Bonum Certa Men Certa

How Debian-type Centralisation Made GNU/Linux Very Secure

Data storage with USB



Summary: Contrary to some malicious allegations, Microsoft remains the one copying security features from Linux, not the other way around

THE technology news sites have begun pushing the "USB" story, suggesting that inheriting Windows-like behaviour makes Linux less secure. There are rebuttals written about it and we may address them at a later stage. For the time being, let us recall the advantage GNU/Linux has not only when it comes to software centralisation in trusted repositories (which verifies safety and protects from malicious downloads from arbitrary sites). One of the big advantages of this approach is that using the same mechanism GNU/Linux keeps all the underlying software -- not just the core of the operating system -- up to date with security patches. Windows does not have that (Apple emulates this and Microsoft only expresses hopes to emulate that, just like it emulates sudo) and in fact one writer is now saying that "Microsoft has to open Windows Update to third-party developers":



There's a lot of confusion out there about when attacks against computers occur as a result of vulnerabilities in software as opposed to some other weakness, usually social engineering. Considerable progress has been made in protection against vulnerabilities on Windows, and we can make exploitation even harder if Microsoft can be talked into my scheme: open up Windows Update to third-party applications.

My own opinion is that social engineering is far more important than vulnerabilities and has been increasing in importance. One reason for this is that vulnerabilities are a harder target than they used to be, and that's in large part because of the work Microsoft has done over the last 6 or 7 years.


Glyn Moody wrote about the William Hague confession which we mentioned the other day, arguing quite rightly that operating systems play a role here:

The key thing to notice is that the dangerous link that the UK government idiots clicked on downloaded to their PCs the Zeus trojan horse - a keylogger that only affects Windows (not that you'd ever guess that from the pathetic mainstream coverage of any Zeus infection). So if the UK government swapped out lots of those expensive and vulnerable Windows systems with low-cost and rather more secure GNU/Linux ones, we'd be spared most of the losses from those cyber-wallies, for almost no outlay.

But that would be too easy, efficient and intelligent - especially when there's a baying pack of security companies who have the scent of those 650 million smackeroonies in their dilated nostrils. To avoid that threat of minimising the threat with such simple means, they'll doubtless create a crescendo of FUD about the imminent “cyber-Armageddon” we all face if the UK government doesn't throw buckets of dosh in their direction to “defend, delay, attack and manoeuvre in cyberspace”, as General Sir David Richards, chief of the defence staff, put it in the article quoted above (how on earth do you “manoeuvre in cyberspace”?)

The trouble is, no matter how much security firms claim their costly solutions are idiot-proof, they underestimate the cleverness of idiots - or the deep and intrinsic lack of security offered by a Microsoft monoculture, which is even more durable than that pesky “cyber” prefix....


On the very same day, Moody also shared a link to this curious PDF, suggesting that "Nearly 1/3 of internet users in the EU27 caught a computer virus" (Moody added: "no mention of Windows, just for a change").

It was almost 3 years ago that we wrote about statistics suggesting 40% of Windows PCs had become zombies, whether the users know this or not.

Recent Techrights' Posts

Coping With the Site Going More Mainstream
Fame is no laughing matter
21 Pages in Less Than 7 Hours is No Joking Matter
We've become a lot more effective and efficient
Generation Chaff - Phase V: Censorship of Dissent (Painted as Harassment or Terrorism)
Censorship is all around us now
Generation Chaff - Phase IV: Apps Only Few Companies Decide On
Tools are being collectively confiscated, under the premise or false prospect of "security"
 
