Eye on Security: Red Hat Explains Why Windows is Less Secure, New Windows 0-Day Attack
- Dr. Roy Schestowitz
- 2010-07-01 13:46:45 UTC
- Modified: 2010-07-01 13:46:45 UTC
Summary: Comparative security news from this week
●
Open Source is Inherently More Secure, Says Red Hat (Microsoft
admits silent patching it never discloses)
But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built. President Reagan was fond of saying to Soviet leader Mikhail Gorbachev, "Trust, but verify." With proprietary software, you simply have to trust.
Microsoft, for example, pushes out security updates on the second Tuesday of every month. Bressers said they can't do that. Microsoft has the advantage of hiding security flaws and working on them at their leisure, but with open source software, that's not possible because everyone can see that there's a problem and they expect it to be fixed right away.
And if a security hole isn't plugged quickly enough, you can fix it yourself, Bressers explained.
An example of the power of open source is the ping of death bug. Back in the late 1990s someone figured out that if you send a giant ICMP packet to a computer, just about any computer, it will crash. The bug affected every operating system, routers, printers, etc. When the problem was discovered, the open source Linux operating system had the bug squashed in about 2 hours, Bressers recalled. The closed source operating system vendors, however, took days, weeks and even months to make and distribute a patch for the ping of death.
●
Microsoft: 10,000 PCs hit with new Windows XP zero-day attack
Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.
Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.
●
New Windows Live Messenger has same old privacy problems
Why do I get the impression that some folks at Microsoft just don’t get it?
●
Privacy problems persist in latest Windows Messenger 2011 beta [
via]
Earlier versions of Messenger played fast and loose with your privacy. The new Live Messenger 2011, currently in beta, suffers from some of the same defects
Recent Techrights' Posts
- Where Microsoft's Bing Cannot Even Reach 1% "Market Share"
- Looking at "I" countries
- Links 16/02/2026: Barack Obama Responds to Racist Cheeto and Benjamin Mako Hill Studies Online Communities
- Links for the day
- IBM Reduces the Thresholds for Acceptance (and the Salaries)
- Are chatbots good enough as IBM staff?
- When It Comes to Rust, Keep All the Eyes on the Ball (Technical and Legal Perils, Sustainability Questions)
- It's not about security or politics
-
- Only One in 50 Saudis Would Use Microsoft for Search, Almost Same as Would Use Russia's Yandex
- If statCounter is to be trusted
- Microsoft's "AI" Concerns Are All Indian (or Low-Paid Workers Who Work Extra Hours Unpaid)
- portraying charlatans and frauds like they're some kind of visionaries and luminaries
- Microsoft Turned Bing Into Censorship Machine of China, But Bing Is Pegged at a Mere 2% in Asia, Yandex is Bigger
- Expect many Bing layoffs some time soon (like in past years)
- Just Like The Register MS, Conde Nast's Ars Technica Has Just Publicly Admitted That It Published Fake Articles (Slop) Made by LLMs About Serious Subjects
- Conde Nast might shut Ars Technica down to escape the bad publicity/association
- Solicitors Regulation Authority (SRA) Way Too Slow to Respond to Financial Fraud at Law Firms, in Effect Helping Those Law Firms Defraud Many More People (Fleecing Clients)
- Who will hold the SRA accountable for this?
- Techrights Became a Hub for News That IBM/Red Hat Doesn't Want You to See (and Pays Mainstream Media to Distract From)
- the more viciously the notorious organisation attacks the reporter, the greater the interest in what the reporter has to say
- EPO's Central Staff Committee on Fourth Technical Meeting, Two Days Before First of (At Least) 4 Winter Strikes at the Second-Largest European Institution
- “future orientations on the salary adjustment procedure”
- IBM's Collapse Continues, Half of EU Countries to Have Mass Layoffs, "IBM Clearly Disinvests From Europe" Says IBM European Works Council
- Recent publication
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Monday, February 16, 2026
- IRC logs for Monday, February 16, 2026
- Gemini Links 17/02/2026: Alpenglow Industries' Closure and Gemini Server Issues
- Links for the day
- The Southern California Linux Expo (“SCALE”) or SCALE 23x Becomes Microsoft
- It's not supporting the event, it is buying it.
