Posted on 08/08/2008 9:25:43 AM PDT by Clint Williams
scribbles89 sends in a story that originally ran in SearchSecurity; it sounds like it could be a game-changer. "While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very little that Microsoft can do to fix the problems. These attacks work differently than other security exploits, as they aren't based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista's fundamental architecture. According to Dino Dai Zovi..., 'the genius of this is that it's completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over.'"
ping
If you read the comments at Slashdot, there is almost uniform skepticism. The consensus is that the author of the piece does not understand the subject matter well.
Not quite.
Here are more details on the problem.
Is Vista going to turn out to be the lemon that Millenium was? I thought it was supposed to be made better with patches by this summer. Everyone I know that has it hates it.
The problem is simple.
DO NOT make a browser an integral part of an operating system.
If you do, you lose.
Period.
Internet Explorer in ALL forms is fouled up, was fouled up from the get-go and remains fouled up to this day.
Obviously nothing is perfect, but hard coding the browser into the OS was wrong from the start.
I'll wait for Windows 7.
It depends on what your goals are.
If your goal is a flexible, functional, secure OS then you are correct.
If your goal is to lock Netscape out of the browser market by bundling your products together, then Microsoft was correct to do it.
After all, it worked didn't it?
Great because I don’t use vista.
Microsoft was trying to kill all competition by integrating everything.
At one point they argued SOLITARE was integral!
What makes you think Windows 7 will be any better?
Oh, they've promised all sorts of stuff. But then they promised all sorts of stuff with Vista too. And dropped most of it before it shipped.
| hard coding the browser into the OS was wrong from the start.
For the longest time that was a successful strategy for keeping third-party web browsers like Netscape in the tank. But now IE sucks so badly compared to, oh, Firefox, that its monopoly is slipping away even with IE as part of the operating system.
|
“I use Vista, kind of like it.”
That’s good, you are probably very proficient and know the ins and outs of how to work with it. Was there just service pack one released yet or is there going to be a service pack two?
actually it is an upgrade issue.
The XP is fine to run current software.
I expect by Windows 7, the software will need just that much more upgrade to take advantage of the better hardware.
Think of someone using windows 95 tring to use software that is designed for current hardware.
Got me, I use Firefox. LOL I don’t use IE at all, with the noted exception of HAVING to use it to do windows updates.
But on my other machines? Nope, it’s removed because I don’t use MS any more on them
I like “Karma” as in “Microsoft, your dogma just got run over by my Karma” kinda karma. LOL
Gee, just as I was thinking of building a new computer with new mob and quad core CPU and maybe using Vista 64 bit, along comes this bad news.
Currently using XP Pro 32 bit and wanting to switch to 64 bit for the ability to use more than 4 gigs of RAM, but being concerned about the rumored lack of drivers, etc. for it,....... What’s a geek to do?
ping...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.
Wrong from a security standpoint, sure, but that wasn't the point. The point was to get a court to agree that the browser wasn't just a bundled add-on that could be made optional, but part of the operating system.
Let's call it "cosmic justice." Now the very 'feature' that Microsoft crafted to kill the other browsers may turn around and kill IE.