Eye on Security: Red Hat Explains Why Windows is Less Secure, New Windows 0-Day Attack

Dr. Roy Schestowitz

2010-07-01 13:46:45 UTC
Modified: 2010-07-01 13:46:45 UTC

Summary: Comparative security news from this week

● Open Source is Inherently More Secure, Says Red Hat (Microsoft admits silent patching it never discloses)

But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built. President Reagan was fond of saying to Soviet leader Mikhail Gorbachev, "Trust, but verify." With proprietary software, you simply have to trust.

Microsoft, for example, pushes out security updates on the second Tuesday of every month. Bressers said they can't do that. Microsoft has the advantage of hiding security flaws and working on them at their leisure, but with open source software, that's not possible because everyone can see that there's a problem and they expect it to be fixed right away.

And if a security hole isn't plugged quickly enough, you can fix it yourself, Bressers explained.

An example of the power of open source is the ping of death bug. Back in the late 1990s someone figured out that if you send a giant ICMP packet to a computer, just about any computer, it will crash. The bug affected every operating system, routers, printers, etc. When the problem was discovered, the open source Linux operating system had the bug squashed in about 2 hours, Bressers recalled. The closed source operating system vendors, however, took days, weeks and even months to make and distribute a patch for the ping of death.

● Microsoft: 10,000 PCs hit with new Windows XP zero-day attack

Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.

Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.

● New Windows Live Messenger has same old privacy problems

Why do I get the impression that some folks at Microsoft just don’t get it?

● Privacy problems persist in latest Windows Messenger 2011 beta [via]

Earlier versions of Messenger played fast and loose with your privacy. The new Live Messenger 2011, currently in beta, suffers from some of the same defects

Comments

saulgoode

2010-07-01 14:10:44

But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built.

Not just trust the vendor, but also those with whom they've shared the source code (subcontractors, governments, large corporate clients, etc).

It is noteworthy that there were claims that the recent attack on Google stemmed from sources within the Chinese government (with whom MS shares its source code), it is not that surprising that Google would quickly put an end to a situation where the malware authors get to see the Windows source code and they do not.

Dr. Roy Schestowitz

2010-07-01 14:17:26

Let's remember that one Chinese company that Microsoft let write its code was unethical enough (even criminal) to rip someone else's work and rebrand it as Microsoft's [1, 2, 3, 4].

