[conspire] Buggy ATI Driver (and others) Leaves Vista Open to Attack
a_lamothe at yahoo.com
Tue Aug 28 13:08:44 PDT 2007
Like I said, they could have done it if they really wanted to.
At least we can chose not to use Windows. However, an even bigger annoyance is all the companies migrating their web apps to the LAMP stack, yet insisting to use .NET (we can thank Novell and their GNOMEs for that one). I thought MONO was a good project as a defensive measure, to insure .NET compatibility if necessary, but then the GNOME people decided they wanted to use .NET everywhere. So, the tick still has it's suckers firmly implanted.
Rick Moen <rick at linuxmafia.com> wrote: Quoting Adrien Lamothe (a_lamothe at yahoo.com):
> No reason MS couldn't have cleaned up the code behind the API and
> messaging model.
Actually, there is a reason. As Chris "Foon" Paget explained it, in the
How is everyone gonna fix this? I can see two quick and dirty methods
which will break a whole lotta functionality, and one very long-winded
solution which is never going to be a total solution. Let me explain.
1. Don't allow people to enumerate windows Nasty. Multiple breakages.
Theoretically possible, but I'd hate to see people trying to work around
not knowing what windows are on the desktop when they need to.
2. Don't allow messages to pass between applications with different
privileges Means that you couldn't interact with any window on your
desktop that's not running as you; means that VirusScan at the very
least (probably most personal firewalls, too) would need a whole lotta
3. Add source info to messages, and depend on applications to decide
whether or not to process the messages Would need an extension to the
Win32 API, and a whole lotta work for people to use it. Big job, and
people would still get it wrong. Look at buffer overflows - they've been
around for years, and they're still fairly common.
They didn't do any of those things.
> MS has a history of shoe-horning code from their older OSes into the
> newer ones.
...handicapping security by doing so, yes. E.g., LanMan authentication
still persists, long after better replacements appeared.
conspire mailing list
conspire at linuxmafia.com
Be a better Heartthrob. Get better relationship answers from someone who knows.
Yahoo! Answers - Check it out.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the conspire