Eye on Security: Red Hat Explains Why Windows is Less Secure, New Windows 0-Day Attack
- Dr. Roy Schestowitz
- 2010-07-01 13:46:45 UTC
- Modified: 2010-07-01 13:46:45 UTC
Summary: Comparative security news from this week
●
Open Source is Inherently More Secure, Says Red Hat (Microsoft
admits silent patching it never discloses)
But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built. President Reagan was fond of saying to Soviet leader Mikhail Gorbachev, "Trust, but verify." With proprietary software, you simply have to trust.
Microsoft, for example, pushes out security updates on the second Tuesday of every month. Bressers said they can't do that. Microsoft has the advantage of hiding security flaws and working on them at their leisure, but with open source software, that's not possible because everyone can see that there's a problem and they expect it to be fixed right away.
And if a security hole isn't plugged quickly enough, you can fix it yourself, Bressers explained.
An example of the power of open source is the ping of death bug. Back in the late 1990s someone figured out that if you send a giant ICMP packet to a computer, just about any computer, it will crash. The bug affected every operating system, routers, printers, etc. When the problem was discovered, the open source Linux operating system had the bug squashed in about 2 hours, Bressers recalled. The closed source operating system vendors, however, took days, weeks and even months to make and distribute a patch for the ping of death.
●
Microsoft: 10,000 PCs hit with new Windows XP zero-day attack
Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.
Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.
●
New Windows Live Messenger has same old privacy problems
Why do I get the impression that some folks at Microsoft just don’t get it?
●
Privacy problems persist in latest Windows Messenger 2011 beta [
via]
Earlier versions of Messenger played fast and loose with your privacy. The new Live Messenger 2011, currently in beta, suffers from some of the same defects
Recent Techrights' Posts
- Speed of GNU/Linux
- The media seldom speaks of the dangers of "proprietary software"
- Proprietary Windows Versus "Linux" News (Trying to Keep People on Windows, Never Exploring GNU/Linux)
- Good editors know better how to recognise threats and not give them lip service
- Ensuring That Every Computer User Anywhere in the World Can Take Control of All His or Her Computers
- We must fight the people who attack general-purpose computing, in particular those who push this agenda very aggressively inside Linux
- Gemini Links 28/04/2025: Autism and Structural Navigation
- Links for the day
- What Happened to the Open Source Initiative (OSI) Elections: The Purge, the Cover-up, and the Witch-hunts
- OSI has gone "full Microsoft"
-
- Links 28/04/2025: Canada's Election, Pakistan-India Conflict
- Links for the day
- Glue Inside Your Pizza (or Why People Will Get Fed Up With Slop)
- People are given "answers" from non-intelligence word dumpsters
- Links 28/04/2025: Cyberattacks Happening, Chatbots Disappointing, and "Free Speech Under Fire"
- Links for the day
- Phone Adoption Very Low in Vatican, Windows Usage Fell Nonetheless
- Even in places where people still use desktops/laptops most of the time (and have access to these) Windows is gradually losing ground
- GNU/Linux 9% in Cuba, Vista 11 Waning, Android Dominant
- Microsoft has pretty much lost Cuba
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Sunday, April 27, 2025
- IRC logs for Sunday, April 27, 2025
- In 24 Countries Observed by statCounter Vista 11 is Still Less Than a Quarter of Windows Users Despite All Other Versions Being 'Expired'
- They ought to move to GNU/Linux
- Links 27/04/2025: Pope Goodbyes, "Politics of Fear", Slop Redux and More Google Shutdowns (Google Debt Had Grown This Year)
- Links for the day
- Links 27/04/2025: Serenity Dialectics, Hockey Jersey Ethics, and More
- Links for the day
- Links 27/04/2025: Death of Nest Thermostats, Death of Metaverse
- Links for the day
- Links 27/04/2025: Projects Workflow and Discovering Technology
- Links for the day
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Saturday, April 26, 2025
- IRC logs for Saturday, April 26, 2025
- Microsoft Isn't on the Map in USSR
- To them, it's either Google or Yandex
- In Central America Windows Became a Small Force
- These are countries where Windows used to have well over 95% of the "market"
- What's Very Vexing to GAFAM, EPO and Others Is That It's Incredibly Hard to Censor Us (and Nobody Ever Successfully Did That Before)
- resist, do not capitulate
- Site May be Even Faster Now
- It basically takes less than a tenth of a second to serve the page
- Receiving SLAPPs and Collecting Them Like Trophies (the SLAPPs Always Fail)
- People who file lawsuits bring even more attention to themselves (or to embarrassing statements about them)
- Year of GNU/Linux on the Laptop?
- It's not happening only in Lenovo
- What People Must Understand About the Open Source Initiative (OSI)
- some facts about the Open Source Initiative (OSI)
- Many of the Scandals Are Interconnected (Overlapping People and Corporations)
- We're only getting started
- More Copyright Lawsuits Against LLM Slop Providers and Suppliers of LLM Slopfarms Would Benefit Society
- It's not just bad for the Web and for society; it's also legally dangerous
- Links 26/04/2025: General Assassinated in the Town of Balashikha, US Promoting Seafloor Mining
- Links for the day
- Links 26/04/2025: Facebook Layoffs Again, Remembering What's Real, and Say No to Mass Surveillance
- Links for the day
- Links 26/04/2025: NOAA Budget Cuts and "Dog Days Ahead"
- Links for the day
- In defence of JD Vance, death of Pope Francis
- Reprinted with permission from Daniel Pocock
- Three Years in Prison for Disney Employee’s ‘Menu Hacking’: The Economic Fallout of Digital Menus
- Reprinted with permission from Ryan Farmer
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Friday, April 25, 2025
- IRC logs for Friday, April 25, 2025
Comments
saulgoode
2010-07-01 14:10:44
Not just trust the vendor, but also those with whom they've shared the source code (subcontractors, governments, large corporate clients, etc).
It is noteworthy that there were claims that the recent attack on Google stemmed from sources within the Chinese government (with whom MS shares its source code), it is not that surprising that Google would quickly put an end to a situation where the malware authors get to see the Windows source code and they do not.
Dr. Roy Schestowitz
2010-07-01 14:17:26