of their software: Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to Russian Hack, Whistleblower Says by Renee Dudley (with research by Doris Burke) for Pro Publica. A former Microsoft employee says the company dismissed his warnings about a critical flaw because it feared losing government business. Hackers later used the bug to breach the National Nuclear Security Administration.

June 13, 2024: The security of Microsoft software is so bad, that one of their bigshots got called before Congress about it. This is a 3 hour video: Microsoft President Testifies on Cybersecurity Failures. The main impetus for this grilling (there could have been many) was in 2023 when Chinese hackers breached the email accounts at several federal agencies.

May 21, 204: Microsoft is adding AI to Windows is assorted ways. This article is about the Recall feature coming to Windows 11: How the new Microsoft Recall feature fundamentally undermines Windows security by Kevin Beaumont. The ironic thing about this feature is that it came out just about a week after Microsoft pledged to do better on security.

April 15, 2024. The US Government Has a Microsoft Problem by Eric Geller in Wired. Lots of details on Microsoft's screw-ups. One reason is that Microsoft has become insulated from virtually any US government accountability. The US government’s reliance on Microsoft means the company gets a virtual free pass. So, no need to do a good job. And, they don't, as Microsoft "has stumbled through a series of major cybersecurity failures over the past few years."

March 1, 2024: Outlook is Microsoft's new data collection service. A blog posting by Edward Komenda for Proton. Initially published Jan 5, 2024. "With Microsoft's rollout of the new Outlook for Windows, it appears the company has transformed its email app into a surveillance tool for targeted advertising." Microsoft shares your data with 801 third parties.

August 16, 2023: This article is so typical of Microsoft. Windows feature that resets system clocks based on random data is wreaking havoc by Dan Goodin for Ars Technica. The problem is that Windows computers are randomly changing the current date/time. Microsoft does not issue a warning, nor do they offer a fix. Heck, they don't even offer an explanation. Victimes of this bug trace the problem to a feature that was added to Windows in 2016. By all accounts, this new feature was buggy from the get-go. And, the feature has no useful logging. It does not explain why it does what it does. None of your business. Without this type of log, the bug can not be fixed. A victim was quoted saying "Microsoft hasn't really been helpful in trying to track this, either. I've sent over logs and information, but they haven't really followed this up. They seem more interested in closing the case." A victim of this bug reported it using Microsoft’s feedback hub. There was no response. Then, the victim reported it through the Microsoft Security Response Center. The bug report was closed. Period, end of sentence. Just closed. This is not a company that deserves your trust.

July 27, 2023: US senator blasts Microsoft for 'negligent cybersecurity practices' by Dan Goodin in Ars Technica. What a surprise, when US Government email accounts are hacked due a Microsoft screw-up, a US Senator is quite annoyed.

On the Security Now podcast with Steve Gibson and Leo Laporte, on July 18, 2023 Gibson described a flaw in Microsoft Office that Microsoft can't be bothered to fix. It fell to Kaspersky to explain the gory details (the bug was in a component of Internet Explorer that is still active in Windows). Bottom line: open a Word document and get hacked. It is cases like this that show Microsoft is not to be trusted.

How a Microsoft blunder opened millions of PCs to potent malware attacks by Dan Goodin for Ars Technica. October 14, 2022. This is a very damning article and a worthwhile read because it is well researched and not just opinion. In brief: Microsoft had a bug in Windows Update such that it failed to protect Windows from known malicious driver software. Then, for two years, the company ignored everyone who suggested something was wrong. Even caught with their pants down, they can not come clean. Clearly Microsoft should not be trusted.

FYI: Microsoft Office 365 Message Encryption relies on insecure block cipher by Thomas Claburn October 14, 2022. Quoting: "Microsoft Office 365 Message Encryption claims to offer a way 'to send and receive encrypted email messages between people inside and outside your organization.' And according to WithSecure, it's not fit for purpose: the encryption method employed, known as Electronic Codebook (ECB), is insecure ... And Microsoft isn't fixing it.".

- - - - - - - - - - - -
See also the topics on Microsoft Office and Windows and Search Engines.

 This page: 5 views per day (over 849 days)   Total views: 4,029   Created: October 19, 2022
This Page
Last Updated

July 17, 2024
Site Page
Views TOTAL

 1,097,419
Site Page
Views TODAY

  50
Website by
Michael Horowitz
@defensivecomput
top
Copyright 2019 - 2025