Eye on Security: Red Hat Explains Why Windows is Less Secure, New Windows 0-Day Attack
- Dr. Roy Schestowitz
- 2010-07-01 13:46:45 UTC
- Modified: 2010-07-01 13:46:45 UTC
Summary: Comparative security news from this week
●
Open Source is Inherently More Secure, Says Red Hat (Microsoft
admits silent patching it never discloses)
But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built. President Reagan was fond of saying to Soviet leader Mikhail Gorbachev, "Trust, but verify." With proprietary software, you simply have to trust.
Microsoft, for example, pushes out security updates on the second Tuesday of every month. Bressers said they can't do that. Microsoft has the advantage of hiding security flaws and working on them at their leisure, but with open source software, that's not possible because everyone can see that there's a problem and they expect it to be fixed right away.
And if a security hole isn't plugged quickly enough, you can fix it yourself, Bressers explained.
An example of the power of open source is the ping of death bug. Back in the late 1990s someone figured out that if you send a giant ICMP packet to a computer, just about any computer, it will crash. The bug affected every operating system, routers, printers, etc. When the problem was discovered, the open source Linux operating system had the bug squashed in about 2 hours, Bressers recalled. The closed source operating system vendors, however, took days, weeks and even months to make and distribute a patch for the ping of death.
●
Microsoft: 10,000 PCs hit with new Windows XP zero-day attack
Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.
Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.
●
New Windows Live Messenger has same old privacy problems
Why do I get the impression that some folks at Microsoft just don’t get it?
●
Privacy problems persist in latest Windows Messenger 2011 beta [
via]
Earlier versions of Messenger played fast and loose with your privacy. The new Live Messenger 2011, currently in beta, suffers from some of the same defects
Recent Techrights' Posts
- Software Freedom Conservancy (SFC), Inc. vs. Vizio, Inc. Is Costing the Free Software Foundation Money
- FSF subpoena and deposition
- They Try to Replace the Creators of GNU/Linux and Hijack Their Word, Work, and Reputation
- gnu.org is down at the moment; now I'm told it's back but very slow. DDoS?
- Links 05/05/2024: Political Cyberattacks From Russia and Google Getting a Lot Worse
- Links for the day
-
- Death of Michael Anthony Bordlee, New Orleans, Louisiana
- Reprinted with permission from disguised.work
- The Revolution Continues
- Today we've published over 20 pages and tomorrow we expect more or less the same
- Death of Dr Alex Blewitt, UK
- Reprinted with permission from disguised.work
- Following the Herd (or HURD)
- Society advances owing to people who think differently and promote positive change, not corporate shills
- Thiemo Seufer & Debian deaths: examining accidents and suicides
- Reprinted with permission from disguised.work
- Gemini Links 05/05/2024: Infobesity and Profectus Beta 1.0
- Links for the day
- Running This Site Mostly a Joyful Activity
- The real problem or the thing that we need to cancel is this "Cancel Culture"
- Australia Has Finally Joined the "4% Club" (ChromeOS+GNU/Linux)
- statCounter stats
- Debian as a Hazardous Workplace Where No Accountability Exists (Nor Salaries)
- systematic exploitation of skilled developers by free 'riders' (or freeloaders) like Google, IBM, and Microsoft
- Clownflare Isn't Free and Its CEO Openly Boasted They'd Start Charging Everyone to Offset the Considerable Losses (It's a Trap, It's Just Bait)
- Clownflare has collapsed
- Apple Delivered Very Disappointing Results, Said It Would Buy Its Own Shares (Nobody Will Check This), Company's Debt Now Exceeds Its Monetary Assets
- US debt is now 99.98 trillion dollars
- FSFE Still Boasts About Working Underage People for No Pay
- without even paying them
- IRC Proceedings: Saturday, May 04, 2024
- IRC logs for Saturday, May 04, 2024
- Over at Tux Machines...
