Eye on Security: Red Hat Explains Why Windows is Less Secure, New Windows 0-Day Attack
- Dr. Roy Schestowitz
- 2010-07-01 13:46:45 UTC
- Modified: 2010-07-01 13:46:45 UTC
Summary: Comparative security news from this week
●
Open Source is Inherently More Secure, Says Red Hat (Microsoft
admits silent patching it never discloses)
But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built. President Reagan was fond of saying to Soviet leader Mikhail Gorbachev, "Trust, but verify." With proprietary software, you simply have to trust.
Microsoft, for example, pushes out security updates on the second Tuesday of every month. Bressers said they can't do that. Microsoft has the advantage of hiding security flaws and working on them at their leisure, but with open source software, that's not possible because everyone can see that there's a problem and they expect it to be fixed right away.
And if a security hole isn't plugged quickly enough, you can fix it yourself, Bressers explained.
An example of the power of open source is the ping of death bug. Back in the late 1990s someone figured out that if you send a giant ICMP packet to a computer, just about any computer, it will crash. The bug affected every operating system, routers, printers, etc. When the problem was discovered, the open source Linux operating system had the bug squashed in about 2 hours, Bressers recalled. The closed source operating system vendors, however, took days, weeks and even months to make and distribute a patch for the ping of death.
●
Microsoft: 10,000 PCs hit with new Windows XP zero-day attack
Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.
Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.
●
New Windows Live Messenger has same old privacy problems
Why do I get the impression that some folks at Microsoft just don’t get it?
●
Privacy problems persist in latest Windows Messenger 2011 beta [
via]
Earlier versions of Messenger played fast and loose with your privacy. The new Live Messenger 2011, currently in beta, suffers from some of the same defects
Recent Techrights' Posts
- Google 'Search' is Fast Becoming No Better Than Social Control Media Infested With Bots
- Google emerged almost 30 years ago as a company looking to organise the Web and direct people towards informative pages. That Google is dead.
- Before the OSI Was Bribed and Hijacked by Microsoft via GitHub and Compromised Management...
- The OSI isn't even remotely "woke"
- The OSI Has Been Silent for Over 3 Weeks, It Has a Severe Trust Issue After Promoting Microsoft and Proprietary GitHub
- OSI took a lot of money from Microsoft to become a Microsoft lobbyist
- Bribery is OK If You Work for Microsoft (No Punishment Expected)
- It's very troubling and a symptom of a broken society/system when particular laws or rules are applied and enforced against some people but not against others
- Someone Should Remind Microsoft Lunduke That Microsoft Hires Many Sexual Criminals and Pedophiles as Well
- Microsoft Lunduke on an "expedition" to find one or more perverts, then generalise to everyone in the "community"
- Cash Machines (ATMs) Make Mistakes and They're Proprietary Software
- Correcting mistakes is a colossal challenge
-
- Some People See What Others See... But Only 40 Years Later
- When people deviate from "the norm" they typically get ridiculed and dismissed as "crazy"
- Links 30/07/2025: Tea Class Action and Google Killing the Web With Slop
- Links for the day
- Last Month Our IRC Community Turned 17
- Funnily enough we never missed a single day when it comes to logging
- "The Unix Kernel"
- Linux was inspired by MINIX
- The Register Relays Microsoft Marketing, Dubs That Marketing "Research"
- Hours ago they did a "Microsoft sez" piece
- Dealing With Sociopaths, Liars, and Cranks
- A dysfunctional society such as this would never develop
- Not Owning Mobile Phones
- It's not about resistance; it's common sense
- PCLinuxOS Had Functional Backups Before the House Fire, the Site Will be Restored in New Webhost
- This is the direction we want for GNU/Linux, not some IBM sales strategy
- Gemini Links 30/07/2025: Two Sides of Me and "Hooked on Cosmic Voyage"
- Links for the day
- Microsoft Will Continue Resorting to Crimes in Order to Keep GNU/Linux Usage Down
- It is a real problem and we'll revisit it later this week
- GAFAM 'Revolving Doors' at The Register and a "Bribe Price List"
- "an analyst at Microsoft"
- Microsoft Rapidly Shrinking (No, It's Not About Efficiency, It's About Unbearable Debt)
- We'll soon see how much debt grew in the past quarter
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Tuesday, July 29, 2025
- IRC logs for Tuesday, July 29, 2025
- Corruption is the Standard Operating Procedure at the European Patent Office (EPO)
- The EPO is a dictatorship that stains Europe
