Eye on Security: Red Hat Explains Why Windows is Less Secure, New Windows 0-Day Attack
- Dr. Roy Schestowitz
- 2010-07-01 13:46:45 UTC
- Modified: 2010-07-01 13:46:45 UTC
Summary: Comparative security news from this week
●
Open Source is Inherently More Secure, Says Red Hat (Microsoft
admits silent patching it never discloses)
But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built. President Reagan was fond of saying to Soviet leader Mikhail Gorbachev, "Trust, but verify." With proprietary software, you simply have to trust.
Microsoft, for example, pushes out security updates on the second Tuesday of every month. Bressers said they can't do that. Microsoft has the advantage of hiding security flaws and working on them at their leisure, but with open source software, that's not possible because everyone can see that there's a problem and they expect it to be fixed right away.
And if a security hole isn't plugged quickly enough, you can fix it yourself, Bressers explained.
An example of the power of open source is the ping of death bug. Back in the late 1990s someone figured out that if you send a giant ICMP packet to a computer, just about any computer, it will crash. The bug affected every operating system, routers, printers, etc. When the problem was discovered, the open source Linux operating system had the bug squashed in about 2 hours, Bressers recalled. The closed source operating system vendors, however, took days, weeks and even months to make and distribute a patch for the ping of death.
●
Microsoft: 10,000 PCs hit with new Windows XP zero-day attack
Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.
Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.
●
New Windows Live Messenger has same old privacy problems
Why do I get the impression that some folks at Microsoft just don’t get it?
●
Privacy problems persist in latest Windows Messenger 2011 beta [
via]
Earlier versions of Messenger played fast and loose with your privacy. The new Live Messenger 2011, currently in beta, suffers from some of the same defects
Recent Techrights' Posts
- Microsoft Windows Falls to All-Time Low of ~60% in Switzerland, GNU/Linux Among Top Gainers
- What will it take for mainstream media (not just geeks' site) to cover it?
-
- Culture of Harassment Inside Microsoft, Says Former Director at Microsoft
- listen to Microsoft insiders
- Drone Strikes on Amazon (GAFAM) Datacentres Highlight Azure's Miniscule Share
- Azure is failing
- SLAPP Censorship - Part 35 Out of 200: How to Make ~10,000 Pound Sterling (13,220.50 United States Dollars) by Copy-Pasting and Editing 10 Pages
- Today it's Easter Sunday, so we'll keep this part relatively short
- Gemini Links 05/04/2026: Artemis II Mission Tracker, Meditation on Copyright, Alhena 5.5.5, "Gemini as the Final Frontier of Human Cognition"
- Links for the day
- Mainstream Media on "Practical Survivalism"
- Suffice to say, panic buying begets more panic and price surges
- Cloud Computing as a Cloud of Smoke (Your Hosting Provider is a "Legitimate" Military Target)
- When a French datacentre went up in flames people joked that the "cloud" meant a cloud of smoke
- Andreas Tille Congratulates Sruthi Chandran Before the Election for Debian Project Leader (DPL) is Even Over
- Andreas Tille, the current Debian Project Leader (DPL) who has been in this role for nearly 24 months
- When You Try to Change the World for the Better and Somehow They Find a Way to Say You Are the Villain
- Don't be a fool. Don't fall for inversions of narratives.
- Slop Was a Flop and Energy Crisis Will be Slop's Final Blow
- Today we see no slopfarms in Google News
- Links 05/04/2026: "Taiwanese Airlines to Hike Fuel Surcharges 157%" and Openly Racist Voter Suppression Starts in the US
- Links for the day
- Gemini Links 05/04/2026: Playing with Hyprland and Migrating Antenna Filters
- Links for the day
- Links 05/04/2026: "Confidential Computing" as Proprietary Bundle of False Promises and "The Web Is an Antitrust Wedge"
- Links for the day
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Saturday, April 04, 2026
- IRC logs for Saturday, April 04, 2026
- SLAPP Censorship - Part 34 Out of 200: The Necessity of Transparency, Illuminating Garrett's and Graveley's 'Tag-Team' Act, Misusing the British Docket (From Far Away in America) in Efforts to Hide Bad Behaviour
- Transparency is paramount
- Red Tape at Red Hat (IBM)
- Now the guiding principles are the whims and moods of people who peddle buzzwords to manipulate IBM's share prices
- The So-called 'AI' (Slop) Companies Will Have the Plug Pulled
- It can vastly accelerate this bubble's implosion
- Dr. Andy Farnell on a "Technology Plan B"
- based around Free software
- Windows Lows Across the Mediterranean
- Judging by this month's data from statCounter
- The Future of the Net is 'in Space'
- Gemini Protocol is growing and GemText remains the same, so it's made to endure
- Linux Foundation Profits From Scams, Fraud, and Grifting
- Don't be misled by the name "Linux Foundation"
- Too Hard for IBM to Keep Everybody Silent About How the Company Has Gone South
- IBM is busy trying to keep disgruntled or ex workers silent using NDAs
- Microsoft Transmits Malware and Back Doors to GNU/Linux Servers, Media Points the Finger at Everyone But Microsoft's Servers
- Is Microsoft too poor to vet and check what it hosts and transmits?
