Windows Ecosystem Security Still Horrifying

Posted on by

Today it was revealed that Lenovo has been installing a piece of adware called "Superfish" which uses an SSL man in the middle attack to replace ads served to users and potentially engage in all kinds of other evil. Abuse of unaware users who run Microsoft Windows by computing vendors has a long history which includes many other notable episodes such as Sony proposing a lack of factory bloatware as a premium option to the entire existence of the venture known as "WildTangent."

Thanks to the combined efforts of Microsoft, Intel, and various other vendors it becomes increasingly difficult to buy a machine that can operate as a computer loyal to the person that at least nominal owns the device through the act of having purchased it. Between measures that allow casual in band updating of firmware on components with no business having such a capability, to measures which allow only vendor approved firmware to operate on the mainboard with absolutely no way for users to opt into using custom firmware at all, the alliance of Microsoft, Intel, and others to prevent users from controlling their computing machines marches on.

It is no secret, not after Snowden, that the default setting pushed to users is one of vulnerability by default. One that creates a world where further infections can come from simply searching for a recipe or taking a quick break to enjoy a bit of pornography. A world where the web browser, a program nominally serving a document presentation role, has been morphed into a complete runtime used by remote computers to feed executable code to "your" machine.

A large portion of 1990's era speculative fiction supposed that a world like the one being cultured now would be imposed legislatively by fiat. Instead it is being engineered socially by normalizing defective behavior and by people who are nominally "contributing" to projects introducing defects and not infrequently breaking functionality demanded by actual users. This is not at all to imply that legislative measures aren't discussed, but to highlight that even without legislative action subterfuge is narrowing the window to acquire an actual computer.

The legislative defeats of the Stop Online Piracy Act and the Protect IP act does not mean the "Internet Blackout" has won against the forces which wish to deprive the world of actual computers. It simply delays them and forces them to spend more time normalizing defective expectations of how a computer acts. Following the present path, by the time the much threatened and awaited legislative hammer comes down, real computers will already have been unavailable new at any cost for quite some time.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>