[LINK] Animated cursor flaw in All Windows

Kim Holburn kim at holburn.net
Wed Apr 4 18:48:51 AEST 2007 

On 2007/Apr/04, at 9:27 AM, Adrian Chadd wrote:
> On Wed, Apr 04, 2007, grove at zeta.org.au wrote:
>> On Wed, 4 Apr 2007, Howard Lowndes wrote:
>>
>>> Mike Shearer wrote:
>>>> (I'm about to switch to Apple and open source so it's not a  
>>>> compelling
>>>> issue).
>>>
>>> Which are you doing, Apple != open source
>>
>> But Apple's BSD based OSX has just about every popular component  
>> that is
>> available in Linux and in all other UNIX OS (except for SCO, where
>> you are just lucky if someone stuck it on Freebird).
>> And with deft GCC skills, you can have the rest, too  (Except for
>> SCO, which wants to make sure you pay to use GCC as well as their
>> own broken offering).
>
> People keep thinking Apple OSX == BSD based. Grr!
>
> * Some of the drivers may have been ripped from *BSD;
> * The Mach kernel ain't BSD; and
> * Some of the UNIX userland may have been ripped from *BSDs, but!
> * There's a -lot- of Apple-specific code floating around the operating
>   system to implement all the stuff UNIX doesn't give you and that  
> could
>   be hiding some pretty nasty bugs.

A bit of a long bow here.  What is lurking in Windows code eh?  Many  
parts of MacOS X are open at least.

> The way to gauge security of a platform isn't its public security  
> history -

Why ever not?  Because Windows has such an absolutely abysmal record  
that is not shared by the other major OS's?  Even where an OS  
application like apache has a bigger share of the market than windows  
it is much more secure than its windows equivalent.

Also because windows is private code there are millions of systems  
out there that are too old and MS has decided not to provide updates  
for any more and no-one else can.  This is a disaster.  Open Source  
OSes have shown it's possible to keep providing security updates for  
many, many years.

> its by auditing the thing.

That too, and with many eyes.

> The month of apple bugs showed Apple is capable
> of the same kinds of bugs that pop up in Windows software.

The month of apple bugs shows that people are doing stuff to make it  
more secure.  This is a good thing.

The critical problem with MS OS's is the default settings and the  
capability of launching almost anything by clicking on it or worse  
just viewing it, making everything easy for non-techie users.  A good  
and secure OS can be may insecure with bad defaults.

Consider: linux mostly insists that you run everyday operations as a  
non-privileged user.  Windows doesn't allow you to do lots of things  
like run many applications as a non-privileged user.  Ever try  
burning a CD as a normal user on windows?

A badly designed OS with inherent security problems is even less  
secure with bad defaults.  Having a compulsory web browser tied into  
the kernel with an insecure programming language (Active-X) that can  
download and run ... ahhh don't get me started.

Kim

--
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294  M: +39 3494957443
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

More information about the Link mailing list