Links 24/10/2025: Inequality Grows, Billion-Dollar Scam Center Industry
Links for the day
Links 24/10/2025: "Independent Media in Cambodia is Collapsing" and Serious F5 Breach
Links for the day
They Never 'Put Down' Corporations
There are "pests" that are traded in Wall Street
Correct Information is a Valued Asset in the Age of Slopfarms and Public Relations (PR) or Spin
Publishing suppressed facts is never easy
The Register MS Continues to Bag Money to Promote a Ponzi Scheme, Even Money From China
Today in the front page
analytics.usa.gov: The Only Supported Version of Windows (This Past Week) is Only Used by About 13.9% of People in the US, the Home Base of Windows
Even Vista 7 is still used more
Rust is Very Secure
If only Rust itself is secure
Who Will be Held Accountable for Breaking Ubuntu by Imposing Rust on Otherwise-Functional Programs, in Effect Replacing GNU With Proprietary Microsoft (GitHub)?
they're practical people who merely point out that a bunch of buffoons not only ruin Ubuntu but also every future distro based on Ubuntu
Generation Chaff - Phase VIII: In Summary
Like "Science" with a capital "S", what we see here commercial interests usurping everything
Generation Chaff - Phase VII: Curtailing Alternative Media
There was always an obligation - a collective duty of sorts - to uphold independent journalism
Generation Chaff - Phase VI: Centralisation of Information (X, Cheetok/Fentanylware)
Would you trust information when controlled by such people?
Generation Chaff - Phase III: Slop and Plagiarism
A lot of the current so-called 'economy' is built upon false valuations
Generation Chaff - Phase II: "Cloud", Blockchains and Other Hype
For those of us who turned down those propositions there was a struggle; we needed to justify not having skinnerboxes or "social" accounts in some site run by a private company
Generation Chaff - Phase I: Social Control Media
IRC predates the Web
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, October 23, 2025
IRC logs for Thursday, October 23, 2025
More Clues Shed on Collapse of Microsoft XBox
XBox is basically circling down the drain as Microsoft implements 2-3 waves of layoffs each month
'Vibe Coding' Doesn't Work
In a lot of ways, so-called 'Vibe Coding' is already considered vapourware or a passing fad promoted in the media by managers who try to justify mass layoffs, especially ridding companies of "very expensive" software engineers
Links 24/10/2025: Microsoft's Killing of XBox Connected to Revenue/Profit Problems, "How Elon Musk Ruined Twitter"
Links for the day
Gemini Links 24/10/2025: 86,400 Seconds and "Society's Task"
Links for the day
Slopwatch: Google News and Slopfarms That Relay Nonsense From LLMs
Google News, which once prioritised or used to care about provenance and quality, is feeding slopfarms
Links 23/10/2025: More Health Concerns Over Dumb Chatbots (LLMs) and "Talking Cars" as Latest Buzz
Links for the day
Gemini Links 23/10/2025: Daylight Savings Time and Duration Shorthand
Links for the day
Links 23/10/2025: LLM 'Hallucinations' (Defects) in Practical Code 'Generation', China Becomes More Economically and Technologically Independent
Links for the day
Why We Support Richard Stallman and You Probably Should Too
It's not about being "Richard Stallman fan", it is about maintaining the right to hold positions (on technology) like his
Linux Foundation Uses LLM Slop to Promote Microsoft in Linux.com (Again), Rendering It a Linux-Hostile Slopfarm
Openwashing with slop by "Linux.com Editorial Staff", which basically seems to be a bot
Some Large German Media Covers Richard Stallman's Talks in Germany Earlier This Week
LLM-based chatbots are just "bullshit generators" (as he has long called them)
Links 23/10/2025: Windows TCO Galore and "The Internet Is Going to Break Again"
Links for the day
Trouble in Red Hat/IBM and a Retreat to Ponzi Economics in Search of Wall Street Market Heist
Would you invest your life savings in this kind of crap?
Who Asked Software in the Public Interest (SPI) for a Refund? ($100,000, Resulting in Losses of $267,201 in 12 Months, Highest-Ever Losses)
The IRS does not reveal who or what's tied to this refund (or the cause/reason)
Social engineering attack: Debian voted to trick you on binary blobs
Reprinted with permission from Daniel Pocock
Techrights Will Always Stand for Women's Rights
We even invest money - personal savings that it - in our principles
Certified Lawyers Should Know Better (Than to Intimidate Us With Man Who Drives on Motorcycle Through a Really Bad Storm Between Distant Cities, Then Collects Photos of Our Home)
Mentioning someone was in prison for bad things isn't a crime, it's a public service
The "AI" (Slop) Bubble is Already Imploding
"ChatGPT Usage Has Peaked and Is Now Declining, New Data Finds"
The So-called "Sexy" Buckets (AI, Quantum) Cannot Save IBM From Reality, Shares Tank
"No matter how much financial hocus-pocus they use to reclassify revenues to land in the "sexy" buckets (AI, Quantum), it still smells old and musty - just like this company."
Paul Krugman is Wrong About the Scope of Mass Layoffs in the United States
A few years ago society was accelerating its journey towards feudalism, boosted by COVID-19
Links 23/10/2025: Proprietary Blunders and CISA's Latest Disclosure of Holes
Links for the day
Gemini Links 23/10/2025: Fast Past (F1), 99.9% Uptime
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, October 22, 2025
IRC logs for Wednesday, October 22, 2025
Slopwatch: Google News is Promoting Fake 'Articles' About Fake Xubuntu, Fake Articles About Replacing Windows With GNU/Linux
The quality of the Web deteriorates and unless someone cleans up the mess, real sites will lose an incentive to produce anything
When "AI Layoffs" Mean Layoffs Due to the "AI" Bubble Popping
many people that are laid off by Microsoft claim to be specialists in "AI"
Mysterious grant forfeited, $100,000 from Software in the Public Interest accounts 2023
Reprinted with permission from Daniel Pocock
Evidence: bullying, student union behaviour: Armijn Hemel's FSFE resignation
Reprinted with permission from Daniel Pocock
Evidence: psychological abuse, stalking, Galia Mancheva, Susanne Eiswirt ignored by FSFE judgment for Matthias Kirschner
Reprinted with permission from Daniel Pocock
Helping FSFE scam victims and conference organisers
Reprinted with permission from Daniel Pocock
Nigerian fraud in FSFE constitution
Reprinted with permission from Daniel Pocock
Worrying and Amusing Stories of "Clown Computing" Gone Awry
Many of these disasters could be avoided
Links 22/10/2025: Amazon Plans to Replace Workers With Robotics, AWS and Clown Computing in General Ridiculed
Links for the day
Gemini Links 22/10/2025: Niri Completely Changes Multitasking and Overview of Diff-ers
Links for the day
Links 22/10/2025: Study on Misinformation by Slop and Heavily Debt-Sabbled Microsoft OpenAI (ClosedSlop) Uses "Browser" as Gimmick/Distraction
Links for the day
They've Already Spent Close to a Million Dollars on Lawyers and Sent Us About 50 KG of Legal Papers (Sponsored by Mysterious Third Party) to Try to Censor Techrights, Without Success
They try to overcompensate with sheer volume for a lack of solid, clear arguments (we are the victims here)
12 Months Ago the 'Hulk Hogan of UEFI' Officially Went 'Tag-Team'
We're actually sort of flattered or proud that such despicable people are so desperate to censor us
"Cloud Computing" Was Always a Joke, But This Week Was the Punchline
Maybe stop following tech trends and fashions
"Cloud Computing" Does Not Mean Safety
Fault tolerance is related to the notion of software freedom
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, October 21, 2025
IRC logs for Tuesday, October 21, 2025
The Fall of Windows: From Something to Nothing
Of course Microsoft will pretend everything is fine and "just trust the hey hi" (AI)