Eye on Security: Red Hat Explains Why Windows is Less Secure, New Windows 0-Day Attack
- Dr. Roy Schestowitz
- 2010-07-01 13:46:45 UTC
- Modified: 2010-07-01 13:46:45 UTC
Summary: Comparative security news from this week
●
Open Source is Inherently More Secure, Says Red Hat (Microsoft
admits silent patching it never discloses)
But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built. President Reagan was fond of saying to Soviet leader Mikhail Gorbachev, "Trust, but verify." With proprietary software, you simply have to trust.
Microsoft, for example, pushes out security updates on the second Tuesday of every month. Bressers said they can't do that. Microsoft has the advantage of hiding security flaws and working on them at their leisure, but with open source software, that's not possible because everyone can see that there's a problem and they expect it to be fixed right away.
And if a security hole isn't plugged quickly enough, you can fix it yourself, Bressers explained.
An example of the power of open source is the ping of death bug. Back in the late 1990s someone figured out that if you send a giant ICMP packet to a computer, just about any computer, it will crash. The bug affected every operating system, routers, printers, etc. When the problem was discovered, the open source Linux operating system had the bug squashed in about 2 hours, Bressers recalled. The closed source operating system vendors, however, took days, weeks and even months to make and distribute a patch for the ping of death.
●
Microsoft: 10,000 PCs hit with new Windows XP zero-day attack
Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.
Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.
●
New Windows Live Messenger has same old privacy problems
Why do I get the impression that some folks at Microsoft just don’t get it?
●
Privacy problems persist in latest Windows Messenger 2011 beta [
via]
Earlier versions of Messenger played fast and loose with your privacy. The new Live Messenger 2011, currently in beta, suffers from some of the same defects
Recent Techrights' Posts
- Dr. Andy Farnell on How GAFAM, NVIDIA and Others Lie to People Via the Sponsored Media to Prop Up Lies Under the Guise of "AI"
- Lots of key aspects are covered
- Richard Stallman Gives Talk in 20 Hours at Ostschweizer Fachhochschule Campus in Rapperswil-Jona
- The talk is in English
-
- Richard Stallman (RMS) Talk Five Hours From Now
- there is growing recognition for what he really did for everybody
- What the Solicitors Regulation Authority (SRA) and Action Fraud UK Have in Common
- Don't let London become the world's "crime capital"
- EPO Strike 10 Days From Now, Planning Assembly Tomorrow, Last Couple of Strikes Had High Participation Rates (1,500-1,600 Staff Went on Strike)
- The next strike is in 10 days' time and then there will be another strike
- Links 09/03/2026: GAFAM Outsourcing, "MAGA Political Meddling" in EU, Indonesia Bans Social Control Media for Children Under 16
- Links for the day
- Using Slop (and Slop in Articles) to Attack Copyleft 'on Budget'
- This article is pure BS from an anti-GPL and anti-RMS 'activist'
- Why The Register MS Sold Out to Microsoft: They're Losing Lots of Money, The Register MS is Bleeding to Death, Based on Its Own Financial Records
- With over 6 million pounds in debt (nearly 10 million US dollars) we guess it's likely some other company will take over the site (if it deems it worthwhile)
- Microsofters' SLAPP Censorship - Part 7 Out of 200: Like With the Serial Strangler From Microsoft, Misuse of UK-GDPR to Try to Hide Embarrassing Facts
- They do and say really bad things, then allege it's a "privacy violation" to mention those things
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Sunday, March 08, 2026
- IRC logs for Sunday, March 08, 2026
- Gemini Links 09/03/2026: Exponentials and Tailscale
- Links for the day
- Sloppyleft
- Article by Alexandre Oliva
- Hard to Replace 'Human Touch'
- The reason many people insist on using GNU
- The Slop Companies Gamble at Our Economy's Expense and They Know It's a Losing Bet (So It's a de Facto Robbery)
- The crash of this bubble isn't just inevitable, it's already happening and receding sporadically because of false announcements about money that does not actually exist (to "buy time")
- Suppressing Speech by Blackmail, the Iran Story
- When Debian wanted to stage a seemingly legitimate election it needed to have more than one candidate running; so eventually the female partner of a geek rose to the challenge (had no coding skills at all, no technical history in Debian) and lost to the "incumbent German"
- Too Focused on Buzzwords the Media is Paid to Saturate the Collective Mind With
- Just because companies do really bad things in the digital realm does not imply "AI" or follow from "AI"
- Discrimination and Prejudice Against Female Journalists
- we can shame people who attack a reporter on the grounds of gender
- An American War on GNU/Linux, Software Freedom, and British Investigative, Science-Based Reporting - Part II - Trying to Put People in Prison for Committing the Act of Journalism
- This is abuse of process
- Attack on Copyright and Copyleft by Code Conversion Is Nothing New, It Predates Slop (Code Produced by LLMs) by Several Decades
