begin oe_protect.scr
Sinister Midget <phydeaux@xxxxxxxxxxxxxx> espoused:
> On 2006-07-13, Oliver Wong <owong@xxxxxxxxxxxxxx> posted something concerning:
>> "Roy Schestowitz" <newsgroups@xxxxxxxxxxxxxxx> wrote in the subject line of
>> message news:2414231.W7WdUWQc8Q@xxxxxxxxxxxxxxxxxx
>>> Vista Holey Even Before Release?
>>
>> Is it really fair to criticize a product for flaws before it's released?
>> I'm sure programmers all over the world have, at one point in their career,
>> compiled their program, ran it, and discovered a bug. Does that nescessarily
>> mean that all future versions of that program are to be condemned?
>
> I agree.
>
> "The rootkit wars have started to escalate with a rootkit named
> Rustock which is able to remain hidden from all the popular
> anti-rootkit tools. It uses some new techniques including not only
> putting itself in a ADS (NTFS alternate data stream) which isn't
> seen by normal file system enumeration tools, but even blocks ADS
> aware tools from seeing the stream. Works in Vista, too!..."
>
> I see that: "Works in Vista, too!"
>
> Let's leave Fisted alone and make fun of the rest of them for being
> screwed the same way. We'll have plenty of time to make fun of that one
> once it hits the streets. Assuming any of us are still alive then.
>
Is it likely that problems found in Vista now will have any impact other
than to delay release? I think it's reasonable to highlight such
problems, because anyone seriously considering rolling out Vista for its
huge range of advantages over XP will need to be aware of any additional
delays, and might also be interested in considering alternatives such as
linux. I think we should note these things here, and I would hope that
Roy will continue to do so, but I think the likely impact should be
noted as possible further delays in delivery rather than anything else.
Of course, that would assume that MS will attempt to fix the problems.
Also, there is a second viewpoint to consider - betas of Vista have been
out, so it would not be unreasonable to comment on issues regarding
those betas. From a free-software viewpoint, where we have unstable and
testing and stable and deprecated code, the
alpha/beta/shipping/unsupported model doesn't fit all that well. We
expect problems to be fixed in unstable or testing code, but they might
be fixed through bug-fixes anyway, whereas in stable code, we expect to
see the security problems fixed, but the code remain otherwise the same.
The whole model for open-source software security is different to
proprietary software, so making comparisons can be challenging.
Further, security patches in free software are not used to include new
restrictions or spyware packages (like wga), so again, the model is so
different as to defy any simple comparisons.
--
| Mark Kent -- mark at ellandroad dot demon dot co dot uk |
Killing turkeys causes winter.
|
|