[LINK] Animated cursor flaw in All Windows
Kim Holburn
kim at holburn.net
Wed Apr 4 19:32:02 AEST 2007
On 2007/Apr/04, at 11:14 AM, Adrian Chadd wrote:
> On Wed, Apr 04, 2007, Kim Holburn wrote:
>
>>> The month of apple bugs showed Apple is capable
>>> of the same kinds of bugs that pop up in Windows software.
>>
>> The month of apple bugs shows that people are doing stuff to make it
>> more secure. This is a good thing.
>
> There's stuff being done to Windows to make it more secure; thats a
> good thing.
There's stuff being done to make Windows 98 more secure? What? A
lot of people are running it.
> I've locked up MacOS/X's UI by screwing up my UI design in
> interface builder
> and routing messages in a loop - interesting DoS. I wonder if it
> still works..
>
>> The critical problem with MS OS's is the default settings and the
>> capability of launching almost anything by clicking on it or worse
>> just viewing it, making everything easy for non-techie users. A good
>> and secure OS can be may insecure with bad defaults.
>
> Actually, they've flipped the balance back over to too many
> questions with
> Windows.
Only on the bleeding edge and even here an incomprehensibly dialog
with a yes/no question is not exactly helpful is it?
>> Consider: linux mostly insists that you run everyday operations as a
>> non-privileged user. Windows doesn't allow you to do lots of things
>> like run many applications as a non-privileged user. Ever try
>> burning a CD as a normal user on windows?
>
> Ever try installing a packaged application as a non-privileged user
> under Linux? Applications with hard-coded binary/library/
> configuration paths
> that aren't overrideable, for example. At least I can stare at the
> install.sh
> in some of the commercial packages that do a if (uid !=0) {echo
> "Must be root
> to install me." } check.
And the problem is? You can't install software without root access.
Run that by me again - why is that a security problem? Sounds good
to me.
>> A badly designed OS with inherent security problems is even less
>> secure with bad defaults. Having a compulsory web browser tied into
>> the kernel with an insecure programming language (Active-X) that can
>> download and run ... ahhh don't get me started.
>
> Hey, go on, it'll be fun. :)
Tell me why only windows has 10,000 viruses and counting and no-one
else has to run anti-virus or anti-malware software again?
--
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294 M: +39 3494957443
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
Democracy imposed from without is the severest form of tyranny.
-- Lloyd Biggle, Jr. Analog, Apr 1961
More information about the Link
mailing list