Tuesday, December 2, 2014

Lions, Tigers, Bears, and FBI Warnings, Oh My!

Wizard of Oz Movie (Image credit: prairiecloudware.com)

Seriously, do you tire of seeing major news plastered with warnings about cyber attacks, malware and viruses?

It really has grown to a fever pitch lately.

What stuck in my craw today was a Bloomberg report Exclusive: FBI warns of 'destructive' malware attack in the wake of the SONY attack.

Like, I should be mortified maybe?  Do these 'brainiacs' remember StuxNet?

Would it help to revisit the topic?  I'd rather not, thank you very much.  Please feel free to read the Wikipedia link on the subject.

It was the perfect road-side billboard if there ever was for why Microsoft Legacy (x86) Windows should be abandoned on grounds of National Security.

Sadly, the software industry hasn't changed and quite frankly isn't going to as long as 'big business' is married to a security-flawed 'by design' operating system.

What do I mean by 'by design'?  Microsoft provides undocumented APIs through their Trusted Platform to domestic and foreign governmental agencies (the FBI included) to have unfettered access to any Windows PC without the user's expressed permission.  (Insert sound of crickets here.)

That seems to me to be a major violation of public privacy.  And that's what the public get using proprietary software.  Transparency is non-existent.

Could writing code that facilitates having 'back doors' on to computers exist in the Open Source World?  I should think not!

Well, so far, we haven't seen any.

Of course there have been recent documented attempts by the NSA to weaken string constants in Elliptic Curve Cryptography used by Secure Sockets Layer, but it is a different kettle of fish to write a bank of code, spanning perhaps thousands of lines, dedicated to the specific purpose of providing 'backdoors' without going noticed under the Gnu General Public License for Open Source.  That kind of exploitative code cannot exist in FOSS projects.  Transparency is in full force with 'many eyes' providing the much-needed oversight.  As it should be.

Edward Snowden is correct:

“Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on." 

Unlike Open Source, the Proprietary Software Anti-Virus Business gets a boost every time one of these 'sensational' stories comes out.  It's a stimulus to obtain a desired result: the masses run out to buy AV Tools which get immediately installed.  End users fire up their AV tools, then passively watch a pretty widget on screen scanning, despite for foregoing 'backdoor' api.  The asthetic is dispensed  as the user receives a 'false sense of security'.   AV software vendors make billions of dollars in sales annually.  The partnership between Microsoft and AV Vendors is entrenched and the myth lives on.

None of this would have been mentioned if I didn't know better -- it insults my intelligence.

I know full well that if every Windows PC were to switch to Fedora Linux, all of the security issues would be gone.  Zero.  None.

So, please.  Spare me the FUD.  -- Dietrich


Post a Comment