Slashdot Mirror
First Windows Vista Security Update Released
Bard Of Vim writes "Microsoft has issued critical security patches for beta testers running the Windows Vista December CTP (Community Technology Preview) and Windows Vista Beta 1, and warned that the new operating system was vulnerable to a remote code execution flaw in the Graphics Rendering Engine. The Vista patches address the same vulnerability that led to the WMF (Windows Metafile) malware attacks earlier this month. The recent out-of-cycle security update for the WMF vulnerability (see slashdot coverage) makes no mention of Windows Vista being vulnerable, but with the release of this weekend's patches it is clear that the poorly designed 'SetAbortProc,' the function that allows printing jobs to be canceled, was ported over to Vista."
Wonder what exploits there will be when its actually out?
... disturbing.
Global warming is a cube.
What a hell is happening on Microsoft? They have a major Windows version upgrade and they don't even audit their portable old code for such things?! I would get a someone responsible about security in Windows Vista fired ASAP.
How they think will be migration from old versions of Windows if such things will countinue to happen? Yeah, I know, OEM will have Vista and that's all. But with Web applications my pick is that lot of enterprises will stick with their Windows 2000/XP.
No doubt that Microsoft will have hard time to make Vista as smash hit as they would like it to be.
user@ubuntubox:~$ stfu This server is going down for shutdown NOW!
...they're fixing bugs before they release. M$ is doing something right and actually attempting to release a more secure Windoze than XP.
They ported some functional code to their newest project. I hope they don't get unfairly bashed for this, just because a few bits of said code were discovered to be vulnerable. Every halfway intelligent programmer reuses code - it would be far more stupid not to. This is semi-interesting as a landmark ("frist patch!") but not exactly news because of what it contains.
Rex is 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
that Windows Vista isn't going to be all the fresh, hot goodness that we've been promised? For their own sake, Microsoft should step away from their stale and horribly insecure old code bases. They've had enough time now to rewrite the OS a few times over but it seems they chose instead to shoehorn in their old crap. Now is as good a time as any to cut the Win 9x support cord.
DRM, anyone?
Don't people use firewalls anymore?
The Lumber Cartel, local 42 (Canadian branch)
British Columbia, Canada
Should we expect anything less from jolly ol' Micro$oft?
I can still boot into Windows 3.1 using my Windows XP/2000 installs, albeit tweaked registries.
But still... I guess larger storage capacities give no incentive to clean out dilapidated code.
The issue here is I think, that Microsoft continues to this day, to be rather sloppy and secretive about fixing their stuff. So if Gibson makes a big flap, so be it. Better that than a back door that MSFT doesn't bother to fix, because they don't consider it a "critical vulnerability" or some other excuse. As Gibson points out, no question this is highlighting one of the main benefits of open source - the source is there for all to see, no dickering about whether it was intentional or not, it gets fixed. Period.
It hasn't even been released yet, and won't for at least half a year...
:)
At least, we can't complain that they are late with the patches anymore. Interesting tactic actually, to release the patches before the operating system...
I have a really elegant proof for Fermat's last theorem. If this sig was only a bit longer...
And even if they DO care about .NET 2, it is available for Windows XP already today...
I have a really elegant proof for Fermat's last theorem. If this sig was only a bit longer...
Software Wars
/dev/random
.... will probably call itself 'Hasta la vista, baby!'.
Sorry, couldn't resist, please ignore...
A World in a Grain of Sand / Heaven in a Wild Flower,
Infinity in the Palm of your Hand / And Eternity in an Hour.
> Unpriveleged access will be the default, and it'll be damn near impossible to breach Yes, because of the hardware-level DRM chips it will be impossible. The next few Windoze OSes will be much more secure, not only from the outside, but from the user.
I find it completely amusing not that this is a security bug that lets someone compromise your computer, but that it's the "Graphics Rendering Engine". I wonder how good it is for doing things like, you know, rendering graphics.
Like I said once years ago, if edlin were written today, it would have direct access to kernel-level functions through scripting and be a vector for both viruses and remote exploits.
You are in a maze of twisty little passages, all alike.
--Rick "If it isn't broken, take it apart and find out why."
All operating system updates must of necessity borrow from their predecessors. My question is: Are the security problems in Windows so bad that Microsoft should dump it; are the problems bad enough not even microsoft can go through and patch it all?
I believe it is very likely so. It is time to dump this code and go to a new platform. Whether this is done my microsoft itself or by the many alternatives out there to the Windows operating system.
