[conspire] Buggy ATI Driver (and others) Leaves Vista Open to Attack

Adrien Lamothe a_lamothe at yahoo.com
Tue Aug 28 13:08:44 PDT 2007 

Like I said, they could have done it if they really wanted to.

At least we can chose not to use Windows. However, an even bigger annoyance is all the companies migrating their web apps to the LAMP stack, yet insisting to use .NET (we can thank Novell and their GNOMEs for that one). I thought MONO was a good project as a defensive measure, to insure .NET compatibility if necessary, but then the GNOME people decided they wanted to use .NET everywhere. So, the tick still has it's suckers firmly implanted.



Rick Moen <rick at linuxmafia.com> wrote: Quoting Adrien Lamothe (a_lamothe at yahoo.com):

> No reason MS couldn't have cleaned up the code behind the API and
> messaging model. 

Actually, there is a reason.  As Chris "Foon" Paget explained it, in the
referenced article:

  How is everyone gonna fix this? I can see two quick and dirty methods
  which will break a whole lotta functionality, and one very long-winded
  solution which is never going to be a total solution. Let me explain.

  1. Don't allow people to enumerate windows Nasty. Multiple breakages.
  Theoretically possible, but I'd hate to see people trying to work around
  not knowing what windows are on the desktop when they need to.

  2. Don't allow messages to pass between applications with different
  privileges Means that you couldn't interact with any window on your
  desktop that's not running as you; means that VirusScan at the very
  least (probably most personal firewalls, too) would need a whole lotta
  redesigning.

  3. Add source info to messages, and depend on applications to decide
  whether or not to process the messages Would need an extension to the
  Win32 API, and a whole lotta work for people to use it. Big job, and
  people would still get it wrong. Look at buffer overflows - they've been
  around for years, and they're still fairly common.

They didn't do any of those things.

> MS has a history of shoe-horning code from their older OSes into the 
> newer ones.

...handicapping security by doing so, yes.  E.g., LanMan authentication
still persists, long after better replacements appeared.



_______________________________________________
conspire mailing list
conspire at linuxmafia.com
http://linuxmafia.com/mailman/listinfo/conspire


       
---------------------------------
Be a better Heartthrob. Get better relationship answers from someone who knows.
Yahoo! Answers - Check it out. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20070828/a618c794/attachment.html>

More information about the conspire mailing list