An Illusion and Cult Worship of Magnitude (Ubiquity as "Victory"): GNU has been around for over 40 years and it'll likely continue to exist for another 40 (in some form)
Wall Street Does Not Care About Microsoft's Impending (August) Layoffs, It Believes Lies From Microsoft, Whose Debt Grows Rapidly: If Microsoft is doing so well and swimming in money, why so many cuts (about 29,000 layoffs so far this year)?
Riot for peace & Love: Catholic Influencers and Digital Missionaries welcome Jubilee of Youth: Reprinted with permission from Daniel Pocock
Links 31/07/2025: Spotify Collapses and Spotify Now Forcing Some Users to Undergo Face-Scanning: Links for the day
A Lot of Supposedly "Successful" Businesses Are Just Debt-Racking Vessels Without Any Prospects of Financial Sustainability: The probability of bankruptcy of any business is more than 0%
theregister.com: The Voice of Microsoft US?: It basically sold out
Yes, You Can Love and Adore Things Whilst Also Criticising Them: Is society being divided and groomed/primed to be resistant to constructive criticism?
Links 31/07/2025: War in Ukraine, Security News, and Cyberattacks Against Journalists on the Rise: Links for the day
Gemini Links 31/07/2025: Fake Money and Gemini Diaries: Links for the day
Google: From Pointing to Relevant Sites to Pointing to Social Control Media to Actually Parroting Social Control Media as "Facts": Google has become a misinformation company
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 30, 2025: IRC logs for Wednesday, July 30, 2025
How to Report Apple Layoffs Without Saying the "L" Word: don't look for the "L" word
Wayland Considered Harmful (to GNU/Linux Adoption): it's not limited to games
My Experience With Judges Has been Positive, But We Must Still Pursue SLAPP Reform in the United Kingdom: We believe it'll be a "feather in the cap" if we can help change laws in the UK to better protect investigative reporters
Slopwatch Makes the Web Better: Remember what happened to BetaNews?
Slopwatch: Google News is Pumping in Lots of Web Traffic Into Fake Sites That Say "Linux": somewhere between 30% and 40% of today's "news" about "Linux", as seen by Google News, is LLM slop
Links 30/07/2025: Climate Calamities Highlighted, Kyrgyzstan Crackdown on Expression/Freedoms: Links for the day
Gemini Links 30/07/2025: Watson’s List of Limits, Lysenko 2000: Links for the day
Some People See What Others See... But Only 40 Years Later: When people deviate from "the norm" they typically get ridiculed and dismissed as "crazy"
Links 30/07/2025: Tea Class Action and Google Killing the Web With Slop: Links for the day
Last Month Our IRC Community Turned 17: Funnily enough we never missed a single day when it comes to logging
"The Unix Kernel": Linux was inspired by MINIX
The Register Relays Microsoft Marketing, Dubs That Marketing "Research": Hours ago they did a "Microsoft sez" piece
Dealing With Sociopaths, Liars, and Cranks: A dysfunctional society such as this would never develop
Not Owning Mobile Phones: It's not about resistance; it's common sense
Google 'Search' is Fast Becoming No Better Than Social Control Media Infested With Bots: Google emerged almost 30 years ago as a company looking to organise the Web and direct people towards informative pages. That Google is dead.
PCLinuxOS Had Functional Backups Before the House Fire, the Site Will be Restored in New Webhost: This is the direction we want for GNU/Linux, not some IBM sales strategy
Gemini Links 30/07/2025: Two Sides of Me and "Hooked on Cosmic Voyage": Links for the day
Microsoft Will Continue Resorting to Crimes in Order to Keep GNU/Linux Usage Down: It is a real problem and we'll revisit it later this week
GAFAM 'Revolving Doors' at The Register and a "Bribe Price List": "an analyst at Microsoft"
Microsoft Rapidly Shrinking (No, It's Not About Efficiency, It's About Unbearable Debt): We'll soon see how much debt grew in the past quarter
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 29, 2025: IRC logs for Tuesday, July 29, 2025
Corruption is the Standard Operating Procedure at the European Patent Office (EPO): The EPO is a dictatorship that stains Europe
Local Staff Committee Munich (LSCMN) at the European Patent Office (EPO) Requests an Urgent Meeting to Avoid Abolishing the Office: This is dictatorship led by the most corrupt
Slopwatch: Fake 'Linux' 'Articles' and Spamfarms/Slopfarms: at least 5 fake articles in one day
Gemini Links 29/07/2025: Wayland Unfit for Use and LLM Slop Faking One's Language Skills With Robot Communications: Links for the day
Before the OSI Was Bribed and Hijacked by Microsoft via GitHub and Compromised Management...: The OSI isn't even remotely "woke"
Nailing the "Hey Hi" (AI) Hype Bubble: So-called "hey hi" as they define it now is all about large companies or regimes remotely controlling the processes running on your machine and even your very own behaviour on your machine, which is in effect no longer your machine but some remotely controlled apparatus
The OSI Has Been Silent for Over 3 Weeks, It Has a Severe Trust Issue After Promoting Microsoft and Proprietary GitHub: OSI took a lot of money from Microsoft to become a Microsoft lobbyist
"Four decades; Four freedoms; For all users" Now as a T-shirt: That's shown along the sidebar
Bribery is OK If You Work for Microsoft (No Punishment Expected): It's very troubling and a symptom of a broken society/system when particular laws or rules are applied and enforced against some people but not against others
Links 29/07/2025: Bad Climate and "Fair Software Licensing" Blasts Microsoft: Links for the day
Links 29/07/2025: Data Brokers Gone Wrong/Rogue and "Copyright Thicket": Links for the day
Slopwatch: Linuxconfig.org, Linuxsecurity.com, Fagioli, The Register: Today's "Slopwatch" isn't the first article about LLM slop
Someone Should Remind Microsoft Lunduke That Microsoft Hires Many Sexual Criminals and Pedophiles as Well: Microsoft Lunduke on an "expedition" to find one or more perverts, then generalise to everyone in the "community"
Cash Machines (ATMs) Make Mistakes and They're Proprietary Software: Correcting mistakes is a colossal challenge
We Cover Topics Other Sites Are Too Afraid to Cover (Even When They Know the Facts): It's not that they doubt the truth, they just realise there may be consequences for talking about it
They Try to Tell Us the Free Software Foundation Inc is Dying, But Its Revenue Doubled Since the Dot-Com Bubble Burst: Being in "Activism" is never easy; but it does positive things for society
Yes, Microsoft is the Problem: "I am no MS shill."
It's About the Cost of Workers, Not the Fictional Skills Shortage (That Does Not Exist, the Media Spreads False and Sometimes Self-Fulfilling Narratives): This issue isn't limited to computing, some dub it "globalism"
Another Failed Use Case for Chatbots (LLM): Legal Advice and Analysis: They're just some self-discrediting toy that costs way too much to operate
Links 29/07/2025: More Pushbacks Against Slop and More Praises of Tom Lehrer: Links for the day
Gemini Links 29/07/2025: Purple Yarrow and Understanding Op Amps: Links for the day
This Monday WebProNews Absolutely Flooded the Web With Fake (LLM Slop) 'Articles' About "Linux", Google News Promoted Them as Legitimate: All of the following are fake articles attributed to pseudonyms or authors that don't exist; the images are also slop. Why does Google promote these?
Linuxiac is Not a Slopfarm, But at Least Some of Its Articles Are Machine-Generated Fakes: what we said about it was correct
Expect More Microsoft Layoffs: "Are more job cuts coming?"
Microsoft Behaving Like It's Running Out of Money to Pay Salaries: Does that seem like the behaviour expected from a company which claims it is "worth" trillions?
LWN Downtime Due to Linode, Not LLM Bots: "I’ve received an email letting me know that there is a potential for data loss."
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, July 28, 2025: IRC logs for Monday, July 28, 2025

Eye on Security: Red Hat Explains Why Windows is Less Secure, New Windows 0-Day Attack

Comments

Recent Techrights' Posts