Eye on Security: Red Hat Explains Why Windows is Less Secure, New Windows 0-Day Attack
- Dr. Roy Schestowitz
- 2010-07-01 13:46:45 UTC
- Modified: 2010-07-01 13:46:45 UTC
Summary: Comparative security news from this week
●
Open Source is Inherently More Secure, Says Red Hat (Microsoft
admits silent patching it never discloses)
But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built. President Reagan was fond of saying to Soviet leader Mikhail Gorbachev, "Trust, but verify." With proprietary software, you simply have to trust.
Microsoft, for example, pushes out security updates on the second Tuesday of every month. Bressers said they can't do that. Microsoft has the advantage of hiding security flaws and working on them at their leisure, but with open source software, that's not possible because everyone can see that there's a problem and they expect it to be fixed right away.
And if a security hole isn't plugged quickly enough, you can fix it yourself, Bressers explained.
An example of the power of open source is the ping of death bug. Back in the late 1990s someone figured out that if you send a giant ICMP packet to a computer, just about any computer, it will crash. The bug affected every operating system, routers, printers, etc. When the problem was discovered, the open source Linux operating system had the bug squashed in about 2 hours, Bressers recalled. The closed source operating system vendors, however, took days, weeks and even months to make and distribute a patch for the ping of death.
●
Microsoft: 10,000 PCs hit with new Windows XP zero-day attack
Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.
Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.
●
New Windows Live Messenger has same old privacy problems
Why do I get the impression that some folks at Microsoft just don’t get it?
●
Privacy problems persist in latest Windows Messenger 2011 beta [
via]
Earlier versions of Messenger played fast and loose with your privacy. The new Live Messenger 2011, currently in beta, suffers from some of the same defects
Recent Techrights' Posts
- Lacking Business Model, Bluesky Has Become Slop and Gravitates Towards Plagiarism, Bots
- LLM slop/plagiarism under the guise of "Artificial Intelligence" (AI)
- SUEPO Central Made a Strike (or Striking) Success
- Europe has more than enough qualified patent officials
-
- Chaff, Slop and Spam Help Distract From Parallel Crises at IBM
- IBM seems very eager to undermine discussion about what goes on inside
- IBM-Spawned Lexmark Sold, Then Came Mass Layoffs, Now the CEO Who Did This is Leaving
- IBM is really not a magnet for talent at this point
- Not April Fools But April First: Red Hat Staff Becoming "IBM"
- claims of mass layoffs set to kick off at IBM some time soon
- Gemini Links 31/03/2026: Antenna Packed Up, AuraGem and AuraSearch Maintenance
- Links for the day
- Links 31/03/2026: More Social Control Media Bans, BBC Now Run by GAFAM (US) Executive
- Links for the day
- 'Broligarchs' Don't Want Science, They Want Entertainers to Entertain Them (and Make Them Richer)
- Of course this will result in things getting worse in the sciences and everyone who relies on the sciences
- When Republics Turn From Democratic Governments Into Imperialistic Dictatorships
- What goes on in the US would require talking about politics
- Companies That Have Nothing Except Buzzwords and Promises Will Perish
- Dishonest media will perish along with the companies it is covering up for
- The Solicitors Regulation Authority (SRA) to be Grilled in Two Weeks' Time by the British Government for "Recent Regulatory Failures"
- we escalated to our politicians
- GNU/Linux Will Thrive as Long as It's Modular, Not Monolithic
- To IBM, it's all about money. Nothing else matters.
- EPO "Cocaine Communication Manager" - Part X - People Are Leaving
- "I was happy to be at the EPO in the beginning, but since I realized it's all a big mafia"
- IBM's 33 Years as a "Financial Engineering" (Accounting Tricks) Company
- In relation to Red Hat, this "financial engineering" involves culling many workers and trying to replace them with slop
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Monday, March 30, 2026
- IRC logs for Monday, March 30, 2026
- Links 31/03/2026: Rising Costs, Cyberattacks, Novo Patent Expiry
- Links for the day
- Gemini Links 31/03/2026: American Spring, Distributed Systems Simulator, and Calculus for Electronics
- Links for the day
- IBM Layoffs and Their Expected Scope in April 2026
- Such layoffs impact not only IBM "proper"
- SLAPP Censorship - Part 28 Out of 200: Facing Consequences for Impersonation and Worse
- It's not "funny". It is moreover libellous.
