The root of my antipathy for Microsoft

2026-06-20 20:23 by Ian

This is one of those things I've had to explain enough times, that I should probably just have it written down to make such conversations shorter. It addresses questions I am often asked that have the flavor:
"Why don't you use Windows?"
"Why won't you install Microsoft authenticator on your phone?"
"Why do you treat Windows like a security threat?"
Because it is.

When I was a teenager, I used to crack software. Not on any serious basis, but I knew enough to use OllyDebg and SoftICE to vivisect running programs, and bypass telemetry or obstructive behaviors. During that time, I had several occasions to take apart Microsoft's DLLs and binaries, and lose some innocence about the nature of software.

Quite apart from finding (probably) unintentional exploits, Microsoft's DLLs contain undocumented functions. How many such functions, and what they do, is not important here. But as someone who has spent a lifetime writing software, I can promise you that some of them are there for the sole purpose of undermining your ownership of your own computer.

What winds up in a binary is not advertised. The usefulness of a piece of software is often the bait that lures users into traps to harvest something much more valuable than any amount of money you might have paid for it. Sometimes this is your personal data and behavioral patterns. Sometimes, it's the installation of an "outpost" for a distributed botnet. Sometimes, it's the ability to compromise a specific user's computer and plant illegal materials for the sake of removing that user from society.
I don't care if anyone believes me. I know that all of these things have happened. I've known people who don't have permanent mailing addresses or bank accounts because of retribution for exposing such things.

Microsoft's software organization reflects a choice of backward compatibility as a primary value. But being (as it is) a binary distribution, this means that many APIs are static and immovable because the developer's time-frames are all independent of the user of the computer. This leads to 30GB update patches, many of which are forced by their software refusing to operate.

Microsoft behaves in a manner that suggests that my hardware is, in fact, theirs, and I am just paying for it.

As a general principle of information security, exposure to a network invites a set of security concerns that simply do not exist for unconnected software. There is no reason for a calculator program to talk to a network, for example. None.

Most of those reading this are probably familiar with local programs that function as authentication tokens. What fewer of you probably know is that there is no reason for such programs to access a network. None.
And yet, we still wind up with CVEs like this one.

The simple fact of Microsoft Authenticator having networking code tells me that the team maintaining it cares less about security, and more about some quantity of information contained in the device on which it is installed. Without being able to audit the source code for that program, it is not possible for anyone to talk me out of that assumption. You take your own risks, and I'll take mine.

Here is another example. There is no reason for notepad to have network code. None. And yet...

Software that tries to monitor and shape my behavior gets deleted.

Software that acts with political goals gets deleted.

Software that disrespects my ownership of my own hardware gets deleted.

Software that opens security holes for no tangible benefit to me gets deleted.

No Microsoft anything gets to touch my networks. When I buy a new laptop, I don't even boot into the OS that is pre-installed. I go straight into BIOS, boot from a Gentoo USB drive, and wipe the hard drive. Every time, without exceptions.

I honestly don't know how anyone runs a business on Microsoft's garbage. It isn't something I could be paid to do.

Previous:
Next: