Eye on Security: Red Hat Explains Why Windows is Less Secure, New Windows 0-Day Attack
- Dr. Roy Schestowitz
- 2010-07-01 13:46:45 UTC
- Modified: 2010-07-01 13:46:45 UTC
Summary: Comparative security news from this week
●
Open Source is Inherently More Secure, Says Red Hat (Microsoft
admits silent patching it never discloses)
But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built. President Reagan was fond of saying to Soviet leader Mikhail Gorbachev, "Trust, but verify." With proprietary software, you simply have to trust.
Microsoft, for example, pushes out security updates on the second Tuesday of every month. Bressers said they can't do that. Microsoft has the advantage of hiding security flaws and working on them at their leisure, but with open source software, that's not possible because everyone can see that there's a problem and they expect it to be fixed right away.
And if a security hole isn't plugged quickly enough, you can fix it yourself, Bressers explained.
An example of the power of open source is the ping of death bug. Back in the late 1990s someone figured out that if you send a giant ICMP packet to a computer, just about any computer, it will crash. The bug affected every operating system, routers, printers, etc. When the problem was discovered, the open source Linux operating system had the bug squashed in about 2 hours, Bressers recalled. The closed source operating system vendors, however, took days, weeks and even months to make and distribute a patch for the ping of death.
●
Microsoft: 10,000 PCs hit with new Windows XP zero-day attack
Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.
Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.
●
New Windows Live Messenger has same old privacy problems
Why do I get the impression that some folks at Microsoft just don’t get it?
●
Privacy problems persist in latest Windows Messenger 2011 beta [
via]
Earlier versions of Messenger played fast and loose with your privacy. The new Live Messenger 2011, currently in beta, suffers from some of the same defects
Recent Techrights' Posts
- Misinformation is Not Intelligence
- It's low-grade plagiarism and it fails to show any signs of intelligence
- 'Tech' Gimmicks Are for Advertising, Not for Usability
- In the case of Microsoft, they latched onto slop
- BetaNews Sacked Brian Fagioli and Deleted His Comments, But He Still Tries to Use the "BetaNews" Brand for Self-Affirmation
- Fagioli takes the work of other people
- [Meme] Hard to Be a Better Person?
- Sooner or later they'll realise that for each pound I spend they need to spend about 1,000 times more
- New US Editor for The Register is a Microsoft Booster
- "Avram Piltch has served as US editor for The Register since July 2025."
-
- Microsoft Bribes and Buys Politicians to Tell Europe What to Do About Free Software (Which It's Attacking)
- Microsoft: we speak for the thing that we are attacking! Follow the money...
- Making Backups Quickly and Reliably
- Backups are imperative, more so in an age of uncertainty, unpredictable weather, and worsening standards (quality of products going down while prices go up)
- Techrights Investigation: Estimating the Point in Time LinuxIac Turned Into LLM Slop (Part of the Time)
- Bobby Borisov got lazy
- 10th Month, Ten Weeks From Now, at Ten AM
- In Wentworth Institute of Technology in Boston
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Thursday, July 24, 2025
- IRC logs for Thursday, July 24, 2025
- A Nadella Memo Distracts From Microsoft's Cheapening Of the Workforce
- Right now the "MSM" (mainstream media) is flooded/overwhelmed by garbage pieces that relay lies for Nadella
- Vanishing Faces of GNU/Linux
- Free software projects do not depend on any one person or company to still exist
- Microsoft Says It Lost 400 Million Windows Users, Now It's Waiting for GNU/Linux to Stop Booting on 'Old' PCs
- When it comes to Windows, Microsoft is fully aware of the issue and statements it made earlier this summer suggest it lost 400 million Windows users
- Slopwatch: LinuxTechLab, linuxsecurity.com, LinuxIac, and More
- Also: The Register's Microsoft agenda (new editor)
- Gemini Links 25/07/2025: Gemtext Aware Titan Editor and Gemini Protocol Comeback
- Links for the day
- Links 24/07/2025: Convicted Felon Quits UNESCO, "Vibe Coding Goes Wrong", and Signalgate Gets Worse
- Links for the day
- Gemini Links 24/07/2025: Forgejo Woes and Smolnet Directory Week
- Links for the day
- Links 24/07/2025: Storage Tapes Still Kicking, Windows TCO 'on Steroids' (Microsoft-Induced Catastrophes)
- Links for the day
- Bobby Borisov (LinuxIac) Has Apparently Begun Experimenting With LLM Slop, So We Cannot Trust LinuxIac Anymore
- So did LinuxIac become a slopfarm? Maybe not yet, but it's getting there
- Informa TechTarget's ITProToday is Becoming a Slopfarm Generated by Microsoft Chatbots
- Busted.
