__/ [ Linonut ] on Wednesday 13 September 2006 18:16 \__
> After takin' a swig o' grog, Peter Köhlmann belched out this bit o' wisdom:
>
>> http://www.heise-security.co.uk/news/78112
>>
>> MS horde of incompetent monkeys at their best
>> --
>> Microsoft's Guide To System Design:
>> Form follows malfunction.
>
> Another link on that page:
>
> http://www.heise-security.co.uk/articles/76382
>
> Symantec's Matthew Conover has taken a look at the versions of Vista
> currently available and describes how the new security mechanisms
> work. Once again, Microsoft has not moved away from the concept that
> user accounts created during installation have administrator rights.
> The accounts are, however, created as "Least-Privilege User Accounts"
> (LUA). User Account Protection (UAP) is to ensure that processes only
> get administrator rights with prior user consent, i.e. when the
> user's password is entered. Internet Explorer even makes do with
> fewer rights than normal user processes. To insure backwards
> compatibility, the Redmond developers have introduced a
> virtualization layer for file and registry access that allows a
> process, for instance, to open and write to a persistent personal
> copy of the global write-protected file win.ini.
>
> Conover also analyzes a number of weak points in this concept and
> even describes a number of ways to attack the operating system by
> having a contaminant with the lowest rights attained from Internet
> Explorer work its way up to system rights. However, the specific weak
> points he utilized have already been remedied in recent beta versions
> of Vista.
Microsoft could learn more from *nix.
http://software.newsforge.com/software/06/08/02/168238.shtml?tid=79&tid=138
SudoWn brings Unix-like sudo to Windows
Perhaps the company is too proud to embrace the /correct/ approach. Not quite
the case with Google though...
,----[ Quote ]
| If you can't beat them, copy them. At first glance, that seems to be
| Microsoft's strategy to capture more of the search market.
`----
http://yahoo.businessweek.com/technology/content/sep2006/tc20060913_775215.htm
|
|