Hi LoPo

Harbinger · 08-04-2006, 01:10 PM

Vistas virgin stack equals fun for hax0rs!

http://www.symantec.com/avcenter/ref...ackSurface.pdf

LoPo · 08-04-2006, 01:53 PM

I think its great these flaws are being discovered during the beta phase opposed to after RTM.

Thanks for the link.

Harbinger · 08-04-2006, 03:09 PM

True, should however be interesting to see how many don't get caught during final beta testing.

Smiley · 08-05-2006, 08:46 AM

Isn't this part of the reason Vista is getting further delayed before release? They know the general population feel that Windows is not secure so they are very interested to find as many code exploits, program memory leaks, and such. I hope they delay long enough that Vista will not need a SP for years after being released.

Cheese · 08-05-2006, 08:51 AM

Quote:

Originally Posted by Smiley

Isn't this part of the reason Vista is getting further delayed before release? They know the general population feel that Windows is not secure so they are very interested to find as many code exploits, program memory leaks, and such. I hope they delay long enough that Vista will not need a SP for years after being released.

i highly doubt that. and this argument about windows being unsafe vs others to me is just bS. the only reason it is is because most people use it, therefore a hacker has more to benefit from by cracking windows vs mac or linux. why waste time doing something that will only work on <15% of computers when you can do something that would exploit 80+%? seems simple enough to me

thats my biggest issue with firefox right now...sure it claimed to be safe, and probably was, when it came out. but now it's outnumbering IE and i highly doubt they have the financial backing to pump out updates constantly. what happens when hackers start exploiting firefox and updates are few and far between?

and yes, this is just a theory of mine and have no evidence whatsoever to back it up, but it makes complete sense to me and i highly doubt that MS has retarded programmers judging from who gets job offers from them here at tech.

Harbinger · 08-05-2006, 09:40 AM

Firefox is far from outnumbering ie, at least for a while. In the tech savvy community sure, but not the general population.

We will most likely see more attacks against Firefox as it gains popularity but I highly doubt it will experience the same slew of vulnerabilities as we've seen with ie.

2 reasons of the top of my head, one you underestimate the power of the open source community and secondly it exists in far more of a sandboxed environment than Internet Explorer. You may not remember but at one time MS was ordered to unbundle ie (Europe) and they couldn't as it shared too much of the same codebase with the actual OS.

Yep, Microsoft does hire some of the best an brightest but there are a hell of a lot of brilliant programmers working on the Mozilla project. They don't need huge financial backing to pump out updates, that's the beauty of open source. If that was the case Apache would not be the most prevalent web server on the Internet. FYI it's called Apache because of the huge amount of patches it took to make it secure. Before anyone says that Apache has security issues, it does. I'd still use it (and do) way before I looked at using IIS.

Smiley · 08-05-2006, 11:10 AM

Cheese I was not arguing that Windows is not secure, I agree with you that the more popular a OS or application is the more security issues are going to be found with it. That is the way to get the most bang for your effort, to go after something used by most people, not something with only a small user base.

But my statement concerned what the general,non-computer savvy population thinks about Windows. I deal with over 300 users, I'd hazard to estimate that over 65-70% of them perceive that Windows is not secure or they don't care if it has security issues. Microsoft is also aware of that perception and the lack of product users keeping up with patches, which thus makes the news because the media likes to bash the big company's so they get more attention from their story.

So I still say that M$ is delaying Vista to find any bugs. A big re-write of the OS requires more beta testing.

LoPo · 08-07-2006, 10:55 AM

Firefox = 16% in June I believe.

Don't beat the apache drum. I've used them both, I prefer IIS.

In fact, for a few years I ran numerous sites(including clanseven.com) on an IIS box, never had a problem with security. Again, if you know what you are doing, this shouldn't be an issue.

http://blogs.msdn.com/michael_howard...18/244181.aspx

Smiley is dead with the non-computer savvy users believe windows is secure and don't care about security issues. That's why MS is taking a more direct approach, many of us think of it as big brother, in patching and maintaining those systems.

I don't doubt that MS has made the delays due to security concerns. If you market something as your most secure product to date, you damn well better make sure that statement is true as can be. Unfortunately people ***** when you take long because of the complexity and the sheer number of programmers working on the project.

Cheese · 08-07-2006, 11:40 AM

i actually wasnt aware firefox was open source. i take the comment about them back then. my view is also skewed since i'm at college and most people here, even non-tech savy majors have firefox. part of the younger generation thing i guess. my parents still use ie...always trying to do ctrl-t and nothing happens, lol

{OF}Blong · 08-07-2006, 11:50 AM

the non tech users are using it because there tech friends are telling them how great it is and well like sheep following the leader.