Eye on Security: Red Hat Explains Why Windows is Less Secure, New Windows 0-Day Attack
- Dr. Roy Schestowitz
- 2010-07-01 13:46:45 UTC
- Modified: 2010-07-01 13:46:45 UTC
Summary: Comparative security news from this week
●
Open Source is Inherently More Secure, Says Red Hat (Microsoft
admits silent patching it never discloses)
But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built. President Reagan was fond of saying to Soviet leader Mikhail Gorbachev, "Trust, but verify." With proprietary software, you simply have to trust.
Microsoft, for example, pushes out security updates on the second Tuesday of every month. Bressers said they can't do that. Microsoft has the advantage of hiding security flaws and working on them at their leisure, but with open source software, that's not possible because everyone can see that there's a problem and they expect it to be fixed right away.
And if a security hole isn't plugged quickly enough, you can fix it yourself, Bressers explained.
An example of the power of open source is the ping of death bug. Back in the late 1990s someone figured out that if you send a giant ICMP packet to a computer, just about any computer, it will crash. The bug affected every operating system, routers, printers, etc. When the problem was discovered, the open source Linux operating system had the bug squashed in about 2 hours, Bressers recalled. The closed source operating system vendors, however, took days, weeks and even months to make and distribute a patch for the ping of death.
●
Microsoft: 10,000 PCs hit with new Windows XP zero-day attack
Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.
Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.
●
New Windows Live Messenger has same old privacy problems
Why do I get the impression that some folks at Microsoft just don’t get it?
●
Privacy problems persist in latest Windows Messenger 2011 beta [
via]
Earlier versions of Messenger played fast and loose with your privacy. The new Live Messenger 2011, currently in beta, suffers from some of the same defects
Recent Techrights' Posts
- One Person's Take on Jef Spaleta, the New Fedora Project Leader
- "With a little searching, I wonder what else may be found regarding Microsoft."
- LLM Slop Has Virtually Killed unixmen.com and Many Other Sites
- There's no longer any incentive to write real articles in there
- Taking a Moral Stand Against Strategic Lawsuits Against Public Participation (SLAPPs) and the Worst Offenders/Facilitators
- Any other stance would sidle with moral depravity or moral hazard
-
- Windows Has Fallen to All-Time Lows in Switzerland Since GNU Celebrated 40th Anniversary (GNU’s 40th Birthday in Biel, Switzerland)
- GNU/Linux has been doing well in Switzerland
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Sunday, April 06, 2025
- IRC logs for Sunday, April 06, 2025
- Links 07/04/2025: Leaving Gemini/smolweb and Mastodon Migrations
- Links for the day
- In Iraq, Windows 3.1 (Percent)
- There's also zero
- Links 06/04/2025: Flood, Cool Gemini Capsule, and Long Form
- Links for the day
- Links 06/04/2025: Science, Politics, and Pricier Goods
- Links for the day
- Sharp Declines for Microsoft Windows in Bangladesh (Pop. ~175,000,000), Big Gains for GNU/Linux
- Microsoft Windows has been having a really hard time in poor countries
- Links 06/04/2025: Fake Reviews, Privatisation Heists, and "AI" as Smokescreen for Impoverishing Humans
- Links for the day
- Links 06/04/2025: Many New Acts of Repression and Elements of Financial Depression
- Links for the day
- In Qatar GNU/Linux Rose From Under 1% to Over 4% in Two Years (or Over 5% If Counting ChromeOS)
- It's a big improvement compared to what we saw last year
- LLM Scrapers Are a Nuisance, But They're Also a Reminder It's Time to Make Your Site Static
- Perhaps the best protection is the ability to endure surges
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Saturday, April 05, 2025
- IRC logs for Saturday, April 05, 2025
- Links 06/04/2025: Attacks on Education, Fake Patents, and Fake (Illegal) Patent Courts
- Links for the day
- France: Apple and Microsoft Down, GNU/Linux Up to New Record Levels
- How will tariffs against France impact things in the coming months?
- Open Source Initiative (OSI) Privacy Fiasco in Detail: What Was Reported to the California Privacy Protection Agency (CPPA)
- We hope to finish this whole lot within a week, then move on to election, lobbying etc.
- Links 05/04/2025: Tariffs Backfiring, YouTuber Arrested, X/Twitter Set to be Fined
- Links for the day
- Gemini Links 05/04/2025: Offline is For Everyone, Copyright Colonialism, and More
- Links for the day
- Links 05/04/2025: TikTok Unsold (Still), Royal Society is Dead
- Links for the day
- Techrights Will Spend the Next Few Years Writing a Lot About Strategic Lawsuits Against Public Participation (SLAPPs)
- It's a growing problem
- The State of EPO Staff's Health in Rijswijk or The Hague
- We're going to cover the EPO some more later in the month
- NVIDIA Corp Lost 36% of Its "Value" Since Cheeto Inauguration, But "Gen Hey Hi" (GenAI) is Totally Not a Bubble
- Selling loads of unneeded hardware based on hysterical hype; like selling shovels during a Gold Rush
- GNU/Linux Growing in East Asia, Windows by Default No More?
- GNU/Linux is now on the shelf
- Slopwatch: Anti-Linux 'Articles' From Linux-Hostile LLMs
- It is almost always negative things and nobody can be held responsible for it except the charlatans prompting the LLMs
- Links 05/04/2025: Fentanylware (TikTok) "Sale Looks Highly Imminent" (US), Stock Market Drowning in Panic
- Links for the day
- Gemini Links 05/04/2025: Moving Plants, No to Smartwatches, RAID Hygiene
- Links for the day
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Friday, April 04, 2025
- IRC logs for Friday, April 04, 2025
Comments
saulgoode
2010-07-01 14:10:44
Not just trust the vendor, but also those with whom they've shared the source code (subcontractors, governments, large corporate clients, etc).
It is noteworthy that there were claims that the recent attack on Google stemmed from sources within the Chinese government (with whom MS shares its source code), it is not that surprising that Google would quickly put an end to a situation where the malware authors get to see the Windows source code and they do not.
Dr. Roy Schestowitz
2010-07-01 14:17:26