- The LLM Con Artists Are Highly Destructive
- Who will ever be held accountable for this scam?
- Too Bribed by Microsoft to Move to Free Software?
- Microsoft lies and Microsoft bribery (in politics)
- Microsoft Hiring European Politicians is Another Form of Bribery; There Should be a European Investigation
- When Microsoft bribed people in Europe for OOXML (there's no denying this!) a European government delegate said that Microsoft operated like a cult
- Reda Demanded That FSF Removes Its Founder, Now Reda Works Directly for Microsoft
- A sellout and a traitor, first working for GAFAM, now Microsoft
- PCLinuxOS is Raising Money to Support Development After Fire Incident at the Host
- PCLinuxOS has not had announcements lately
- Speed of the Site Should be Better Now
- The "bot attacks" impact the speed of the sister site too
- Getting More From AnalogNowhere
- Recently we used many images from AnalogNowhere
- Microsoft, Microsofters and 'Secure' Boot Shills Already Storming the LWN Report About Expiring Certificate, Shooting the Messenger
- LWN has clearly stuck a nerve
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Wednesday, July 23, 2025
- IRC logs for Wednesday, July 23, 2025
- Disable "Secure" Boot Today (the Only Better Time to Do So Was Yesterday)
- Don't trust anything Red Hat tells you about security
- Links 23/07/2025: Windows Killed Company After 150+ Years, US Government Mimics Russia's Attacks on the Media
- Links for the day
- Freedom Generally Wins at the End, History Shows (But It's Constantly Attacked, Too)
- At the moment people realise "Linux" (e.g. Android) isn't enough to guarantee any freedoms
- Over 3 Months Later Brett Wilson LLP Still Unable to Recruit a Media Lawyer?
- "Immediate start", but not found... still unfilled
- “Inhumane” and “Disgusting” Mass Layoff Execution, According to Microsoft Staff
- The workers are looking for other places to work
- The Free Software Foundation (FSF) Has a New Slogan for Its 40th Anniversary
- The freedoms are what's most important
- Microsoft is Trying to "Pull a Nokia" on GNU/Linux as Desktop/Laptop Platform
- We all remember that rather well, don't we?
- LLM Slopfarms gbhackers.com, "Cyber Press" and CyberSecurityNews Are Drowning Google News (and Shame on Google for Feeding and Facilitating Them)
- All are run by the same people
- Links 23/07/2025: Droplets GUI Patent Monopoly Challenge, Nokia Leverages Illegal Patent Court Against Rivals
- Links for the day
- Gemini Links 23/07/2025: Community in Geminispace and Challenges With Old Computers
- Links for the day
- Links 23/07/2025: Slop Patents Tackled, Slop Copyright Misuses Tackled by Politicians
- Links for the day
- Our Three Lawsuits Against Microsofters Are About to Become a Lot More Relevant to GNU/Linux
- The Master will easily understand why Garrett has been attacking me since 2012
- Links 23/07/2025: Retreating From Transparency on Jeffrey Epstein, We No Longer Have Press Freedom
- Links for the day
- Gemini Links 23/07/2025: Piano and Food
- Links for the day
- New and Old
- On Ageism in Tech
- Slop Is Not Intelligence and It Does Not Enhance Productivity
- Like voice dictation, which cannot tell the difference between "sheet" and "shit"
- EPO Crimes Are Spreading to the British Court System
- Society is now paying the price for failing to tackle crimes at the EPO
- It's Time to Dump SharePoint and Here's What to Use Instead
- Nextcloud, ownCloud, Bookstack, MediaWiki, and MediaGoblin
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Tuesday, July 22, 2025
- IRC logs for Tuesday, July 22, 2025
- Brett Wilson LLP Has Gone Silent
- Sometimes silence says more than nothing at all
- Slopwatch: LinuxSecurity, Planet Ubuntu, and LinuxTechLab
- some slopfarms show no remorse and they don't value their reputation at all
- Links 23/07/2025: Book Bans, Storms, and Kangaroo Court for Patents Commits More Unlawful Acts of Overreach
- Links for the day
Comments
saulgoode
2010-07-01 14:10:44
Not just trust the vendor, but also those with whom they've shared the source code (subcontractors, governments, large corporate clients, etc).
It is noteworthy that there were claims that the recent attack on Google stemmed from sources within the Chinese government (with whom MS shares its source code), it is not that surprising that Google would quickly put an end to a situation where the malware authors get to see the Windows source code and they do not.
Dr. Roy Schestowitz
2010-07-01 14:17:26