A Defensive Computing Checklist    by Michael Horowitz
NOTE: I gave a presentation on Defensive Computing at the HOPE conference in July 2022
HOME | Full Site Index | Domain Names | VPNs | iOS | Android | About | Rules of the Road | DC Presentation |

MICROSOFT

My experience has been that Microsoft is not good at creating software and even worse at maintaining it. This opinion has been formed over many years, the articles below are just some recent confirmations of this opinion.

In light of this, I suggest avoiding all software from Microsoft such as their web browser (Edge), their email clients (Outlook in particular), their Office suite (try Libre Office instead), their Search Engine (Bing) and their email server (Exchange). Personally, while I do use Windows, it is the only Microsoft software that I use.

MICROSOFT BAD

There are many examples of Microsoft being bad and inept that formed my opinion. Here are just a few.

August 16, 2023: This article is so typical of Microsoft. Windows feature that resets system clocks based on random data is wreaking havoc by Dan Goodin for Ars Technica. The problem is that Windows computers are randomly changing the current date/time. Microsoft does not issue a warning, nor do they offer a fix. Heck, they don't even offer an explanation. Victimes of this bug trace the problem to a feature that was added to Windows in 2016. By all accounts, this new feature was buggy from the get-go. And, the feature has no useful logging. It does not explain why it does what it does. None of your business. Without this type of log, the bug can not be fixed. A victim was quoted saying "Microsoft hasn't really been helpful in trying to track this, either. I've sent over logs and information, but they haven't really followed this up. They seem more interested in closing the case." A victim of this bug reported it using Microsoft’s feedback hub. There was no response. Then, the victim reported it through the Microsoft Security Response Center. The bug report was closed. Period, end of sentence. Just closed. This is not a company that deserves your trust.

July 27, 2023: US senator blasts Microsoft for 'negligent cybersecurity practices' by Dan Goodin in Ars Technica. What a surprise, when US Government email accounts are hacked due a Microsoft screw-up, a US Senator is quite annoyed.

On the Security Now podcast with Steve Gibson and Leo Laporte, on July 18, 2023 Gibson described a flaw in Microsoft Office that Microsoft can't be bothered to fix. It fell to Kaspersky to explain the gory details (the bug was in a component of Internet Explorer that is still active in Windows). Bottom line: open a Word document and get hacked. It is cases like this that show Microsoft is not to be trusted.

How a Microsoft blunder opened millions of PCs to potent malware attacks by Dan Goodin for Ars Technica. October 14, 2022. This is a very damning article and a worthwhile read because it is well researched and not just opinion. In brief: Microsoft had a bug in Windows Update such that it failed to protect Windows from known malicious driver software. Then, for two years, the company ignored everyone who suggested something was wrong. Even caught with their pants down, they can not come clean. Clearly Microsoft should not be trusted.

FYI: Microsoft Office 365 Message Encryption relies on insecure block cipher by Thomas Claburn October 14, 2022. Quoting: "Microsoft Office 365 Message Encryption claims to offer a way 'to send and receive encrypted email messages between people inside and outside your organization.' And according to WithSecure, it's not fit for purpose: the encryption method employed, known as Electronic Codebook (ECB), is insecure ... And Microsoft isn't fixing it.".

- - - - - - - - - - - -
See also the topics on Microsoft Office and Windows and Search Engines.

 This page: 4 views per day (over 340 days)   Total views: 1,304   Created: October 19, 2022
This Page
Last Updated

August 17, 2023
Site Page
Views TOTAL

 684,365
Site Page
Views TODAY

  282
Previous
Website View

2.5 minutes ago
Website by
Michael Horowitz
@defensivecomput
top
Website Average Daily Page Views: August 2023: 558   See the website change log
Copyright 2019 - 2023