• United States



Microsoft roundup: The Windows 7 threat, notifying nation-state targets, Bing censorhip

Jan 03, 20166 mins
Data and Information SecurityMicrosoftSecurity

Roundup: Microsoft says use Windows 7 at your own peril, that it will notify victims of state-sponsored attacks, and Bing started off the new year in full-on censorship mode in China.

When checking around for what’s been happening with Microsoft, it seems like the company is following its normal pattern of gaining ground and then shooting itself in the foot. Here are a few examples:

At the end of 2015, Microsoft announced that it will start notifying users if the company believes “your account has been targeted or compromised by an individual or group working on behalf of a nation state.” Scott Charney, Microsoft’s Corporate VP of Trustworthy Computing, added:

We’re taking this additional step of specifically letting you know if we have evidence that the attacker may be “state-sponsored” because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others.

Don’t expect details about the state-sponsored attackers if you receive notification as the evidence “may be sensitive.” If you have been targeted, Microsoft urges you to turn on two-step verification, to use and keeping changing strong passwords, to watch for suspicious activity on your Microsoft account “Recent Activity” page, to watch out for spear-phishing and to not open emails or attachments from suspicious senders, to be cautious about downloading apps or files from websites, and to keep your software up-to-date.

While it’s great that Microsoft finally joined the cool kids’ table with Google, Twitter, Yahoo, and Facebook and will now warn you if it detects that you are a state-sponsored attacker’s target, Microsoft made the announcement as Reuters reported that Microsoft knew victims were targets of a “Chinese email hack” and chose not to warn them.

Reuter’s report read:

Chinese authorities had hacked into more than a thousand Hotmail email accounts, targeting international leaders of China’s Tibetan and Uighur minorities in particular – but it decided not to tell the victims, allowing the hackers to continue their campaign, according to former employees of the company.

Naturally Microsoft did not say it was afraid of warning victims and then becoming a target of Chinese hackers; instead, it admitted that most of the attacks came from China but that neither it nor the U.S. government could identify the country of origin for all the attacks. But now, Charney said of Microsoft’s stance: “As the threat landscape has evolved our approach has too, and we’ll now go beyond notification and guidance to specify if we reasonably believe the attacker is state-sponsored.”

Speaking of threats…Windows 7 is apparently a threat to Microsoft.

Microsoft says use Windows 7 at your own peril

If you still use Windows 7, then do so “at your own risk, at your own peril,” Microsoft Marketing Chief Chris Capossela said on Windows Weekly. He said Microsoft is “pushing” its software and hardware partners “to build great new stuff that takes advantage of Windows 10 that obviously makes the old stuff really bad and not to mention viruses and security problems.”

Nearly 29 minutes into Windows Weekly, Capossela said it is “so incredibly important to try to end the fragmentation of the Windows install base. So we think every machine that is capable of running Windows 10 – we should be doing everything we possibly can to get people to move to Windows 10.” You have a “choice” as to whether or not to run Windows 10, “a better, safer operating system,” but in other words, expect to be nagged and “pushed” onto Windows 10. Microsoft calls it getting users to a “safer place.”

Instead of “running an operating system that is 10 years old,” using newer computers with the newest OS means future hardware like printers will work; he even plugged Fallout 4 as it won’t work on older machines. Capossela admitted that Microsoft is trying to find the “right balance,” but the company plans to push users to its newest OS. He stated, “We are going to try to find that right balance, but we just know there’s a lot of people out there who constantly kick the can down the street without a little bit more of a, frankly, a push.”

Microsoft doesn’t want that push to “anger anybody,” but the company does “feel a responsibility to get people to a much better place, and Windows 10 is a much better place than Windows 7.” He added, “We will always give you a way out, but we’re trying to find the right threat balance.”

“Rubbish” and “deliberate misinformation” are how Forbes’ Gordon Kelly summed up Capossela’s statements. “Nagging pop-ups, cutting opt-out options and spreading groundless fear for the average user” is really “no choice at all.”

Bing reaches almost 21% of desktop market share

Bing has finally stopped being Microsoft’s black hole sucking in the company’s money and is gaining ground, according to comScore’s latest U.S. desktop search market share report. Bing is at nearly 21% (20.9%) market share, which might be accredited to Windows 10 since Microsoft receives 20% of its search revenue from Windows 10 devices.

Chinese version of Bing went into censorship mode

Yet Charles Liu reported that on New Year’s Day Bing went into full-on censorship mode in China, providing “skewed search results” such as the top Bing hit for Wikipedia leading to an article bashing the Internet staple; the top search results for BBC, The New York Times and CNN were not the sites but articles bashing the sites. Even the top Bing search result for USA led to China Daily’s “About Us” page. The censorship poofed on Jan. 2, but The Nanfang staff are keeping an eye out for more Bing-sponsored censorship.

Happy New Year!


1/5/16 update, but no shocker: Microsoft contacted me to say it “disputes the Reuters report from former employees.” Microsoft added that it “made the case to Reuters that it should not use anonymous former employee sources for this confirmation when they have Microsoft making an on the record comment to the contrary, and that notifying customers of suspicious activity is not the same as ‘not warning’.”

The company wants to following statement to go on record:

Our focus is on helping customers keep personal information secure and private. Our primary concern was ensuring that our customers quickly took practical steps to secure their accounts, including by forcing a password reset. We weighed several factors in responding to this incident, including the fact that neither Microsoft nor the U.S. Government were able to identify the source of the attacks, which did not come from any single country. We also considered the potential impact on any subsequent investigation and ongoing measures we were taking to prevent potential future attacks.

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.