Eye on Security: Red Hat Explains Why Windows is Less Secure, New Windows 0-Day Attack
- Dr. Roy Schestowitz
- 2010-07-01 13:46:45 UTC
- Modified: 2010-07-01 13:46:45 UTC
Summary: Comparative security news from this week
●
Open Source is Inherently More Secure, Says Red Hat (Microsoft
admits silent patching it never discloses)
But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built. President Reagan was fond of saying to Soviet leader Mikhail Gorbachev, "Trust, but verify." With proprietary software, you simply have to trust.
Microsoft, for example, pushes out security updates on the second Tuesday of every month. Bressers said they can't do that. Microsoft has the advantage of hiding security flaws and working on them at their leisure, but with open source software, that's not possible because everyone can see that there's a problem and they expect it to be fixed right away.
And if a security hole isn't plugged quickly enough, you can fix it yourself, Bressers explained.
An example of the power of open source is the ping of death bug. Back in the late 1990s someone figured out that if you send a giant ICMP packet to a computer, just about any computer, it will crash. The bug affected every operating system, routers, printers, etc. When the problem was discovered, the open source Linux operating system had the bug squashed in about 2 hours, Bressers recalled. The closed source operating system vendors, however, took days, weeks and even months to make and distribute a patch for the ping of death.
●
Microsoft: 10,000 PCs hit with new Windows XP zero-day attack
Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.
Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.
●
New Windows Live Messenger has same old privacy problems
Why do I get the impression that some folks at Microsoft just don’t get it?
●
Privacy problems persist in latest Windows Messenger 2011 beta [
via]
Earlier versions of Messenger played fast and loose with your privacy. The new Live Messenger 2011, currently in beta, suffers from some of the same defects
Recent Techrights' Posts
- A Lot of Technological 'Progress' Has Been Nothing But Buzzwords
- Free software does not try to excite people people over nothing
- Proprietary Software: Here Today, Gone Tomorrow
- Proprietary software has an entirely different mindset, revolving around business models rather than science
- Web Hostnames Down to Lowest Number in More Than 7 Years!
- the number of hostnames is falling rapidly (they hide this by choosing logarithmic scale)
- Over at Tux Machines...
- 2 days' worth
- Stop Begging Companies That Don't Value Your Freedom to Stop Pushing You Around
- That's not freedom
- The forbidden topics
- There are forbidden topics in the hacker community
- Curation and Preservation Work
- The winter is coming soon and this means our anniversary is near
-
- Links 30/09/2023: Bing Almost Offloaded Due to Failure/Losses, Nvidia Raided
- Links for the day
- Community is the Lifeblood of Freedom in the GNU/Linux World
- Removing or undoing the "cancerd" (systemd) is feasible but increasingly difficult
- Richard Stallman Says He Will Probably Live Many More Years
- "Richard Stallman has cancer. Fortunately it is slow-growing and manageable follicular lymphona, so he will probably live many more years nonetheless. But he now has to be even more careful not to catch Covid-19."
- Quitting 'Clown Computing' and GAFAM is Only the Start
- The Web and the Net at large became far too centralised
- They Say Free Software is Like Communism When They, the Proprietary Software Giants, Constantly Pursue Government Bailouts (Subsidies From Taxpayers)
- At the moment Ukraine is at most risk due to its dependence on Microsoft (inside its infrastructure)
- Social Control Media Has No Future, It Was Always Doomed to Fail (Also Promoted Based on Lies)
- Recent events, including developments at Twitter, meant that they lost a lot of their audience and then, in turn, sponsors/advertisers
- They're Been Trying to 'Kill' Richard Stallman for Years (by Mentally Tormenting Him)
- Malicious tongue wanted to do him what had been done to Julian Assange
- We Temporarily Have Two Gemini Capsules
- They're both authentic and secure, but they're not the same
- Consumerism is Lying and Revisionism
- We need to reject these liars and charlatans
- Links 30/09/2023: Open VFS Framework, CrossOver 23.5, Dianne Feinstein Dies
- Links for the day
- Security Leftovers
- GNU/Linux, Microsoft, and more
- Microsoft Down on the World Wide Web, Shows Survey
- down by a lot in this category
- IRC Proceedings: Friday, September 29, 2023
- IRC logs for Friday, September 29, 2023
- A Society That Fails Journalists Does Not Deserve Journalism
- It's probably too later to save Julian Assange as a working publisher (he might never recover from the mental torture), but as a person and a father we can wish and work towards his release
- Almost Nothing To Go With Your Morning's Cup Of Coffee
- Newspaper? What newspaper?