- Microsoft to Focus on Name-Dropping Buzzwords to Distract From Declining Business, IBM RAs (Layoffs) With Staff Stack-Ranked
- Calling everything cloud or reclassifying as "AI"
- Another EPO Strike One Week From Now, Local Staff Committee Munich to Discuss It This Week
- Campinos MIA while Office staff goes on strike at least 4 times
- Gemini Links 16/02/2026: Task Completed by Avoidance and "Playing Again With Akkoma"
- Links for the day
- Happy Birthday (or Anniversary) to SoylentNews
- "Happy Birthday SoylentNews"
- Techrights' Architecture
- Stability is the main goal
- Linux Foundation Continues Falling Off a Cliff in Geminispace
- Gemini Protocol will turn 7 this summer
- Links 16/02/2026: cURL’s Daniel Stenberg Asserts That Slop is DDoSing Free Software, But Still Uses a Plagiarism and GPL-Violating Blender (Microsoft GitHub)
- Links for the day
- The Techrights Community Never Needed Money, Only Goodwill
- We accomplish things by a track record of suppressed facts
- "AboutCode" is a Microsoft Proxy and Microsoft's Acquisition of the OSI Advances Via OSI Moles
- presenting direct evidence anybody can verify
- Social Control Media is Just a Digital Weapon
- Social control media is not social and not media
- They Will Call Smart People "Luddites"
- Is society "seeing the light"?
- Microsoft Amutable Already Reveals That Its Focus Is Not Linux, It'll Promote "Remote Attestation"
- This is basically an attack on Software Freedom, even if they toss around the brand "Linux"
- More People in Chad Move to GNU/Linux
- Last year we began to see GNU/Linux rising there - a trend which continues this year
- Dr. Andy Farnell on How Universities and Culture of Education Got Crushed by "Technofascist Nightmare"
- Farnell says he "already soft-quit in [his] mind"
- Debt of Broadcom Grew by More Than 50%, Broadcom is Deeper in Debt Than Google
- Expect many more cuts
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Sunday, February 15, 2026
- IRC logs for Sunday, February 15, 2026
- Links 15/02/2026: Slop, Politics, and Gemini
- Links for the day
- Small is Beautiful (in Cascading Style Sheets/Inheritance Rules)
- If done correctly, pages can take a tenth of a second to fully load
- Microsoft Has Fallen to New Lows in Hong Kong This Year
- That Windows "market share" falls there is perhaps expected
- Free Software Foundation (FSF) Raised About 1.5 Million Dollars This Winter, Almost 50% More Than in All of 2024 Combined
- Verbal advocacy goes a long way
- Spread the Word About EPO Strikes and Patent Injustices in Europe
- Corruption in Europe is a real thing
- The Register MS is Promoting Slop, Promotion Connected to Microsoft (Trying to Replace Judges With Microsoft)
- marketing spun as "science"
- He Did Not Have Enough Souls
- A lot of the subjects we cover here no other site dares touch
- "Mix Vale" is a Slopfarm
- 3 "articles" about "ubuntu"
- Links 15/02/2026: Roy Medvedev Dead at 100, Rise of "YouTube Politicians"
- Links for the day
- Links 15/02/2026: How Alexey Navalny Was Executed by Putin, Erdogan Helping Iran
- Links for the day
- IBM Fedora Keeps Promoting Slop, Red Hat Has Been Turned Into Chaff and Trash to Help IBM's Stock (With "AI" Storytelling)
- Red Hat's Fedora is an old brand (20+ years). It no longer stands for what it meant to people in the Fedora Core days (I was a Fedora user back then).
- What IBM Said About 2026 Layoffs and What's Happening in Practice
- t'll leave IBM at the very bottom, in due course (customers will notice something profound has changed)
- Gemini Links 15/02/2026: "Already Midway February" and Loadbars Remembered
- Links for the day
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Saturday, February 14, 2026
- IRC logs for Saturday, February 14, 2026
Comments
saulgoode
2010-07-01 14:10:44
Not just trust the vendor, but also those with whom they've shared the source code (subcontractors, governments, large corporate clients, etc).
It is noteworthy that there were claims that the recent attack on Google stemmed from sources within the Chinese government (with whom MS shares its source code), it is not that surprising that Google would quickly put an end to a situation where the malware authors get to see the Windows source code and they do not.
Dr. Roy Schestowitz
2010-07-01 14:17:26