Eye on Security: Red Hat Explains Why Windows is Less Secure, New Windows 0-Day Attack
- Dr. Roy Schestowitz
- 2010-07-01 13:46:45 UTC
- Modified: 2010-07-01 13:46:45 UTC
Summary: Comparative security news from this week
●
Open Source is Inherently More Secure, Says Red Hat (Microsoft
admits silent patching it never discloses)
But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built. President Reagan was fond of saying to Soviet leader Mikhail Gorbachev, "Trust, but verify." With proprietary software, you simply have to trust.
Microsoft, for example, pushes out security updates on the second Tuesday of every month. Bressers said they can't do that. Microsoft has the advantage of hiding security flaws and working on them at their leisure, but with open source software, that's not possible because everyone can see that there's a problem and they expect it to be fixed right away.
And if a security hole isn't plugged quickly enough, you can fix it yourself, Bressers explained.
An example of the power of open source is the ping of death bug. Back in the late 1990s someone figured out that if you send a giant ICMP packet to a computer, just about any computer, it will crash. The bug affected every operating system, routers, printers, etc. When the problem was discovered, the open source Linux operating system had the bug squashed in about 2 hours, Bressers recalled. The closed source operating system vendors, however, took days, weeks and even months to make and distribute a patch for the ping of death.
●
Microsoft: 10,000 PCs hit with new Windows XP zero-day attack
Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.
Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.
●
New Windows Live Messenger has same old privacy problems
Why do I get the impression that some folks at Microsoft just don’t get it?
●
Privacy problems persist in latest Windows Messenger 2011 beta [
via]
Earlier versions of Messenger played fast and loose with your privacy. The new Live Messenger 2011, currently in beta, suffers from some of the same defects
Recent Techrights' Posts
- More Information About Public Talks That Richard Stallman Gave This Week in Europe
- Two talks in Switzerland
- SoylentNews Grows Up, Registers as a Business, Site Traffic Reportedly Grows
- More people realise that social control media may in fact be a passing fad
-
- Links 29/03/2024: Fentanylware (TikTok) Fines and UK High Court Makes It Seem OK to Assassinate People Wrongly (Falsely) Associated With "Russia"
- Links for the day
- Garden Season Starts Today
- Outdoor time, officially...
- Engadget is Still a Spamfarm, It's Just an Amazon Catalogue (SPAM/SEO), a Sea of Junk Disguised as "Articles" With Few 'Fillers' (Real Articles) in Between
- Engadget writes for bots now, not for humans
- Richard Stallman's Talks in Switzerland This Week
- We need to put an end to 'cancer culture'; it's trying to kill people and it is even swatting people
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Thursday, March 28, 2024
- IRC logs for Thursday, March 28, 2024
- [Meme] EPO's New Ways of Working (NWoW), a.k.a. You Don't Even Get a Desk at Work and Cannot be Near Known Colleagues
- Seems more like union-busting (divide and rule)
- Hiding Microsoft's Culpability in Security Breaches and Other Major Blunders (in the United Kingdom, This May Mean You Can't Get Food)
- Total Cost of Ownership (TCO) is vast
- Giving back to the community
- Reprinted with permission from Daniel Pocock
- Links 28/03/2024: Sega, Nintendo, and Bell Layoffs
- Links for the day
- Open letter to the ACM regarding Codes of Conduct impersonating the Code of Ethics
- Reprinted with permission from Daniel Pocock
- With 9 Mentions of Azure In Its Latest Blog Post, Canonical is Again Promoting Microsoft and Intel Vendor Lock-in, Surveillance, Back Doors, Considerable Power Waste, and Defects That Cannot be Fixed
- Microsoft did not even have to buy Canonical (for Canonical to act like it happened)
- Links 28/03/2024: GAFAM Replacing Full-Time Workers With Interns Now
- Links for the day
- Consent & Debian's illegitimate constitution
- Reprinted with permission from Daniel Pocock
- The Time Our Server Host Died in a Car Accident
- If Debian has internal problems, then they need to be illuminated and then tackled, at the very least in order to ensure we do not end up with "Deadian"
- China's New 'IT' Rules Are a Massive Headache for Microsoft
- On the issue of China we're neutral except when it comes to human rights issues
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Wednesday, March 27, 2024
- IRC logs for Wednesday, March 27, 2024
- WeMakeFedora.org: harassment decision, victory for volunteers and Fedora Foundations
- Reprinted with permission from Daniel Pocock
- Links 27/03/2024: Terrorism Grows in Africa, Unemployment in Finland Rose Sharply in a Year, Chinese Aggression Escalates
- Links for the day
- Links 27/03/2024: Ericsson and Tencent Layoffs
- Links for the day
- Amid Online Reports of XBox Sales Collapsing, Mass Layoffs in More Teams, and Windows Making Things Worse (Admission of Losses, Rumours About XBox Canceled as a Hardware Unit)...
- Windows has loads of issues, also as a gaming platform
- Links 27/03/2024: BBC Resorts to CG Cruft, Akamai Blocking Blunders in Piracy Shield
- Links for the day
- Android Approaches 90% of the Operating Systems Market in Chad (Windows Down From 99.5% 15 Years Ago to Just 2.5% Right Now)
- Windows is down to about 2% on the Web-connected client side as measured by statCounter
- Sainsbury's: Let Them Eat Yoghurts (and Microsoft Downtimes When They Need Proper Food)
- a social control media 'scandal' this week
- IRC Proceedings: Tuesday, March 26, 2024
- IRC logs for Tuesday, March 26, 2024
- Over at Tux Machines...
- GNU/Linux news for the past day
- Windows/Client at Microsoft Falling Sharply (Well Over 10% Decline Every Quarter), So For His Next Trick the Ponzi in Chief Merges Units, Spices Everything Up With "AI"
- Hiding the steep decline of Windows/Client at Microsoft?
- Free technology in housing and construction
- Reprinted with permission from Daniel Pocock
- We Need Open Standards With Free Software Implementations, Not "Interoperability" Alone
- Sadly we're confronting misguided managers and a bunch of clowns trying to herd us all - sometimes without consent - into "clown computing"
- Microsoft's Collapse in the Web Server Space Continued This Month
- Microsoft is the "2%", just like Windows in some countries
Comments
saulgoode
2010-07-01 14:10:44
Not just trust the vendor, but also those with whom they've shared the source code (subcontractors, governments, large corporate clients, etc).
It is noteworthy that there were claims that the recent attack on Google stemmed from sources within the Chinese government (with whom MS shares its source code), it is not that surprising that Google would quickly put an end to a situation where the malware authors get to see the Windows source code and they do not.
Dr. Roy Schestowitz
2010-07-01 14:17:26