- Even back in the 90s many people converted programs from one language to another. That could invalidate copyleft (and copyright), which already existed
- Almost a Slopless Weekend for "Linux"
- Let's hope slop will come to an end or sites will cease linking to slop
- Insiders Explain Why IBM is Dying and the Inherent Culture Problem
- There are many ways to shave this IBM cat
- Links 08/03/2026: Microsoft Lost $400 Million on "Project Blackbird" and Half the States Sue Over Illegal Tariffs
- Links for the day
- Links 08/03/2026: Cisco Holes Again and "Blatant Problem With OpenAI That Endangers Kids"
- Links for the day
- Activism/Journalism in Our Blood
- one must fight for one's principles
- Gemini Protocol in Its Prime
- What's particularly neat about Gemini Protocol is that it's fast and cheap
- Microsofters' SLAPP Censorship - Part 6 Out of 200: Intentionally Misnaming Women, People Who Offered to Testify That They Too Had Been Subjected to Similar Abuse
- Today it is International Women's Day
- Even Fedora Leadership Cannot Figure Out the Microsoft Kill Switch/Back Door, 'Secure' Boot
- It does not actually enhance security
- Bruce Perens: Richard Stallman "Has Achieved His Goal"
- Stallman's next talk is tomorrow
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Saturday, March 07, 2026
- IRC logs for Saturday, March 07, 2026
- Gemini Links 07/03/2026: Buying Woodland, Indra 1.3.0 Available, and LLM Exhaustion
- Links for the day
- The Harder They Attempt to Take Down This Site (and Take Away Liberties), the More People Will See This Site
- We'll carry on as usual, as from sunlight comes justice
- An American War on GNU/Linux, Software Freedom, and British Investigative, Science-Based Reporting - Part I - A Matter of National Security
- Those people are Americans who try to advance the interests of American corporations by weaponising courts abroad
- Why They Always Try to Shoot the Messenger (When the Message Harms Profits)
- A matter of economics
- Coinbase - Like Block - is in Huge Trouble, Its Debt Nearly Doubled in Half a Year
- The real reason Block is collapsing is its debt
- Starting Another New Series This Evening, It's About American Folly
- today commences a series long in the making (years)
- Nations Stand to Benefit From Gender Equality and Increased Participation by Women
- International Women's Rights Day starts in about 6 hours in the UK
- Microsoft is Losing It, Now It's Censoring Its Critics and Sceptics
- Whether the measurements made by statCounter are accurate or not, the trends (long-term) typically make sense
- WIRED (Conde Nast) Reviews Are Paid-for Marketing Spam, They Change Dates on Old 'Articles' to Make Them Look Relevant and New
- The Web is fast becoming a burial ground for ads, trash, spam, and slop
- Gemini Links 07/03/2026: Humour, Chilling, and Oversized 'Phones'
- Links for the day
- Cyber|Show by Andy and Helen Recommended by Techrights and Tux Machines
- If your time is limited and you look for informative essays and shows (audio)
- Links 07/03/2026: CJEU to Finally Examine Behaviour of the Illegal and Unconstitutional Unified Patent Kangaroo Court, Creative Commons (CC) Hosts Open Heritage Statement Event in Amsterdam
- Links for the day
- Microsoft's Thailand Problem
- It's definitely not Windows
- New Lows for Microsoft in Micronesia
- GNU/Linux has shown some growth there too
- Microsofters' SLAPP Censorship - Part 5 Out of 200: Clearly Not a Security Professional/Expert, Only Ever Pretending to be One
- "The Claimant says he is “a computer security expert”, but his background and his track record in the education sense (genetics) does not support this assertion."
- Links 07/03/2026: Fuel Already Running Low and "Economic Crisis of the Iran War"
- Links for the day
- The Corporate Media Repeated the Lies Told by Jack Dorsey ("AI" Hype), Now It Does the Same for Larry Ellison
- Disregard the hundreds of headlines that say mass layoffs at Oracle are due to "AI" something
- The Free Software Community is Gaining Momentum as Its Importance is More Broadly Realised
- As long as "trendy" technology goes in a negative direction there will be a growing portion in society looking for alternatives
- Spooking or Chasing Away Women (From Computer Science)
- The status quo discourages women from even trying to study Computer Science and related disciplines
- "IBM Has Changed So Much in the Last Decade to the Point It's Completely Unrecognizable."
- IBM is a dying, rotting company with a morbid culture
- The Register MS, Sponsored by Communist Party of China (CPC)
- What will happen when the bubble crashes the economy?
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Friday, March 06, 2026
- IRC logs for Friday, March 06, 2026
- Gemini Links 07/03/2026: Coffee Problem, Marchintosh, Learning, and "Selectively Disabling HTTP"
- Links for the day
Comments
saulgoode
2010-07-01 14:10:44
Not just trust the vendor, but also those with whom they've shared the source code (subcontractors, governments, large corporate clients, etc).
It is noteworthy that there were claims that the recent attack on Google stemmed from sources within the Chinese government (with whom MS shares its source code), it is not that surprising that Google would quickly put an end to a situation where the malware authors get to see the Windows source code and they do not.
Dr. Roy Schestowitz
2010-07-01 14:17:26