- Links 30/03/2026: South Korea Next to Curb Social Control Media Addiction and Manipulation, Notorious Patents in the US Challenged
- Links for the day
- Gemini Links 30/03/2026: Going Back to Wrist Watches and Why LLMs in Programming Suck
- Links for the day
- Did IBM Pay thestreet.com for Puff Pieces? (Like It Did With Forbes)
- If so, there is no disclosure
- Wikipedia - Funded by Slop-pushing Companies and 'Broligarchs' - Gave Benefit of the Doubt to Slop, Then Regretted It
- Wikipedia sucks. Without slop it'll suck a little less.
- Payoffs of Lifelong Commitments
- "The Lifelong Activist"
- Links 30/03/2026: "We Can’t Income-Tax Ultra-Elites"; "The Pirate Bay’s Oldest Torrent Turned 22"
- Links for the day
- Today, Europe's Second-Largest Institution (EPO) Goes on Strike That Can Last Until 2027. Nobody in the Media Covers This!
- "We stand with the protesters"
- When the Cost (or Time) of Maintenance Exceeds the Value
- In recent years it seems like more people learn to remove things from their lives, not add more things
- Passage of Wealth Upwards, Blaming the Victims
- Tim Sweeney's net worth is 5.1 billion USD according to Forbes
- More Media Needs to Tell the Public Slop is a Giant Bubble, It Should Stop Taking "Sponsorship" Money to Inflate This Bubble
- If enough of (what's left of) the media changes its tune and quits being a parrot of GAFAM, then we can debate slop like grown-ups
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Sunday, March 29, 2026
- IRC logs for Sunday, March 29, 2026
- Trying to Hide One's Abuses by Imposing Silence on Critics ("My Profile Was Private")
- With enough daylight, sooner or later everyone knows you are a vampire
- Fedora Badges System Shows the Demise of Fedora Under IBM
- IBM isn't good at keeping what it buys
- IBM is Sunsetting Red Hat, It Only Uses the Brand and the Shell
- IBM buys or spins off companies as containers for "toxic assets" and debt
- Cisco Systems is a Still Weak Spot With Bug Doors
- nothing to offer except storytelling
- EPO Strike Begins Today and It's the Longest One Yet (Can Last a Year)
- Where's the media?
- Gemini Links 30/03/2026: Approaching April and Arvelie Calendar
- Links for the day
- No Daylight Saved
- Is there still any practical reason for this ritual?
- Microsoft Azure Does Not Have "Hiring Freezes", It Has Had Mass Layoffs Every Year Since 2020
- Things are always a lot worse than Microsoft formally or publicly acknowledges
- SLAPP Censorship - Part 27 Out of 200: Using the Tor Network to Hide From Consequences
- Only 1-2 weeks after the countersuit the Canadian attempted to deplatform several Web sites
- The Limits of Inclusion
- Inclusion with caution isn't "opinionated"; it's a defence mechanism, sometimes a survival instinct
- Almost 20 Years After Microsoft/Novell
- The mission has not changed, but the priorities evolve all the time
- People Discuss Rumours of Mass Layoffs at IBM Becoming Public in 1-2 Weeks
- IBM is killing its brand or its "goodwill"
- LLM Slop Kills Sites, as Sites That Adopt Slop Are Doomed
- People won't subscribe to such sites and visit them if they recognise it's just slop
- Links 29/03/2026: Indonesia Cracks Down on Social Control Media Addiction, China Becomes World’s Scientific Superpower
- Links for the day
- Fedora at the Mercy of Microsoft Because of Back-Doored Kick-Switch Boot
- We'll soon revisit the defamation attacks on Torvalds
- Links 29/03/2026: Water Shortages and No Kings Rallies
- Links for the day
- The Old Days
- In the early days of this site (2006) it was mostly just a couple of people, plus comments
- Gemini Links 29/03/2026: Return to Gopherspace, "Zen of Marking Playing Cards"
- Links for the day
- The Real XBox is Dead, So Microsoft is Calling Everything "XBox" Now
- It even wanted to run a campaign to convince everybody that XBox is not actually a console
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Saturday, March 28, 2026
- IRC logs for Saturday, March 28, 2026
Comments
saulgoode
2010-07-01 14:10:44
Not just trust the vendor, but also those with whom they've shared the source code (subcontractors, governments, large corporate clients, etc).
It is noteworthy that there were claims that the recent attack on Google stemmed from sources within the Chinese government (with whom MS shares its source code), it is not that surprising that Google would quickly put an end to a situation where the malware authors get to see the Windows source code and they do not.
Dr. Roy Schestowitz
2010-07-01 14:17:26