EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

07.01.10

Eye on Security: Red Hat Explains Why Windows is Less Secure, New Windows 0-Day Attack

Posted in GNU/Linux, Microsoft, Red Hat, Security, Windows at 8:46 am by Dr. Roy Schestowitz

Knobsets

Summary: Comparative security news from this week

Open Source is Inherently More Secure, Says Red Hat (Microsoft admits silent patching it never discloses)

But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built. President Reagan was fond of saying to Soviet leader Mikhail Gorbachev, “Trust, but verify.” With proprietary software, you simply have to trust.

Microsoft, for example, pushes out security updates on the second Tuesday of every month. Bressers said they can’t do that. Microsoft has the advantage of hiding security flaws and working on them at their leisure, but with open source software, that’s not possible because everyone can see that there’s a problem and they expect it to be fixed right away.

And if a security hole isn’t plugged quickly enough, you can fix it yourself, Bressers explained.

An example of the power of open source is the ping of death bug. Back in the late 1990s someone figured out that if you send a giant ICMP packet to a computer, just about any computer, it will crash. The bug affected every operating system, routers, printers, etc. When the problem was discovered, the open source Linux operating system had the bug squashed in about 2 hours, Bressers recalled. The closed source operating system vendors, however, took days, weeks and even months to make and distribute a patch for the ping of death.

Microsoft: 10,000 PCs hit with new Windows XP zero-day attack

Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.

Microsoft reported Wednesday that it has now logged more than 10,000 attacks. “At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged,” Microsoft said in a blog posting.

New Windows Live Messenger has same old privacy problems

Why do I get the impression that some folks at Microsoft just don’t get it?

Privacy problems persist in latest Windows Messenger 2011 beta [via]

Earlier versions of Messenger played fast and loose with your privacy. The new Live Messenger 2011, currently in beta, suffers from some of the same defects

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

2 Comments

  1. saulgoode said,

    July 1, 2010 at 9:10 am

    Gravatar

    But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built.

    Not just trust the vendor, but also those with whom they’ve shared the source code (subcontractors, governments, large corporate clients, etc).

    It is noteworthy that there were claims that the recent attack on Google stemmed from sources within the Chinese government (with whom MS shares its source code), it is not that surprising that Google would quickly put an end to a situation where the malware authors get to see the Windows source code and they do not.

    Dr. Roy Schestowitz Reply:

    Let’s remember that one Chinese company that Microsoft let write its code was unethical enough (even criminal) to rip someone else’s work and rebrand it as Microsoft’s [1, 2, 3, 4].

What Else is New


  1. Web Site Which Exposed Microsoft Crimes is Gone From the Web, But Copies Still Exist

    Reputation laundering operations of Microsoft tell us that Microsoft is a 'new' and 'reformed' company; but Comes v Microsoft documents serve to show that little has changed



  2. Understanding Thierry Breton: Socialising With the Elite

    "Bernadette Chirac is not the only Presidential widow with whom Valerie has close connections."



  3. Justice Peter Huber Speaking to a Front Group of Team UPC May Compromise the Integrity of the FCC and Its Outcomes

    The public reaction, even from some legal professionals, isn't too positive, seeing how judges from BVerfG (FCC) speak to the mouthpieces of Team UPC (biased and in the pockets of the litigation 'industry')



  4. Injustice at Every Level Would Simply Doom the Entire Patent System

    Repeated failure to restore the Rule of Law and enforce accountability/oversight in Europe's patent system renders the entire system moot; it is a case of adherence to basic constitutional pillars



  5. Understanding Thierry Breton: Thierry and the $100 Billion Man

    Thierry Breton's connections to the tax avoidance ploy of his friend Bernard Arnault



  6. Links 21/11/2019: Mesa 19.3.0 RC4, Canonical SPS

    Links for the day



  7. Links 21/11/2019: Charmed OSM, Mesa 19.2.5, DXVK 1.4.5, Zorin OS 15 Lite

    Links for the day



  8. Understanding Thierry Breton: Atos Healthcare - “The Ugly Face of Business”

    "...2,380 people died after their claim for employment and support allowance (ESA) ended because a work capability assessment (WCA) found that they were found fit for work."



