Eye on Security: Red Hat Explains Why Windows is Less Secure, New Windows 0-Day Attack
- Dr. Roy Schestowitz
- 2010-07-01 13:46:45 UTC
- Modified: 2010-07-01 13:46:45 UTC
Summary: Comparative security news from this week
●
Open Source is Inherently More Secure, Says Red Hat (Microsoft
admits silent patching it never discloses)
But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built. President Reagan was fond of saying to Soviet leader Mikhail Gorbachev, "Trust, but verify." With proprietary software, you simply have to trust.
Microsoft, for example, pushes out security updates on the second Tuesday of every month. Bressers said they can't do that. Microsoft has the advantage of hiding security flaws and working on them at their leisure, but with open source software, that's not possible because everyone can see that there's a problem and they expect it to be fixed right away.
And if a security hole isn't plugged quickly enough, you can fix it yourself, Bressers explained.
An example of the power of open source is the ping of death bug. Back in the late 1990s someone figured out that if you send a giant ICMP packet to a computer, just about any computer, it will crash. The bug affected every operating system, routers, printers, etc. When the problem was discovered, the open source Linux operating system had the bug squashed in about 2 hours, Bressers recalled. The closed source operating system vendors, however, took days, weeks and even months to make and distribute a patch for the ping of death.
●
Microsoft: 10,000 PCs hit with new Windows XP zero-day attack
Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.
Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.
●
New Windows Live Messenger has same old privacy problems
Why do I get the impression that some folks at Microsoft just don’t get it?
●
Privacy problems persist in latest Windows Messenger 2011 beta [
via]
Earlier versions of Messenger played fast and loose with your privacy. The new Live Messenger 2011, currently in beta, suffers from some of the same defects
Recent Techrights' Posts
- Alex Oliva, the Potential 'Successor' of RMS, Has a New Web Site
- More freedom for Alex Oliva
- Azure is Turning 17 This Year, Still Losing Money and Staff
- Hallmark of pyramid schemes, deriving "value" out of things that do not really exist?
- Richard Stallman on RISC-V and Free Hardware
- Invidious is under attack by Google
- IDG 'Reviews' of GNU/Linux Now Contain LLM Slop
- It's typically ads or commercials... or sometimes spin disguised as news
- In Gopher and Gemini Protocol People Abandon Services Based in the United States
- There's no resistance whatsoever
- Python and Microsoft: Pandas Should Have Known OpenDocument Format (ODF) and Microsoft Excel Are Different and Competing Things
- now we're meant to think that in order to open ODF files we need some functions with "Excel" in their name
- Not Only Windows, Surface, and "Hey Hi" PCs; Microsoft's Hardware Ventures Are a Dumpster Fire; HoloLens Mixed Reality Hardware Now Axed Altogether and Staff is Miserable
- Microsoft is in a terrible state
- Links 15/02/2025: University Price Hikes and Copyright Action Against Slop Companies
- Links for the day
- Slopwatch: All Those New 'Articles' Are Fake and Crafted by Chatbots (LLM Slop)
- Google News is promoting these as "Linux" news; they're not even made by humans
-
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Saturday, February 15, 2025
- IRC logs for Saturday, February 15, 2025
- Links 15/02/2025: Harms to Health, Public Domain, and More
- Links for the day
- Gemini Links 15/02/2025: On Autistic People, AuraGem Over HTTPS
- Links for the day
- The Cyber Show (C|S) Speaks of the "Rise of the Nerd Reich."
- This 'Valentine Episode' is quite good
- Strong Momentum for the Free Software Foundation (FSF) as Winter Approaches Its End in Boston or in the Northern Hemisphere
- FSF's founder, Richard Stallman, gives another talk in Italy in 9 days from now
- The 'Drunken Plagiarists' Are Harming Journalism About GNU/Linux
- They lessen the incentive to do real journalism abut GNU/Linux
- Female Nazis and racist Swiss women
- Reprinted with permission from Daniel Pocock
- Links 15/02/2025: Erasing of American Science and Tesla SLAPPing Critics
- Links for the day
- Gemini Links 15/02/2025: Spectacles and "Before Sunset", Moving Domains Out of the US
- Links for the day
- Microsoft Has Only $17,482 Million Left, "Cash on Hand" Sank 40 Billion Dollars in 2 Years
- Microsoft runs low on money in the bank
- YouTube Layoffs Mean That YouTube is Still Losing a Lot of Money (Net Income or Profit Almost Definitely Negative)
- In more recent years Google defunded many vloggers
- Certificate Authority (CA) Let's Encrypt Now Down to TEN (0.3% of the Whole) in Geminispace
- The number of capsules that use Let's Encrypt is, according to Lupa, about to fall to single-digit figures
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Friday, February 14, 2025
- IRC logs for Friday, February 14, 2025
- Gemini Links 14/02/2025: Mysterious Friend and "Eight by Eight"
- Links for the day
- They Will Never Leave Linus Torvalds Alone, Rust is Just Another Way to Cause Instability and Infighting in Linux
- We already identified the Rust "community" as troublemakers more than 5 years ago and we wrote about the evidence
- Apple: Social Justice or Social Nationalism?
- Remember to buy Apple, folks
- Links 14/02/2025: Mass Layoffs at Sophos, Chatbots Failing Very Badly, "DOGE as a National Cyberattack"
- Links for the day
- Moving Away From Certificate Authorities (CAs) Like Let's Encrypt Means Taking Away From the US Government the Power to 'Censor' Sites by Revoking Certificates
- Gemini capsule is cheap to run and easy (easier than a Web site) to maintain. More people disillusioned and frustrated with social control media flock to it.
- BetaNews' Managing Editor Wayne William Took Charge of GNU/Linux Articles and His Articles Are Real (He Actually Wrote Them)
- We are frankly relieved to see that Wayne William recognised the problem and did something about it
- Links 14/02/2025: Publicity Rights Violated (ByteDance), Bribes to Trump Passed via Social Control Media 'Settlements' Again
- Links for the day
- Gemini Links 14/02/2025: Constitution, Cosmic DE, and More
- Links for the day
- Slopwatch: Anti-Linux Articles Published by Bots, Dominating Google News
- So a lot of the Web is Microsoft chatbot-generated anti-Linux FUD
- Links 14/02/2025: Measles Outbreak in Texas, Zelensky Warns Russia Will Attack a NATO Country
- Links for the day
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Thursday, February 13, 2025
- IRC logs for Thursday, February 13, 2025
Comments
saulgoode
2010-07-01 14:10:44
Not just trust the vendor, but also those with whom they've shared the source code (subcontractors, governments, large corporate clients, etc).
It is noteworthy that there were claims that the recent attack on Google stemmed from sources within the Chinese government (with whom MS shares its source code), it is not that surprising that Google would quickly put an end to a situation where the malware authors get to see the Windows source code and they do not.
Dr. Roy Schestowitz
2010-07-01 14:17:26