Eye on Security: Windows is Vulnerable, GNU/Linux is Not
- Dr. Roy Schestowitz
- 2010-06-11 21:17:22 UTC
- Modified: 2010-06-11 21:17:22 UTC
Summary: Today's examples of security weaknesses in Windows (which help justify Google's recent abandonment of Windows on the desktop)
●
Microsoft Security Vulnerability Disclosed (no
silent patches yet?)
Microsoft was left racing to patch a Windows Help and Support Center vulnerability after Tavis Ormandy, an information security researcher who's charged with keeping Google's products secure, Thursday publicly disclosed both the bug as well as proof-of-concept attack code.
Ormandy reportedly informed Microsoft of the vulnerability on Saturday, June 5, and Microsoft acknowledged receipt the same day. Five days later, however, Ormandy went public with a posting to the Full Disclosure mailing list. Later that day, Microsoft issued its own vulnerability announcement.
●
Bug gives attackers complete control of Windows PCs [
via]
A security researcher has warned of a vulnerability in older versions of the Windows operating system that allows attackers to take full control of a PC by luring its user to a booby-trapped website.
The flaw resides in the Windows Help and Support Center, a feature that provides users with online technical support. Malicious hackers can exploit the weakness of Windows by embedding commands in web addresses that activate the feature's remote assistance tool, which allows administrators to execute commands over the internet. The exploit works in XP and Server 2003 versions of Windows and possibly others.
●
Malware Squared
Use browsers and operating systems that are more secure. Get away from the monopoly OS that is the main target of attacks. Cut down your risk by a factor of 1000 or so by a single step, migrating to GNU/Linux. It makes sense.
Recent Techrights' Posts
- The Solicitors Regulation Authority (SRA) Has a Policy on Racism and Sexism
- In then future we'll show the misogyny and racial slurs
- The 50-Pound Note Experiment and the "War on Cash"
- Britain is actually seeing a rebound in cash payments, and it's not a temporary phenomenon
-
- Links 22/09/2025: More American 'Censorship' (Retaliation for Journalism), Cheeto "Might Be Losing His Race Against Time"
- Links for the day
- The Blob Slop
- Give me more words, give me some text
- Slopwatch: Blaming the Victims for Microsoft's Failures and Plagiarising Phoronix
- That's what Google has been reduced to: slop and slopfarms
- Links 22/09/2025: Breaches, Windows TCO, and Arrests
- Links for the day
- Gemini Links 22/09/2025: Rabbit Hole and DeGoogling Fairphone
- Links for the day
- Links 22/09/2025: Russian War Planes Invade NATO Airspace While Dihydroxyacetone Man Escalates Attack on Free Speech Because of Critics
- Links for the day
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Sunday, September 21, 2025
- IRC logs for Sunday, September 21, 2025
- Links 21/09/2025: "Hey Hi" (Hype) Under Fire, Fakes Identified; Tesla Burns Family
- Links for the day
- Google's Software is Malware and Malware in Mobile Devices
- Originally posted by Rob Musial
- Links 20/09/2025: Hegemony Coming to a Close, Luigi Mangione Ruled Not Terrorist
- Links for the day
- Gemini Links 21/09/2025: "Charlie Kirk Was a Hateful Piece of Shit" and Slop Code Attempted by Microsofter
- Links for the day
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Saturday, September 20, 2025
- IRC logs for Saturday, September 20, 2025
- Gemini Links 20/09/2025: Snowy Photos and utism is a Spectrum
- Links for the day
- Microsoft-Sponsored Xenophobia and Nationalism
- IBM is very similar in this regard
- Vintage is Sometimes Better
- Why can't we get back to "simple" if (or where) "simple" means better?
- Climate Breakdown Means We'll be Publishing More, Not Less
- Press freedom will be a common, recurring theme
- Our 5-Year Geminispace Anniversary is Coming Up
- I still remember when Gemini Protocol was quite new
- It's Right to Point Out Violence From the Right
- Violence is a recurring theme
- Tentative Summary of Things to Publish in Project 2030
- I'll still be in my forties by then
- Web Browsers That "Do Hey Hi" (AI)
- State-of-the-art plagiarism or "autocomplete on steroids" (not coined by us, nevertheless a nice description) don't have much/any prospect
- Links 20/09/2025: Hardware Projects in View, Some Independent Publishers About Russia Prosper After Cheeto Cuts Funding
- Links for the day
- Gemini Links 20/09/2025: Options and TV Time Machine
- Links for the day
- Links 20/09/2025: Retrocomputer, Antique Phone Experience, and More
- Links for the day
- Links 20/09/2025: Internet Shutdowns, Media Censorship, and Climate Worries
- Links for the day
- About 700 New Gemini Capsules in 13 Months (or 54 Per Month)
- 4.8K would represent a 20% increase
- Rust People: Drain the Swap, You're Holding It Wrong
- Does Rust make sense?
- Techrights the Name Turns 15
- About 6 weeks from now we turn 19
- Microsoft is Running Out of Time and Floating Fake Figures, Fake Projects, Fake Narratives, Fake Excuses
- Also, a lot of Microsoft's "revenue" claims are circular financing (i.e. Microsoft buying from itself, which means Ponzi-like fraud)
- Slopwatch: LinuxSecurity, linuxconfig.org, and Plagiarised Phoronix
- Many articles out there are nowadays fake
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Friday, September 19, 2025
- IRC logs for Friday, September 19, 2025
- Gemini Links 20/09/2025: Navigating the Pressures of Modern Life and SpellBinding Accidentally Wrote Another Gemini Server
- Links for the day