- Local Staff Committee Munich (LSCMN) at the European Patent Office (EPO) Requests an Urgent Meeting to Avoid Abolishing the Office
- This is dictatorship led by the most corrupt
- Slopwatch: Fake 'Linux' 'Articles' and Spamfarms/Slopfarms
- at least 5 fake articles in one day
- Gemini Links 29/07/2025: Wayland Unfit for Use and LLM Slop Faking One's Language Skills With Robot Communications
- Links for the day
- Nailing the "Hey Hi" (AI) Hype Bubble
- So-called "hey hi" as they define it now is all about large companies or regimes remotely controlling the processes running on your machine and even your very own behaviour on your machine, which is in effect no longer your machine but some remotely controlled apparatus
- "Four decades; Four freedoms; For all users" Now as a T-shirt
- That's shown along the sidebar
- Links 29/07/2025: Bad Climate and "Fair Software Licensing" Blasts Microsoft
- Links for the day
- Links 29/07/2025: Data Brokers Gone Wrong/Rogue and "Copyright Thicket"
- Links for the day
- Slopwatch: Linuxconfig.org, Linuxsecurity.com, Fagioli, The Register
- Today's "Slopwatch" isn't the first article about LLM slop
- We Cover Topics Other Sites Are Too Afraid to Cover (Even When They Know the Facts)
- It's not that they doubt the truth, they just realise there may be consequences for talking about it
- They Try to Tell Us the Free Software Foundation Inc is Dying, But Its Revenue Doubled Since the Dot-Com Bubble Burst
- Being in "Activism" is never easy; but it does positive things for society
- Yes, Microsoft is the Problem
- "I am no MS shill."
- It's About the Cost of Workers, Not the Fictional Skills Shortage (That Does Not Exist, the Media Spreads False and Sometimes Self-Fulfilling Narratives)
- This issue isn't limited to computing, some dub it "globalism"
- Another Failed Use Case for Chatbots (LLM): Legal Advice and Analysis
- They're just some self-discrediting toy that costs way too much to operate
- Links 29/07/2025: More Pushbacks Against Slop and More Praises of Tom Lehrer
- Links for the day
- Gemini Links 29/07/2025: Purple Yarrow and Understanding Op Amps
- Links for the day
- This Monday WebProNews Absolutely Flooded the Web With Fake (LLM Slop) 'Articles' About "Linux", Google News Promoted Them as Legitimate
- All of the following are fake articles attributed to pseudonyms or authors that don't exist; the images are also slop. Why does Google promote these?
- Linuxiac is Not a Slopfarm, But at Least Some of Its Articles Are Machine-Generated Fakes
- what we said about it was correct
- Expect More Microsoft Layoffs
- "Are more job cuts coming?"
- Microsoft Behaving Like It's Running Out of Money to Pay Salaries
- Does that seem like the behaviour expected from a company which claims it is "worth" trillions?
- LWN Downtime Due to Linode, Not LLM Bots
- "I’ve received an email letting me know that there is a potential for data loss."
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Monday, July 28, 2025
- IRC logs for Monday, July 28, 2025
- Nonfree Software in My Bank, by Richard Stallman
- Updated 8 hours ago
- Links 28/07/2025: Science, Health, and Conflicts
- Links for the day
- Gemini Links 28/07/2025: Healthy Self-Image With Autism and a "New Life"
- Links for the day
- Links 28/07/2025: COVID-19 Sped up Brain Aging, "Circumvention is More Popular Than Compliance"
- Links for the day
- Richard Stallman is Usually Right Because He Thinks "Outside the Box"
- he is able to observe society (mores and norms) as somewhat of an outsider
- LWN Has Been Down for a Long Time, Another Casualty of LLM Bots?
- Time will tell. How much time though?
- Slopfarms Versus 'Linux' (and Against People Who Write Real Articles About GNU/Linux)
- LLM slop in slopfarms by Brian Fagioli and Redazione RHC
- Gemini Links 28/07/2025: Bila Yarrudhanggalangdhuray and Running pkgsrc in a FreeBSD Jail
- Links for the day
- Microsoft Turns News Sites Into Spamfarms
- Is the site The Register MS the next IDG?
- The Register MS/The Register US
- On Saturday I contacted them for a comment (before issuing criticism)
- Hacking revelations at Vatican Jubilee of Digital Missionaries
- Reprinted with permission from Daniel Pocock
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Sunday, July 27, 2025
- IRC logs for Sunday, July 27, 2025
Comments
saulgoode
2010-07-01 14:10:44
Not just trust the vendor, but also those with whom they've shared the source code (subcontractors, governments, large corporate clients, etc).
It is noteworthy that there were claims that the recent attack on Google stemmed from sources within the Chinese government (with whom MS shares its source code), it is not that surprising that Google would quickly put an end to a situation where the malware authors get to see the Windows source code and they do not.
Dr. Roy Schestowitz
2010-07-01 14:17:26