Eye on Security: Red Hat Explains Why Windows is Less Secure, New Windows 0-Day Attack
- Dr. Roy Schestowitz
- 2010-07-01 13:46:45 UTC
- Modified: 2010-07-01 13:46:45 UTC
Summary: Comparative security news from this week
●
Open Source is Inherently More Secure, Says Red Hat (Microsoft
admits silent patching it never discloses)
But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built. President Reagan was fond of saying to Soviet leader Mikhail Gorbachev, "Trust, but verify." With proprietary software, you simply have to trust.
Microsoft, for example, pushes out security updates on the second Tuesday of every month. Bressers said they can't do that. Microsoft has the advantage of hiding security flaws and working on them at their leisure, but with open source software, that's not possible because everyone can see that there's a problem and they expect it to be fixed right away.
And if a security hole isn't plugged quickly enough, you can fix it yourself, Bressers explained.
An example of the power of open source is the ping of death bug. Back in the late 1990s someone figured out that if you send a giant ICMP packet to a computer, just about any computer, it will crash. The bug affected every operating system, routers, printers, etc. When the problem was discovered, the open source Linux operating system had the bug squashed in about 2 hours, Bressers recalled. The closed source operating system vendors, however, took days, weeks and even months to make and distribute a patch for the ping of death.
●
Microsoft: 10,000 PCs hit with new Windows XP zero-day attack
Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.
Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.
●
New Windows Live Messenger has same old privacy problems
Why do I get the impression that some folks at Microsoft just don’t get it?
●
Privacy problems persist in latest Windows Messenger 2011 beta [
via]
Earlier versions of Messenger played fast and loose with your privacy. The new Live Messenger 2011, currently in beta, suffers from some of the same defects
Recent Techrights' Posts
- Improving Clarity When Presenting LLM Slop and Slop Images
- There will likely be more changes (improvements) to improve the visibility of our labels
- Articles About "Linux" That Are Actually Promotions of Microsoft Windows
- The solution is to leave Windows, not get something "like Linux" or "similar to Linux"
- Local Occupational Health, Safety and Ergonomics Committee (LOHSEC) in The Hague: Staff Representation Surprised at "Recent Changes in the Staffing of OHS Occupational Health Services (OHS)"
- Once upon a time the Office offered to-notch services to all staff
- IBM Exits Continue This Week
- Some people talk about it anonymously, naming their role/position/unit, number of years (or band) etc.
-
- The EPO's Own 'Drug Bust': Berenguer is Gone, But Who Else?
- EPO latest news
- Trying to Cancel People and Projects That You Don't Like by Changing the Focus to Politics
- Don't fall for it
- What Kind of Bubble is AI? We'll Find Out Very Soon
- In 2022 and 2023 Cory Doctorow was one among many who asserted "AI" was a bubble
- Mandrake's Gaël Duval Debunks Clickbait Nonsense From ZDNet, a Non-Coder Pushing Bot-Made 'Code' (Plagiarism Done Poorly)
- "Why AI won't "Kill Open Source”
- Groklaw Won't be the Latest (Nor the Last) Major Site We Lose
- Many other sites will go offline; the more popular among those will get hijacked by rogue actors
- Slopwatch Turns 1 Next Month
- 2024-12-14 is when Slopwatch began
- The Issue With Firefox is Not Its Brand
- Mozilla seems to be the biggest enemy of Firefox at this point
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Tuesday, November 11, 2025
- IRC logs for Tuesday, November 11, 2025
- Gemini Links 11/11/2025: Kentucky, Bluesky, and Slop
- Links for the day
- The European Patent Office (EPO) is Still Hiding From Scandals
- "No answers from VP1 to our letters to two Directors"
- Like the Serial Strangler From Microsoft, Donald Trump is Out of Time and Has Jurisdiction Issues in the UK
- The court system or the courts of a nations are meant to serve the nation and its media, not media lawyers or litigation profiteers
- Slopwatch: Many Fake Articles About "Linux" on Monday and Today
- A lot of the Web is pure garbage. A lot of 'articles' are 100% fake.
- Richard Stallman to be First Speaker at Ethereum Cypherpunk Congress 5 Days From Now, FSF Looking to Raise $400,000 by Year's End
- the 40+ years-old FSF, which Dr. Stallman created to help promote Software Freedom and support GNU, is starting a new fund-raising campaign
- Links 11/11/2025: Misinformation/Disinformation in Twitter/X and BBC in Trouble
- Links for the day
- Links 11/11/2025: Slop Ruins Music, Facebook "to Discontinue Like and Comment Buttons on Third-Party Websites"
- Links for the day
- Adrian & Diana von Bidder-Senn, Debian: detailed history of a death
- Reprinted with permission from Daniel Pocock
- The Voice of Microsoft
- Marketing disguised as a science
- "MIT Technology Review Insights" is the Selling of Ponzi Schemes for Sponsors (MIT Lacks Integrity)
- Just like IBM, they're chaining buzzwords now
- Rust Keeps Breaking Ubuntu in All Sorts of Extraordinary Ways (and All Distros Based on Ubuntu Will Break Also)
- The FSF's stance on this is unclear
- Boot-locking Laptops and Desktops After Falsely Marketing That As 'Security' and Not Obligatory
- If anyone can confirm this to us
- With Net Income of One Billion Dollars Tesla Claims It Can Pay a Fake Founder (Who Paid for This Lie) 1,000 Billions
- What does this tell us about Wall Street?
