Microsoft can’t be trusted, says Microsoft!
From Brian Livingston, the respected Windows columnist at Infoworld
“I never thought I’d see the publisher of Windows issue an official document saying, “You shouldn’t trust Microsoft.”
But that day has arrived.”
How, you ask, can it be compromised?
“If you’ve ever downloaded an updated Windows component — and you happened to check the box that says “always trust Microsoft” — the insecure version of <what you just patched> will install itself without any notice. It can do this because it still has a valid Microsoft digital signature.
This is where “trust” comes in. The Microsoft bulletin says the only way to ward off this attack is to “make sure you have no trusted publishers, including Microsoft.” To do this, start IE and click Tools, Internet Options, Content, Publishers, Trusted Publishers. Then remove every company name you find. Sorry, if any new plug-ins arise, you’ll now have to decide Yes or No on your own.”
Thanks so much for your lousy software, BillG. I’m thinking my next PC will be Linux or a Mac.