Eye on Security: Red Hat Explains Why Windows is Less Secure, New Windows 0-Day Attack
- Dr. Roy Schestowitz
- 2010-07-01 13:46:45 UTC
- Modified: 2010-07-01 13:46:45 UTC
Summary: Comparative security news from this week
●
Open Source is Inherently More Secure, Says Red Hat (Microsoft
admits silent patching it never discloses)
But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built. President Reagan was fond of saying to Soviet leader Mikhail Gorbachev, "Trust, but verify." With proprietary software, you simply have to trust.
Microsoft, for example, pushes out security updates on the second Tuesday of every month. Bressers said they can't do that. Microsoft has the advantage of hiding security flaws and working on them at their leisure, but with open source software, that's not possible because everyone can see that there's a problem and they expect it to be fixed right away.
And if a security hole isn't plugged quickly enough, you can fix it yourself, Bressers explained.
An example of the power of open source is the ping of death bug. Back in the late 1990s someone figured out that if you send a giant ICMP packet to a computer, just about any computer, it will crash. The bug affected every operating system, routers, printers, etc. When the problem was discovered, the open source Linux operating system had the bug squashed in about 2 hours, Bressers recalled. The closed source operating system vendors, however, took days, weeks and even months to make and distribute a patch for the ping of death.
●
Microsoft: 10,000 PCs hit with new Windows XP zero-day attack
Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.
Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.
●
New Windows Live Messenger has same old privacy problems
Why do I get the impression that some folks at Microsoft just don’t get it?
●
Privacy problems persist in latest Windows Messenger 2011 beta [
via]
Earlier versions of Messenger played fast and loose with your privacy. The new Live Messenger 2011, currently in beta, suffers from some of the same defects
Recent Techrights' Posts
- Hard Evidence Reinforces Suspicion That Mark Shuttleworth May Have Worked Volunteers to Death
- Today we start re-publishing articles that contain unaltered E-mails
- A Discussion About Suicides in Science and Technology (Including Debian and the European Patent Office)
- In Debian, there is a long history of deaths, suicides, and mysterious disappearances
- [Video] Why Microsoft is by Far the Biggest Foe of Computer Security (Clue: It Profits From Security Failings)
- Microsoft is infiltrating policy-making bodies, ensuring real security is never pursued
- Harassment Against My Wife Continues
- Drug addict versus family of Techrights authors
-
- Modern Measures of 'Productivity' Boil Down to Time Wasting and Misguided Measurements/Yardsticks
- People are forgetting the value of nature and other human beings
- Countries That Beat the United States at RSF's World Press Freedom Index (After US Plunged Some More)
- The United States (US) was 17 when these rankings started in 2002
- Record Productivity and Preserving People's Past on the Net
- We're very productive these days, partly owing to online news slowing down (less time spent on curating Daily Links)
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Monday, April 29, 2024
- IRC logs for Monday, April 29, 2024
- Links 30/04/2024: Malaysian and Russian Governments Crack Down on Journalists
- Links for the day
- Frans Pop Debian Day suicide, Ubuntu, Google and the DEP-5 machine-readable copyright file
- Reprinted with permission from disguised.work
- Axel Beckert (ETH Zurich), the mentality of sexual violence on campus
- Reprinted with permission from Daniel Pocock
- [Meme] Russian Reversal
- Mark Shuttleworth: In Soviet Russia's spacecraft... Man exploits peasants
- Frans Pop & Debian suicide denial
- Reprinted with permission from disguised.work
- The Real Threats to Society Include Software Patents and the Corporations That Promote Them
- The OIN issue isn't a new one and many recognise this by now
- Links 30/04/2024: OpenBSD and Enterprise Cloaking Device
- Links for the day
- Microsoft Still Owes Over 100 Billion Dollars and It Cannot be Paid Back Using 'Goodwill'
- Meanwhile, Microsoft's cash at hand (in the bank) nearly halved in the past year.
- Workers' Right to Disconnect Won't Matter If Such a Right Isn't Properly Enforced
- I was always "on-call" and my main role or function was being "on-call" in case of incidents
- [Teaser] Ubuntu Cover-up After Death
- Attack the messenger
- The Cyber Show Explains What CCTV is About
- CCTV does not typically resolve crime
- [Video] Ignore Buzzwords and Pay Attention to Attacks on Software Developers
- AI in the Machine Learning sense is nothing new
- Outline of Themes to Cover in the Coming Weeks
- We're accelerating coverage and increasing focus on suppressed topics
- [Video] Not Everyone Claiming to Protect the Vulnerable is Being Honest
- "Diversity" bursaries aren't always what they seem to be
- [Video] Enshittification of the Media, of the Web, and of Computing in General
- It manifests itself in altered conditions and expectations
- [Meme] Write Code 100% of the Time
- IBM: Produce code for us till we buy the community... And never use "bad words" like "master" and "slave" (pioneered by IBM itself in the computing context)
- [Video] How Much Will It Take for Most People to Realise "Open Source" Became Just Openwashing (Proprietary Giants Exploiting Cost-Free or Unpaid 'Human Resources')?
- turning "Open Source" into proprietary software
- Freedom of Speech... Let's Ban All Software Freedom Speeches?
- There's a moral panic over people trying to actually control their computing
- Richard Stallman's Talk in Spain Canceled (at Short Notice)
- So it seems to have been canceled very fast
- Links 29/04/2024: "AI" Hype Deflated, Economies Slow Down Further
- Links for the day
- Gemini Links 29/04/2024: Gopher Experiment and Profectus Alpha 0.9
- Links for the day
- Debian 'Cabal' (via SPI) Tried to Silence or 'Cancel' Daniel Pocock at DNS Level. It Didn't Work. It Backfired as the Material Received Even More Visibility.
- know the truth about modern slavery
- Lucas Nussbaum & Debian attempted exploit of OVH Hosting insider
- Reprinted with permission from disguised.work
- Software in the Public Interest (SPI) is Not a Friend of Freedom
- We'll shortly reproduce two older articles from disguised.work
- Syria, John Lennon & Debian WIPO panel appointed
- Reprinted with permission from disguised.work
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Sunday, April 28, 2024
- IRC logs for Sunday, April 28, 2024
- [Video] GNU and Linux Everywhere (Except by Name)
- In a sense, Linux already has over 50% of the world's "OS" market
- [Video] Canonical Isn't (No Longer) Serious About Making GNU/Linux Succeed in Desktops/Laptops
- Some of the notorious (or "controversial") policies of Canonical have been covered here for years
- [Video] What We've Learned About Debian From Emeritus Debian Developer Daniel Pocock
- pressure had been put on us (by Debian people and their employer/s) and as a result we did not republish Debian material for a number of years
- Bruce Perens & Debian public domain trademark promise
- Reprinted with permission from disguised.work
- Links 28/04/2024: Shareholders Worry "AI" Hype Brings No Income, Money Down the Drain
- Links for the day
- Lawyer won't lie for Molly de Blanc & Chris Lamb (mollamby)
- Reprinted with permission from disguised.work
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Saturday, April 27, 2024
- IRC logs for Saturday, April 27, 2024
Comments
saulgoode
2010-07-01 14:10:44
Not just trust the vendor, but also those with whom they've shared the source code (subcontractors, governments, large corporate clients, etc).
It is noteworthy that there were claims that the recent attack on Google stemmed from sources within the Chinese government (with whom MS shares its source code), it is not that surprising that Google would quickly put an end to a situation where the malware authors get to see the Windows source code and they do not.
Dr. Roy Schestowitz
2010-07-01 14:17:26