- GNU/Linux Cannot Buy Fake Journalism and It Won't Bribe Large Publishers
- Free software developers don't purchase "sponsored" placements and that will never change
- The 'Politics' of Operating Systems (or Exclusion for Inclusion's Sake)
- This whole 'wrongthink' policing is getting out of hand
- Static Site Generators (SSGs) Save You Lots of Money and Problems
- We've basically reduced the environmental/carbon footprint of the site by a factor of ~100 (2 orders of magnitude)
- IBM Does Not Care About Families, Communities, and Even Its Own Workers
- Red Hat isn't a family and to believe that it is would be the makeup of cults
- Too Much of Today's Web is Fake, Not Just Fake News
- We'll continue to advocate for adoption of Gemini Protocol
- Simulating a Downtime Tomorrow Night
- It is expected that network redundancy will make this maintenance invisible to us, but IRC hangups or general slowness are still a possibility
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Monday, November 10, 2025
- IRC logs for Monday, November 10, 2025
- Links 11/11/2025: Conflicts and Politics From National Broadcasters
- Links for the day
- Gemini Links 11/11/2025: Poetry and Electronics Studies
- Links for the day
- Apple's Debt Grew by About 16 Billion Dollars This Past Year, "Disappointing iPhone Sales" Reported
- People who buy Apple's goods based on some false notion that Apple is "cool" or ethical or "underdog" (late 90s) aren't just living in the past; they're fools
- Turning Down Proprietary Software is About Making Society Better
- We should not be tempted to shame people for merely trying to keep programmers honest and human rights-respecting
- Debian GNU/Linux Became the Most Popular (Most Distros Are Based on It) Owing to Richard Stallman
- New presentation
- The Internet is Becoming Dead or a Zombie
- The Internet is becoming like a giant botfarm
- A Day for Poppies
- This site will run as usual today. We continue our fight for Software Freedom.
- "Modern" Doesn't Mean Better, It Typically Just Means Newer
- RMS demonised as someone who rejects "modern society" ("rejecting modern society") by a site that uses slop extensively
- The Cocaine Patent Office - Part IV: European Patent Office to Come Under Media and Political Scrutiny
- We'll persist until we get some answers
- Gemini Links 10/11/2025: Homelabs and KeePassRX Manual Now Available
- Links for the day
- 63-Page Response to the EPO's Effort to Decrease the Salaries of Workers While EPO Management Snorts Cocaine for 20,000 Euros a Month
- "Read more in these written comments we sent to the members of the GCC"
- Response to Another New Hit Piece About Richard Stallman (RMS)
- We see similar smears floating about and tackling them can help not only RMS but anyone who thinks similarly about computers
- Shrinking and Cheapening the Workforce: the Future of Red Hat and IBM
- Does Red Hat cheapen the workforce?
- Links 10/11/2025: BBC Turmoil and Iranian Drought Crisis
- Links for the day
- The Register MS Still Occasionally Uses Slop
- some articles don't use real images
- Links 10/11/2025: "Scam Altman Gets Served Subpoena" and "China will Rule Renewable Energy"
- Links for the day
- ubuntupit.com Has Paused the LLM Slop (for Now)
- No slopfarm ever offered any real value
- More Media Coverage From Austria Regarding Cocaine Use by EPO Management
- The ultimate goal is full accountability
- Ponzi Economics and the Media's Role in Defending Ponzi Economics
- We occasionally notice weak or almost-non-existent coverage regarding the economy
- Links 10/11/2025: Very High Windows TCO and XBox Continues to Languish
- Links for the day
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Sunday, November 09, 2025
- IRC logs for Sunday, November 09, 2025
Comments
saulgoode
2010-07-01 14:10:44
Not just trust the vendor, but also those with whom they've shared the source code (subcontractors, governments, large corporate clients, etc).
It is noteworthy that there were claims that the recent attack on Google stemmed from sources within the Chinese government (with whom MS shares its source code), it is not that surprising that Google would quickly put an end to a situation where the malware authors get to see the Windows source code and they do not.
Dr. Roy Schestowitz
2010-07-01 14:17:26