- GNU/Linux news for the past day
- The Persecution of Richard Stallman
- WebM version of a new video
- Molly de Blanc has been terminated, Magdalen Berns' knockout punch and the Wizard of Oz
- Reprinted with permission from disguised.work
- [Meme] IBM's Idea of Sharing (to IBM)
- the so-called founder of IBM worshiped and saluted Adolf Hitler himself
- Neil McGovern & Debian: GNOME and Mollygate
- Reprinted with permission from disguised.work
- [Meme] People Who Don't Write Code Demanding the Removal of Those Who Do
- She has blue hair and she sleeps with the Debian Project Leader
- Jaminy Prabaharan & Debian: the GSoC admin who failed GSoC
- Reprinted with permission from disguised.work
- Jonathan Carter, Matthew Miller & Debian, Fedora: Community, Cult, Fraud
- Reprinted with permission from disguised.work
- Techrights This May
- We strive to keep it lean and fast
- Links 04/05/2024: Attacks on Workers and the Press
- Links for the day
- Gemini Links 04/05/2024: Abstractions in Development Considered Harmful
- Links for the day
- Links 04/05/2024: Tesla a "Tech-Bubble", YouTube Ads When Pausing
- Links for the day
- Free Software Community/Volunteers Aren't Circus Animals of GAFAM, IBM, Canonical and So On...
- Playing with people's lives for capital gain or "entertainment" isn't acceptable
- [Meme] The Cancer Culture
- Mission accomplished?
- Germany Transitioning to GNU/Linux
- Why aren't more German federal states following the footsteps of Schleswig-Holstein?
- IRC Proceedings: Friday, May 03, 2024
- IRC logs for Friday, May 03, 2024
- Over at Tux Machines...
- GNU/Linux news for the past day
- Alexander Wirt, Bucha executions & Debian political prisoners
- Reprinted with permission from disguised.work
- Links 03/05/2024: Clownflare Collapses and China Deploys Homegrown Aircraft Carrier
- Links for the day
- IBM's Decision to Acquire HashiCorp is Bad News for Red Hat
- IBM acquired functionality that it had already acquired before
- Apparently Mass Layoffs at Microsoft Again (Late Friday), Meaning Mass Layoffs Every Month This Year Including May
- not familiar with the source site though
- Gemini Links 03/05/2024: Diaspora Still Alive and Fight Against Fake News
- Links for the day
- [Meme] Reserving Scorn for Those Who Expose the Misconduct
- they like to frame truth-tellers as 'harassers'
- Why the Articles From Daniel Pocock (FSFE, Fedora, Debian Etc. Insider) Still Matter a Lot
- Revisionism will try to suggest that "it's not true" or "not true anymore" or "it's old anyway"...
- Links 03/05/2024: Canada Euthanising Its Poor and Disabled, Call for Julian Assange's Freedom
- Links for the day
- Dashamir Hoxha & Debian harassment
- Reprinted with permission from disguised.work
- Maria Glukhova, Dmitry Bogatov & Debian Russia, Google, debian-private leaks
- Reprinted with permission from disguised.work
- Who really owns Debian: Ubuntu or Google?
- Reprinted with permission from disguised.work
- Keeping Computers at the Hands of Their Owners
- There's a reason why this site's name (or introduction) does not obsess over trademarks and such
- In May 2024 (So Far) statCounter's Measure of Linux 'Market Share' is Back at 7% (ChromeOS Included)
- for several months in a row ChromeOS (that would be Chromebooks) is growing
- Links 03/05/2024: Microsoft Shutting Down Xbox 360 Store and the 360 Marketplace
- Links for the day
- Evidence: Ireland, European Parliament 2024 election interference, fake news, Wikipedia, Google, WIPO, FSFE & Debian
- Reprinted with permission from Daniel Pocock
- Enforcing the Debian Social Contract with Uncensored.Deb.Ian.Community
- Reprinted with permission from Daniel Pocock
- Gemini Links 03/05/2024: Antenna Needs Your Gemlog, a Look at Gemini Get
- Links for the day
- IRC Proceedings: Thursday, May 02, 2024
- IRC logs for Thursday, May 02, 2024
- Over at Tux Machines...
- GNU/Linux news for the past day
Comments
saulgoode
2010-07-01 14:10:44
Not just trust the vendor, but also those with whom they've shared the source code (subcontractors, governments, large corporate clients, etc).
It is noteworthy that there were claims that the recent attack on Google stemmed from sources within the Chinese government (with whom MS shares its source code), it is not that surprising that Google would quickly put an end to a situation where the malware authors get to see the Windows source code and they do not.
Dr. Roy Schestowitz
2010-07-01 14:17:26