- Techrights Was Right About the Chaff Bots (They Failed to Live up to Their Promise)
- Those who have been paying attention to news of substance rather than fashionable "tech trends" probably know that GNU/Linux grew a lot this year
- Selling Out to Microsoft Makes You Dead Beef
- If all goes as well as we've envisioned, Microsoft will get smaller and smaller
- Mobile Phones Aren't Your Friend or a Gateway to Truly Social Life
- Newer should not always seem more seductive, as novelty is by default questionable and debatable
- Links 29/09/2023: Disinformation and Monopolies
- Links for the day
- iFixit Requests DMCA Exemption…To Figure Out How To Repair McDonald’s Ice Cream Machines
- Reprinted with permission from Ryan Farmer
- Jim Zemlin Thinks the World's Largest Software Company Has 200 Staff, Many of Whom Not Technical at All
- biggest ego in the world
- Microsoft GitHub Exposé — In the Alex Graveley Case, His Lawyer, Rick Cofer, Appears to Have Bribed the DA to Keep Graveley (and Others) Out of Prison
- Is this how one gets out of prison? Hire the person who bribes the DA?
- Richard Stallman's Public Talk in GNU's 40th Anniversary Ceremony
- Out now
- Links 29/09/2023: Linux Foundation Boasting, QLite FDW 2.4.0 Released
- Links for the day
- Red Hat Does Not Understand Community and It's Publicly Promoting Microsoft's Gartner
- RedHat.com is basically lioning a firm that has long been attacking GNU/Linux in the private and public sectors at the behest of Microsoft
- A 'Code of Conduct' Typically Promoted by Criminal Corporations to Protect Crimes From Scrutiny
- We saw this in action last week
- Objections to binutils CoC
- LXO response to proposed Code of Conduct
- Conde Nast (Reddit), Which Endlessly Defamed Richard Stallman and Had Paid Salaries to Microsoft-Connected Pedophiles, Says You Must Be Over 18 to See 'Stallman Was Right'
- Does this get in the way of their Bill Gates-sponsored "Bill Gates says" programme/schedule?
- Techrights Extends Wishes of Good Health to Richard M. Stallman
- Richard Stallman has cancer
- endsoftwarepatents.org Still Going, Some Good News From Canada
- a blow to software patents in Canada
- The Debian Project Leader said the main thing Debian lacked was more contributors
- The Debian Project Leader said the main thing Debian lacked was more contributors
- IRC Proceedings: Thursday, September 28, 2023
- IRC logs for Thursday, September 28, 2023
- Links 28/09/2023: Openwashing and Patent Spam as 'News'
- Links for the day
- Links 28/09/2023: Preparing Red Hat Enterprise Linux 8.9 and 9.3 Beta
- Links for the day
- We Need to Liberate the Client Side and Userspace Too
- Lots of work remains to be done
- Recent IRC Logs (Since Site Upgrade)
- better late than never
- Techrights Videos Will be Back Soon
- We want do publish video without any of the underlying complexity and this means changing some code
- Microsoft is Faking Its Financial Performance, Buying Companies Helps Perpetuate the Big Lies (or Pass the Debt Around)
- Our guess is that Microsoft will keep pretending to be huge, even as the market share of Windows (and other things) continues to decrease
- Techrights Will Tell the Story (Until Next Year!) of How Since 2022 It Has Been Under a Coordinated Attack by a Horde of Vandals and Nutcases
- People like these belong in handcuffs and behind bars (sometimes they are) and our readers still deserve to know the full story. It's a cautionary tale for other groups and sites
- Why It Became Essential to Split GNU/Linux Stories from the Rest
- These sites aren't babies anymore. In terms of age, they're already adults.
- Losses and Gains in an Age of Oligarchy - A Techrights Perspective
- If you don't even try to fix something, there's not even a chance it'll get fixed
- Google (and the Likes Of It) Will Cause Catastrophic Information Loss Rather Than Organise the World's Information
- Informational and cultural losses due to technological plunder
- Links 28/09/2023: GNOME 45 Release Party, 'Smart' Homes Orphaned
- Links for the day
- Security Leftovers
- Xen, breaches, and more
- GNOME Console Won’t Support Color Palettes or Profiles; Will Support Esperanto
- Reprinted with permission from Ryan Farmer
Comments
saulgoode
2010-07-01 14:10:44
Not just trust the vendor, but also those with whom they've shared the source code (subcontractors, governments, large corporate clients, etc).
It is noteworthy that there were claims that the recent attack on Google stemmed from sources within the Chinese government (with whom MS shares its source code), it is not that surprising that Google would quickly put an end to a situation where the malware authors get to see the Windows source code and they do not.
Dr. Roy Schestowitz
2010-07-01 14:17:26