  9. IRC Proceedings: Wednesday, November 20, 2019

    IRC logs for Wednesday, November 20, 2019



  10. Microsoft Tim: Microsoft is Now Defending Linux

    The difference between fiction and reality



  11. Justice Peter Huber of the German Federal Constitutional Court (FCC) Calls 'Bullshit' a Rumour Nobody Really Spreads

    A sort of 'trial by media' (by Team UPC) compromises the integrity of the case (constitutional complaint) and can be interpreted as judges succumbing to lobbying/pressure from those who conspire to violate many constitutions across Europe for personal/financial gain



  12. Understanding Thierry Breton: What Thierry Did Next...

    "Whether by coincidence or not, when Atos announced in 2010 that it would acquire Siemens’ IT unit, it was the 32-year-old Macron at Rothschild who advised Breton on the deal."



  13. Links 20/11/2019: HONOR MagicBook With GNU/Linux, Coreboot 4.11, GNU Health Patchset 3.6.1

    Links for the day



  14. IRC Proceedings: Tuesday, November 19, 2019

    IRC logs for Tuesday, November 19, 2019



  15. EPO Geared Towards Financial Exploitation of Europe Instead of Serving Europe

    For the financial benefit of law firms and patent offices (they profit from processing loads of patents and lawsuits) Europe is being reverted back to Medieval Times when exercising invention and free thought (or free coding) was a luxury of the rich alone



  16. Microsoft and IBM Are the Patent Trolls, They Won't Protect Us From Trolls

    "Microsoft has no taste" and IBM has no taste, either; they're lying to our collective face together with OIN and the 'Linux' Foundation



  17. How Ralph Nader Put It

    Ralph Nader on money in politics



  18. ZDNet (CBS) Associates GNU/Linux Users With ISIS

    Response to "US student was allegedly building a custom Gentoo Linux distro for ISIS," just published by ZDNet and composed by their biggest troll, Catalin Cimpanu



  19. Understanding Thierry Breton: Noël Forgeard and His “Golden Parachute”

    The end of the first half of the Breton series; in this particular part we continue to cover the EADS scandal and the second half of this series will include the EPO connections (the vote in a plenary for Breton's nomination is due 27/11)



  20. Links 19/11/2019: Zswap's B-Tree Search Implementation, WordPress 5.2.4

    Links for the day



  21. We've Already Entered the Era When Patents Should be Presumed Invalid

    The abundance of low-quality patents may mean short-term profits for patent offices and law firms; but we know at whose expense they are profiting and the legitimacy of patent systems suffers as a result



  22. Jean-Luc Breton

    Breton a champion of obstruction and obfuscation



  23. Understanding Thierry Breton: Insider-Trading Scandal at EADS

    Although Breton was not directly implicated in the insider trading scandal itself he did come under fire in 2007 for the role he played in a side-show to the main story, namely the payment of a generous € 8.5m severance package to Noël Forgeard when the EADS co-CEO was compelled to resign in June 2006.



  24. Startpage is Not Denying Its Betrayal of Privacy, It is Just Being Evasive

    They can't call you a liar if you issue a non-denying 'denial'; the "Roll Safe Think About It" meme seems applicable here



  25. Guest Post: Open Source is Not Free Software

    "If you look at human history, you can see lots of similar ideas, movements, intellectuals who are affected by the power of the ruling class like this."



  26. IRC Proceedings: Monday, November 18, 2019

    IRC logs for Monday, November 18, 2019



  27. Links 19/11/2019: HPC Focus and LibreOffice 6.4 Beta

    Links for the day



  28. Understanding Thierry Breton: “Rhodiagate” and the Vivendi Universal Affair

    When the "Rhodia affair" became the "Breton affair"



  29. Links 18/11/2019: Last Linux RC, OSMC Updated

    Links for the day



  30. What GitHub is to Open Source

    Lots of prisoners inside GitHub


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts