Eye on Security: Red Hat Explains Why Windows is Less Secure, New Windows 0-Day Attack
- Dr. Roy Schestowitz
- 2010-07-01 13:46:45 UTC
- Modified: 2010-07-01 13:46:45 UTC
Summary: Comparative security news from this week
●
Open Source is Inherently More Secure, Says Red Hat (Microsoft
admits silent patching it never discloses)
But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built. President Reagan was fond of saying to Soviet leader Mikhail Gorbachev, "Trust, but verify." With proprietary software, you simply have to trust.
Microsoft, for example, pushes out security updates on the second Tuesday of every month. Bressers said they can't do that. Microsoft has the advantage of hiding security flaws and working on them at their leisure, but with open source software, that's not possible because everyone can see that there's a problem and they expect it to be fixed right away.
And if a security hole isn't plugged quickly enough, you can fix it yourself, Bressers explained.
An example of the power of open source is the ping of death bug. Back in the late 1990s someone figured out that if you send a giant ICMP packet to a computer, just about any computer, it will crash. The bug affected every operating system, routers, printers, etc. When the problem was discovered, the open source Linux operating system had the bug squashed in about 2 hours, Bressers recalled. The closed source operating system vendors, however, took days, weeks and even months to make and distribute a patch for the ping of death.
●
Microsoft: 10,000 PCs hit with new Windows XP zero-day attack
Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.
Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.
●
New Windows Live Messenger has same old privacy problems
Why do I get the impression that some folks at Microsoft just don’t get it?
●
Privacy problems persist in latest Windows Messenger 2011 beta [
via]
Earlier versions of Messenger played fast and loose with your privacy. The new Live Messenger 2011, currently in beta, suffers from some of the same defects
Recent Techrights' Posts
- IBM's Alderon as "Silent Layoffs", Not Just Bailout From Taxpayers
- Seeing through the noise
- Laptop Bricked After Microsoft Certificates Expiry
- Is "Jim" dead?
- Five Years After Its Formation Libera.Chat Has the Most Simultaneous Users in Internet Relay Chat (IRC)
- netsplit.de also measures the cross-network total at over 300k, probably for the first time in years
-
- PIPs and "Retirements": IBM Layoffs in Anything But Name
- That former Red Hat (now IBM) staff threatens to put my wife and I in prison is worse than cruel
- Contact Members of the EPO Administrative Council, Tell Them the EPO (Office) Became a Disgrace and an Enemy of Europe's Citizens
- If you live in Europe (not just the EU, even Turkey is included), please contact your delegates
- The World Needs GNU/Linux for Security, Turn Off "Secure Boot" (It's the Opposite of Security)
- They call it "Secure Boot", but what does it mean to say "Secure" when you actively opt for back doors controlled by Microsoft, the FBI, and many more parties?
- In Signal of Weakness or Phasing Out XBox (Not Sustainable, According to the CEO) Microsoft "Pauses New Third-Party Game Pass Deals"
- Moments ago
- Two Pieces About "AI" This Morning Were Paid-For SPAM at The Register MS
- The Register MS is the "Tech News" publisher you can pay to promote your company and even key-word-stuff pages for SEO purposes
- Week of Microsoft Layoffs, Maybe Record-Breaking Scale
- They will mislead about the scale
- Links 28/06/2026: More Om Malik Eulogies, Cloudflare Promotes Web Browser Monocultures
- Links for the day
- 'Modern' Web: "Stop! You Are Browsing Too Fast!"
- Can the Web ever recover from this?
- Pensions Tied to Ponzi Schemes Are Themselves Ponzi Schemes
- Pensions are becoming more like that as well
- Monoculture in Europe as National (or Continental) Security Threat
- We need more browser diversity
- Canada 5-0: GNU/Linux Rises to 5.0%, Windows Rapidly Falls to New Lows
- Will we be seeing 6-0 (6%) by year's end and will Microsoft be shown two red cards?
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Sunday, June 28, 2026
- IRC logs for Sunday, June 28, 2026
- Gemini Links 29/06/2026: Sansieviera, HiFi, and Self-Signed Certificates
- Links for the day
- Outsourcing is Not Security
- Outsourcing to Microsoft is the opposite of security
- Links 28/06/2026: Turkey's State Broadcaster Suspends Commentator, Journalists Under Attack
- Links for the day
- Debugpoint.com Turns to LLM Slop for 'Help'
- This is how sites die
- Follow the Real Security Experts
- Werner Koch
- Assessing the Upcoming (July) Proprietary/GAFAM Cuts
- The total (or %) matters to us because it can help shed light on what scale of layoffs to expect next week
- Microsoft Lunduke Does Not Correct or Clarify Misinformation That He Posted (or Repeats It Instead)
- Not the first time [...] detracts and/or distracts from legitimate criticisms
- How Not to Do Security
- Asking Microsoft for permission
- Gemini Links 28/06/2026: Simulation Theory and Pursuit of Novelty
- Links for the day
- The Slop 'Religion' is Dying: From Widespread (Paid-for) Hype to Widespread Hate
- Wait till "sentiment" in Wall Street - not just general (public) "sentiment" - shifts strongly against slop
- For Whistleblowers' Sake, Choose Hosting Platforms Wisely
- Techrights is hard to 'sedate'
- How to Discreetly Leak Important Information to Techrights
- Some years ago we published multi-part series about how to contact us securely
- Expect Many More Whistleblowers From Microsoft
- We envision many pissed off workers from Microsoft will become whistleblowers after next week's giant wave
- Efforts to Resume Progress on FreeJS, LibreJS, and Reduce Dependence on Microsoft
- It's still in a relatively early development stage
- Whistleblowers Improve the World
- we should appreciate and respect whistleblowers
- Microsoft Windows Plunges to All-Time Lows in Japan
- Microsoft is disintegrating; many people no longer use (nor need) Windows
- GNU/Linux Turns 43 in 3 Months From Now
- The Manifesto of the Free software movement (GNU Manifesto, 1985) turned 40 last year
- SLAPP Censorship - Part 121 Out of 200: One Day We'll Discover What Company or Rich Person/s Funded the Lawfare Against Us
- Even if the law firm shoulders some of the losses, then it is in effect an investor in the lawfare, according to established caselaw
- Working on "Linux", But on Microsoft's Payroll
- Under the totally false guise of "security" those same people are now promoting TPMs and other horrible things
- Links 28/06/2026: Energy Crunch, EEE by Microsoft, and John Bolton Pleads Guilty in Dictatorship of SLAPPs
- Links for the day
- Jim Not Dead Yet
- Let's wait a few more days
- Microsoft Layoffs So Big They Cannot Even Wait for 'D-Day' (July 1)
- "Layoffs at Xbox Appear to Have Already Begun, with Multiple Compulsion Games Employees Announcing Their Departures"
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Saturday, June 27, 2026
- IRC logs for Saturday, June 27, 2026
- Links 28/06/2026: Heatwave in Europe and Media Failing to Actually Criticise Power
- Links for the day
- Gemini Links 28/06/2026: Poems, Photographs, and Neoliberalism as Religion
- Links for the day
- SLAPP Censorship - Part 120 Out of 200: Garrett Undermines His Own Application Because His Friend Graveley Failed to Accomplish What They Had Both Aimed For
- Hold off the "popcorn"
- Don't Settle for Slop
- Slop is a bit of a symptom of where society is told to go
- Gemini Links 27/06/2026: Photography From Interlaken to Shynige Platte, Slop 'Code', and Distro Hopping
- Links for the day
- TIGER COMPUTING LTD Sent Us Threats Half a Decade Ago (Because of Criticism of Their In-House Debian Developer), Now the Company's Debt is Deepening
- So what is they're connected to the military?
- GNU/Linux in Mexico Near All-Time High
- With all the tourists packing the place (or hotels) we can imagine big changes to be seen next month (many portable devices)
- Summer Plans in Tux Machines
- July is nearly upon us
- Gopher (Protocol) Turns 35, Gemini is 28 Years Younger
- Bad technology comes and goes very fast
- Be Like Stallman and Assange, Not Like MElon or Bill Epsteingate
- these people treat women like worse than dirt
- Exposure Leads to More Whistleblowing
- In areas like IBM or European patent affairs we've always earned a lot of trust
- European Patent Office (EPO) Series Will Run Well Into July
- We still have a very significant chunk of EPO "trench" stories
- Links 27/06/2026: Journalists Kicked Out of China, Torture in Iran and Turkey
- Links for the day
- How Microsoft is Preventing or Slowing Down Adoption of GNU/Linux (Fake 'GNU' Controlled by GitHub in Windows, WSL, Sabotage at Boot Level, Not Limited to Dual-Booting)
- Microsoft is still at it
- Rising Computer Prices Good News for GNU/Linux and Free Software
- This can greatly assist the adoption of BSDs and GNU/Linux
- Links 27/06/2026: More Restrictions on Social Control Media and Russia is Leveraging Cellebrite/Back Doors
- Links for the day
- Saying "No" is Not a Bad Thing
- Society benefits from people who say "No!" even when it seems impolite (and possibly inconvenient) to say so
- Next Week's "Bloodbath" at Microsoft Includes "Silent Layoffs" (Which Microsoft Won't Count)
- The notion of "silent layoffs" is fast becoming the "new normal"
- Akira Urushibata on the Likely False (Unverifiable) Claims Anthropic Makes About Defects for Marketing/Hype
- Some pro-LLM person has managed to derail the discussion on this topic
- European Patent Office (EPO) Series: "Team Campinos" in Split
- The EPO team was of course headed by Campinos himself who delivered a "forward-looking" keynote speech to the assembled audience consisting mainly of Administrative Council delegates from the national IP offices
- Supporting Women in the Free Software Community
- The common theme here is abuse of women
- Left IBM After Many Years, Came to Microsoft/XBox, Now Silent Layoffs at XBox
- many inside XBox will have their last day next week
- Gemini Links 27/06/2026: Homeworlds and Tarot Cards
- Links for the day
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Friday, June 26, 2026
- IRC logs for Friday, June 26, 2026
Comments
saulgoode
2010-07-01 14:10:44
Not just trust the vendor, but also those with whom they've shared the source code (subcontractors, governments, large corporate clients, etc).
It is noteworthy that there were claims that the recent attack on Google stemmed from sources within the Chinese government (with whom MS shares its source code), it is not that surprising that Google would quickly put an end to a situation where the malware authors get to see the Windows source code and they do not.
Dr. Roy Schestowitz
2010-07-01 14:17:26