Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [News] [Rival] Microsoft's HackTivHacks in IE8 Comes Under Scrutiny

  • Subject: Re: [News] [Rival] Microsoft's HackTivHacks in IE8 Comes Under Scrutiny
  • From: alt <spamtrap@xxxxxxxxxxxx>
  • Date: Sun, 09 Mar 2008 06:30:33 GMT
  • Bytes: 3466
  • Newsgroups: comp.os.linux.advocacy
  • Organization: Shaw Residential Internet
  • References: <5029871.cGL8N05n7R@xxxxxxxxxxxxxxx>
  • User-agent: Pan/0.129 (Benson & Hedges Moscow Gold)
  • Xref: ellandroad.demon.co.uk comp.os.linux.advocacy:617911
On Sat, 08 Mar 2008 04:15:16 +0000, Roy Schestowitz wrote:

> Will Microsoft Change How ActiveX Runs in IE 8?
> 
> ,----[ Quote ]
> | Some security experts, like Will Dormann, a vulnerability analyst at
> the | Carnegie Mellon Software Engineering Institute CERT/CC, are
> calling for | ActiveX to be disabled from running by default in IE 8. |
> | Dormann is telling IE users that they should, from a security
> perspective, | disable ActiveX controls from running by default. "It
> would be nice if this | is something Microsoft did with the next version
> of the browser," he said. `----
> 
> http://www.eweek.com/c/a/Security/Will-Microsoft-Change-How-ActiveX-
Runs-in-IE-8/
> 
> Quote for the day:
> 
> "Windows 98 without Internet Explorer 4 is a working operation system
> and Internet Explorer 4.0 is not an vital part of Windows 98."
> 
>                 --Steven J. Vaughan-Nichols

/me ruminates...

I used to be an OS/2 user. I started out on OS/2 Warp and upgraded to 
Merlin. I was disappointed when IBM discontinued OS/2.

I remember comparing OS/2 Warp to NT 3.51. It was a simple test. Try and 
crash the 16bit VM subsystem. There was even a nifty little utility for 
doing this.

Under NT 3.51, running the tool would crash the entire win16 subsystem.

Under OS/2, if the tool was in its own subsystem, it didn't affect any 
other process. If it was in a shared subsystem, it would take down the 
entire subsystem.

You think Microsoft would've learned by even observing that 
virtualization is a good thing. But alas, instead we were stuck with 
thunking layers to improve performance at the expensive of stability 
(OS/2's Win16 speed wasn't bad either). 

Today, we have much more powerful systems than we did when OS/2 Warp was 
around. Virtualization isn't much of an issue and some systems have 
hardware virtualization which would allow performance that is barely 
slower than bare hardware. So, I have to wonder why Microsoft didn't 
virtualize the existing Win32 system and create a new subsystem for Vista 
apps? Are they incompetant? Too far behind the virtualization curve? Or 
do they just not care?

The same goes for ActiveX. They could've sandboxed it a long time ago, 
but instead they left this blatent and horribly designed security hole 
intact for years after the full realization of this heinous security 
blunder was known.

I have to think they just don't care.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index