- Gemini Links 04/04/2026: "Fuzz Guy", "Reusing Old Computers with Arch Linux and DWM", and Bubble v10.0 Released
- Links for the day
- Links 04/04/2026: eBay Scam, "Music Publishers’ X Copyright Lawsuit Officially on Pause"
- Links for the day
- Links 04/04/2026: Social Control Media Verdict and Bans, Whistleblower (Axel Rietschin) Explains How "Microsoft Vaporized a Trillion Dollars"
- Links for the day
- Reaching the End/Event Horizon of LLM Slop
- Are we moving towards a post-LLMs world?
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Friday, April 03, 2026
- IRC logs for Friday, April 03, 2026
- Gemini Links 04/04/2026: STXGE and Computer Relationships
- Links for the day
- SLAPP Censorship - Part 33 Out of 200: Garrett Sued by My Wife and I, Then His Microsoft Acquaintance Files Another Lawsuit and Our Webhost Receives Legal Threats Too
- Today we also show how our solicitor Mark Lewis responded to it
- Good Friday, Leaving IBM for Good
- Even on holidays
- Links 03/04/2026: Rejection of More Software Patents and Social Control Media in Several Continents
- Links for the day
- Malware in Proprietary Software - Latest Additions by Rob Musial
- Original published yesterday in gnu.org
- Visual Evidence/Documentation of IBM Dying Like the Dinosaurs
- IBM has many of these giant white elephants lying around, with some getting demolished
- Links 03/04/2026: USPTO’s Latest Greenwashing and Internet Blackouts Impact Journalists in War Zones
- Links for the day
- SLAPP Censorship - Part 32 Out of 200: Garrett Made Spurious Requests (Later Withdrawn) the Same Week Someone He Later Spoke to by E-mail Sent Threats to Our Webhost
- The "plot thickens" because there's a multi-party tag-team act, as confirmed by Garrett after he had sworn on the Bible
- IBM is a Dying Company, Nowadays It Kills Red Hat With Slop
- when your last day is a national holiday in IBM's country
- "Independence Drives" and Community-Run Sites
- Independence in reporting is a much-valued trait
- When Charlatans Are Only Good at Losing Money and Storytelling (e.g. About Investment in Them)
- Wait till a a barrel of oil costs $300
- What Apple Fans Are Missing
- Apple is a bad company
- The "Pale Blue Dot" Moment Had Returned
- To many people, the "bitter-sweet" observation of how small we are
- Saudi Arabia Does Not Rely Much on Microsoft/Windows
- Putting aside politics, this is good for Free software
- Almost 12 Years of Exposing Corruption in Europe's Second-Largest Institution
- The "unready" President is now an abandoned President
- Easter Moon Mission and Its Reminder of IBM's Demise
- A lot of NASA operations now rely on GNU/Linux
- When Power is Scarce and GNU/Linux Has Power
- In Cuba, GNU/Linux has long enjoyed high adoption rates
- Don't Totally Dismiss the 'Survivalists'
- 'Survivalists' or similar terms are used to describe a particular mindset of people who prepare for some really awful scenarios
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Thursday, April 02, 2026
- IRC logs for Thursday, April 02, 2026
- A Much Better Use of Fuel Than Slop
- Something positive for a change
- Hoping for Peace
- There are still many things to be enjoyed, including nature and kind people
- Gemini Links 03/04/2026: "Slide Rule Triple Multiplication" and End of "Picture Pages"
- Links for the day
- Rumours of Microsoft Layoffs This Season
- Just how much trouble is Microsoft in at this point?
- GNU/Linux Measured at All-Time High in Sweden
- Can 'influencers' have played a role
Comments
saulgoode
2010-07-01 14:10:44
Not just trust the vendor, but also those with whom they've shared the source code (subcontractors, governments, large corporate clients, etc).
It is noteworthy that there were claims that the recent attack on Google stemmed from sources within the Chinese government (with whom MS shares its source code), it is not that surprising that Google would quickly put an end to a situation where the malware authors get to see the Windows source code and they do not.
Dr. Roy Schestowitz
2010-07-01 14:17:26