[LINK] Animated cursor flaw in All Windows

Kim Holburn kim at holburn.net
Wed Apr 4 19:32:02 AEST 2007 

On 2007/Apr/04, at 11:14 AM, Adrian Chadd wrote:

> On Wed, Apr 04, 2007, Kim Holburn wrote:
>
>>> The month of apple bugs showed Apple is capable
>>> of the same kinds of bugs that pop up in Windows software.
>>
>> The month of apple bugs shows that people are doing stuff to make it
>> more secure.  This is a good thing.
>
> There's stuff being done to Windows to make it more secure; thats a  
> good thing.

There's stuff being done to make Windows 98 more secure?  What?  A  
lot of people are running it.

> I've locked up MacOS/X's UI by screwing up my UI design in  
> interface builder
> and routing messages in a loop - interesting DoS. I wonder if it  
> still works..
>
>> The critical problem with MS OS's is the default settings and the
>> capability of launching almost anything by clicking on it or worse
>> just viewing it, making everything easy for non-techie users.  A good
>> and secure OS can be may insecure with bad defaults.
>
> Actually, they've flipped the balance back over to too many  
> questions with
> Windows.

Only on the bleeding edge and even here an incomprehensibly dialog  
with a yes/no question is not exactly helpful is it?

>> Consider: linux mostly insists that you run everyday operations as a
>> non-privileged user.  Windows doesn't allow you to do lots of things
>> like run many applications as a non-privileged user.  Ever try
>> burning a CD as a normal user on windows?
>
> Ever try installing a packaged application as a non-privileged user
> under Linux? Applications with hard-coded binary/library/ 
> configuration paths
> that aren't overrideable, for example. At least I can stare at the  
> install.sh
> in some of the commercial packages that do a if (uid !=0) {echo  
> "Must be root
> to install me." } check.

And the problem is?  You can't install software without root access.   
Run that by me again - why is that a security problem?  Sounds good  
to me.

>> A badly designed OS with inherent security problems is even less
>> secure with bad defaults.  Having a compulsory web browser tied into
>> the kernel with an insecure programming language (Active-X) that can
>> download and run ... ahhh don't get me started.
>
> Hey, go on, it'll be fun. :)

Tell me why only windows has 10,000 viruses and counting and no-one  
else has to run anti-virus or anti-malware software again?

--
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294  M: +39 3494957443
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

More information about the Link mailing list