Summary: Microsoft's leaky operating system and other software no longer appear to be suitable for maintaining security, so it is time to move on

ABOUT a week ago we showed that Microsoft had passed Windows source code to TOPSEC, which trains and employs Chinese cyberspies. The United States government was concerned that this reduced national security and in last night's links we included a report about Chinese espionage (China taking a big lump of sensitive US E-mails).

Next Tuesday, December 14^th, is the day when Microsoft will deliver the most bulletins ever. Yes, it's getting worse, not better. Microsoft Emil says: [via]

According to the Microsoft Security Response Center, Microsoft will issue 17 Security Bulletins addressing 40 vulnerabilities on Tuesday, December 14. It will also host a webcast to address customer questions the following day.

Two of the vulnerabilities are rated "Critical," 14 are marked "Important," and the last one is classified as "Moderate." All of the Critical vulnerabilities earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least eight of the 17 patches will require a restart.

For general security and for more crack-proof systems the US ought to use a program whose source code cannot be 'leaked'; its visibility alone ought to be proof of confidence. On the desktop, companies like Canonical may be having a bit of a shake-up with this high-level departure, but the US government already works with Red Hat (Red Hat's stock approaches $50), so putting RHEL (desktop) or Fedora on employees' PCs would be a wise step now that they try to prevent further leaks, conveniently forgetting that data leaks via the networks more routinely than a CD-ROM/DVD drive is used for this purpose (they wrongly assume only action from the inside). Thus far, Cablegate offers proof that Windows is not secure because of Microsoft's actions and it also shows that the government knows this. Something should be done. ⬆