__/ [Erik Funkenbusch] on Friday 14 October 2005 18:26 \__
> On Fri, 14 Oct 2005 13:29:21 +0100, Roy Schestowitz wrote:
>> __/ [Erik Funkenbusch] on Friday 14 October 2005 01:39 \__
>>> On 13 Oct 2005 14:21:52 -0700, Daeron wrote:
>>>> Opportunities for hackers
>>>> anon Oct 05 2005
>>>> As we all knew, it was only a matter of time before the new Windows
>>>> Vista's supposed security was to be compromised.
>> Given that all Vista code is a recent fallback to XP (or Server 2003), I
>> speculate that we ("we" not as in prospective users) are yet to see many
>> further delays. If the product is unleashed in late 2006, there will be
>> an 'onslaught' of on-line updates, i.e. patches. This means that people
>> will get some rudimentary, opaque binaries and development will continue
>> at Redmond, committing the changes to people's computers very rapidly.
> It's hardly a fallback to XP. You make it sound like it's XP with a new
> shell bolted on.
> There has been a significant amount of work done for both security and new
> features. While i'm sure we'll see new vulnerabilities in Vista (Any
> complex system will have bugs), Vista will be much less susceptible to
> exploiting them than previous versions. New security features like "low
> rights" IE and explicit instantiation of ActiveX controls will help
> immensely. "low rights" drops all rights of the user that are not
> needed by a browser, even if you're running as an administrator. explicit
> instantiation requires that controls be marked explicitly as safe for IE
> (as opposed to the current generic "safe for scripting" markings).
>> Vista had to be re-built from scratch and I can only imagine the mess
>> involved with keeping up-to-date the bug fixes from 2000, ME, XP and now
>> incorporating them into Vista. That's why WinFS and all the other
>> 'innovative' stuff was put on hold. As M$ struggles for survival, it is
>> trying to get its s*** together when it comes to security. It's total
>> chaos behind the stage.
> No, AFAIK Windows wasn't rebuilt from scratch, though it was re-evaluated
> from square one, and many of the modules were changed to make Windows more
> modular (largely making dependancies more coherant from what I can tell).
> A great deal of security work was done on 2003, and that work paid off
> greatly. 2003 was much less vulnerable to exploits, even when a
> vulnerability was still present. nearly 4 additional years of security
> improvements will have been made by the time Vista ships. Maintaining
> patches is not difficult at all, since they just get folded into the
> development cycle.
As I attempt to connect (5 minutes ago) to a site and see the state of my
new machine's delivery, I notice the aspx suffix and soon realise that the
whole site is down. This is embarrassing to any company that is the size of
the company in question.
If only you knew how much experimental code I have run in this current
session (see sig), much of it was run continuously overnight and was
largely buggy academic code.
Linux machines can endure that stuff without sweating. I have has no memory
leaks and as a matter of fact, the last time I shut down this machine, it
was for no particular reason. I can't recall ever being forced a downtime
on this work-thirsty desktop machine. We are talking about the past 2
years here. And no, I was never forced to re-compile my kernel either.
It is usually the small things that serve as a proof of concept for the fact
that Linux just /works/. Windows, from my very, very long experience with
it, simply cannot cope. Windows opens a whole new world of error-prone
operation and plenty of maintenance (scans, FS checks, defragmentations,
>>> I guess that proves how insecure Linux is then, right?
>> I don't know if a troll wrote this, or perhaps it's sarcasm.
> Of course it was sarcasm. The "right?" comment was a clear indication of
>> As far as I
>> know, the revelation by the Austrian was concerned with hacking Monad
>> "from the bottom", not using it maliciously.
> The viruses he wrote, while benign were proof of concepts that could be
> used maliciously.
> My point was that Monad was no more insecure than any Linux shell.
Perhaps at the level of scripting, but that's not the point /at all/.
Roy S. Schestowitz | Proprietary cripples communication
http://Schestowitz.com | SuSE Linux | PGP-Key: 74572E8E
2:55am up 50 days 15:09, 3 users, load average: 0.97, 0.93, 0.55
http://iuron.com - next generation of search paradigms