Eye on Security: Red Hat Explains Why Windows is Less Secure, New Windows 0-Day Attack
- Dr. Roy Schestowitz
- 2010-07-01 13:46:45 UTC
- Modified: 2010-07-01 13:46:45 UTC
Summary: Comparative security news from this week
●
Open Source is Inherently More Secure, Says Red Hat (Microsoft
admits silent patching it never discloses)
But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built. President Reagan was fond of saying to Soviet leader Mikhail Gorbachev, "Trust, but verify." With proprietary software, you simply have to trust.
Microsoft, for example, pushes out security updates on the second Tuesday of every month. Bressers said they can't do that. Microsoft has the advantage of hiding security flaws and working on them at their leisure, but with open source software, that's not possible because everyone can see that there's a problem and they expect it to be fixed right away.
And if a security hole isn't plugged quickly enough, you can fix it yourself, Bressers explained.
An example of the power of open source is the ping of death bug. Back in the late 1990s someone figured out that if you send a giant ICMP packet to a computer, just about any computer, it will crash. The bug affected every operating system, routers, printers, etc. When the problem was discovered, the open source Linux operating system had the bug squashed in about 2 hours, Bressers recalled. The closed source operating system vendors, however, took days, weeks and even months to make and distribute a patch for the ping of death.
●
Microsoft: 10,000 PCs hit with new Windows XP zero-day attack
Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.
Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.
●
New Windows Live Messenger has same old privacy problems
Why do I get the impression that some folks at Microsoft just don’t get it?
●
Privacy problems persist in latest Windows Messenger 2011 beta [
via]
Earlier versions of Messenger played fast and loose with your privacy. The new Live Messenger 2011, currently in beta, suffers from some of the same defects
Recent Techrights' Posts
- [Meme] Being Believed, Not Censored or Defamed
- Daniel Pocock, Zini, and John Sullivan (FSF)
- Taking Things Up a Notch
- we strive/aim towards 15-25 new pages per day, i.e. around 500 per month or 6,000 per year
-
- Windows in South Korea: From 98.5% in 2010 to About 30% (Android Rises to Almost 50%)
- Samsung ships like a million Linux devices per day
- Improving Site Navigation for Easier Discovery and Catch-ups
- This site is run by code we wrote ourselves
- LibrePlanet 2024 Recordings
- Let's hope independent recordings by viewers can help recovery of "lost talks" (recordings)
- GNU/Linux Reaches 11% Market Share in the United States Of America - an All-Time High
- The United States Of America is where the operating system started (Boston) and where Linus Torvalds works (Portland)
- Links 11/05/2024: XBox Crisis, Spotify Exodus Continues
- Links for the day
- Gemini Links 11/05/2024: Why to Delete GitHub
- Links for the day
- In Europe, Bing Fell Every Month This Year, Lost a Considerable Share Since "Bing Chat" and All the Chatbot Hype
- Microsoft's Bing has had many layoffs lately
- Links 11/05/2024: Analysis of the Microsoft Crisis and Backdoor-Looking Bugs
- Links for the day
- Attacking the Messenger?
- Stack Overflow and LLM licencing
- Microsoft Fired Loads of Staff in Kenya, Which is Another Large Country Where GNU/Linux Has Grown a Lot
- Microsoft pays Kenyans only 2 dollars an hour for an IT/office job
- Knowing the True History of Debian, Owing to Irish Debian Developer Daniel Pocock (Currently Running to Become Member of the European Parliament)
- Irish-Australian and scapegoat of a highly dysfunctional 'Debian family'
- Attacking by Credentials
- Modest people do not demand fancy titles
- Microsoft Windows Used to Have 99% of the OS Market in Jordan, Now It's Just 13% (Less Than iOS)
- Based on the data of statCounter, GNU/Linux in Jordan climbed from 0.62% in May 2014 to nearly 5% right now
- More Nations Are Reaching and Exceeding 5% Market Share for GNU/Linux, Microsoft Wants to be Bailed Out Again
- Microsoft is once again reaching out to Biden for a bailout - a subject we'll cover in a video some time this weekend
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Friday, May 10, 2024
- IRC logs for Friday, May 10, 2024
- [Meme] What Do You Call a Woman Who Does BDS on Free Software? Elana Hamasman.
- Here are some confused thoughts
- [Meme] Mission Aborted
- Mission Aborted: cancel RMS
- Gemini Links 10/05/2024: Love Is Infinite and Books vs Internet
- Links for the day
- Links 10/05/2024: Fears Over TSMC, Microsoft Loses Major Patent Case
- Links for the day
- Links 10/05/2024: Burner Phones in 6-Eyes Government, “Hatred and Demonization” on the Rise
- Links for the day
- Microsoft Layoffs and Closures Now Reported in Africa
- Microsoft Uninstalls Nigeria as it closes African Development Centre (ADC) in Lagos
- [Video] Richard Stallman, "I Saw You Playing Your Recorder in Paris" (Due to Proprietary Software Only)
- Corporate autocrats do not want counterparts or alternatives to even exist
- Five Years After the Extensive Campaign of Defamation Against Richard Stallman He's Still Giving Public Talks
- "Richard Stallman will give a talk, in French, Free Software and Freedom in a Digital Society at Centrale Supelec in Saclay, on May 15."
- Microsoft Is Rebranding Its 'Chatbot' Search for the Third Time Because It Fails to Gain Adoption
- it always means that something has failed - not that they'll openly admit it
- Richard Stallman Gives a Talk in Paris Next Week (in French) and It's About Freedom
- another talk, which he has only just announced
- Pace Up, Distractions Down
- We've made our curation process faster and more efficient
- In Algeria, GNU/Linux Estimated to Have Grown Tenfold in a Decade
- a sharp rise in GNU/Linux usage
- [Meme] Red Hat Diversity
- Red Hat: don't mention Haghighi
- Our Sister Site Turns 20 in Exactly One Month
- twentieth anniversary of the site
- Corporate Media Focuses on Who's Suing Red Hat, Not What It's Sued For
- The unfortunate thing is, anybody who has an opinion on this lawsuit will inevitably be framed as "pro-Trump" or "anti-Trump"
- Links 10/05/2024: Many More Microsoft Layoffs on the Way
- Links for the day
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Thursday, May 09, 2024
- IRC logs for Thursday, May 09, 2024
- Microsoft OSI Uses Its Money to Hire PR Agencies That Spy and Spread Mindless Openwashing of GPL-Violating Microsoft Ploy
- `We're under attack. But the attackers smile at us and hire PR firms to spy, mislead etc.
- Gemini Links 10/05/2024: geminispace.info to Shut Down in 3 Weeks
- Links for the day
- In Nigeria, Africa's (by Far) Largest Population, Microsoft Bing is the 0%
- To Microsoft, Africa is just "someplace" to get intensive, hard-working human 'resources' (tech labour) at 2 dollars 'apiece' as in per person per hour
Comments
saulgoode
2010-07-01 14:10:44
Not just trust the vendor, but also those with whom they've shared the source code (subcontractors, governments, large corporate clients, etc).
It is noteworthy that there were claims that the recent attack on Google stemmed from sources within the Chinese government (with whom MS shares its source code), it is not that surprising that Google would quickly put an end to a situation where the malware authors get to see the Windows source code and they do not.
Dr. Roy Schestowitz
2010-07-01 14:17:26