"Where have all the good people gone?" - Jack Johnson
Despite all the speculation that this was a poorly coded Escape/SETABORTPROC routine, it seems there is potential that something far more sinister was afoot! Namely that this was a deliberately coded backdoor and that Microsoft has known about it for years.
The Windows MetaFile Backdoor?
I can't wait for Vista to hit the streets, because I'm an Apple shareholder. ;-)
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
"poorly designed 'SetAbortProc,' the function that allows printing jobs to be canceled, was ported over to Vista."
SetAbortProc is well designed. The problem is the code that handles the WMF. That code is allowing a payload to be placed on the stack and an incorrect pointer to be sent.
All set abort proc does is send an abort code to the print job and set a call back method to call when the abort completes.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
That is why this is such a dangerous vulnerablities. Since this is a vulnerability in the graphics engine (metafile playback) it can be exploited through a web page that contains a malicous graphic. That will come right in through port 80 on your firewall.
doesn't this type of thing happen in a lot of betas?
Yes, and Gibson is well known for *not* being an open source advocate, quite the opposite. So for him to start swinging towards open source is really a big thing.
IIRC, Gibson wasn't saying it was a back door that Microsoft hadn't bothered to fix. He was suggesting that it was a back door that somebody had put there on purpose.
Breakfast served all day!
... in the computing world that applies not only to many aspects of the evolution of technology, especially software.
"Garbage in, garbage out."
I wonder how much of Vista is actually based on new code. Is Vista going to be Windows XP in Mac OSX's clothing? And is it going to inherit the same piss-poor security it's predecessor had? I certainly hope not.
Unless... wait... is this English yet?
OTOH, maybe we Linux users were wrong after all, I mean Microsoft is really fast to patch... they're so fast their actions created a time paradox: a product being patched before launch.
Next version might be patched even before being thought up!
It's been speculated that the WMF vulnerability was there intentionally for whatever reason, or so GRC reported: http://www.grc.com/SecurityNow.htm#22 . Now if it was a rouge programmer or part of MS's plans for world domination, we don't know, but if it was indeed placed there intentionally, it wasn't a bug. If it's not a bug, then of course it would survive the code auditing several times over. Because of the recent discovery of it by the public, of course, MS had to fix it on all OSes, and the Vista patch was just later than the others because it wasn't as critical.
".. that Windows Vista isn't going to be all the fresh, hot goodness that we've been promised?"
How does an obvious statement like this manage to get 4 stupid moderators all to mod it up?
Windows 95! Now better than ever!
Windows 98! All your problems are solved!
Windows ME! We will help you how we can!
Windows 2000! No limit to your dreams!
Windows XP! Easier than ever, better, faster!
Of course MS is going to hype up their new product and have you upgrade from the old product. A statement as naive as yours is not truth, nor insightful, nor informative.
The rest of your comment similarly refuses to acknowledge that legacy momentum is the only thing keeping Microsoft going forward. People only use Windows because they "know" it. The tiny scraps of knowledge of how to use it they've gathered are things they are unwilling to abandon. Most people could as easily use MacOSX or Linux (Ubuntu is very nice), but they are unwilling to even learn what the names of the apps they would need in the new OS are (for most people, an MP3 player, browser, mail client, and Open Office are enough).
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
hmmn, vista uses the same core as xp, and is expected to NOT have the bugs that no one knew about... some people have all the brains
portfolio
entertaining. Google "beta" products that are used by millions have huge security bugs that let malicious persons read anyone's email and nobody says much and it is swept under the rug. Microsoft's "beta" products that are only in use by testers/developers have a security issue and everybody's shaking their head and talking about how horrible MS is. It's just amusing to me.
In other news, Linux will never make it to the desktop. And Apple Computer's MacOSX Operating system lacks major software applications.
Film at 11
sony = rootkit = no trust
I really have not seen the point of the current and comming versions of Windows. Win2k was stable, fast, secure (or could be made so with the needed software/hardware), and ran all of the software I run today.
Yes, XP made some nice UI improvements but that could have been offered as a 'power pack' for 2k.
And now Vista...Why? In its place I would like to see a stable and fast 64 bit Windows available as an upgrade and a 'low profile' Windows for smaller systems with limited memory and disk.
-D
Comment removed based on user account deletion
XP is way more secure - there's no getting away from it (unless you stick your head in the sand screaming "it ain't it ain't").
The truth is that there is so much further to go.
Next I'll be hearing that XP can't be installed by normal users and doesn't impliment a WIMP interface.
as for Vista - I'm looking forward to using it - my current experience is that it really does make better use of graphics cards and SATA drives. But I don't expect to read any such articles here.
Comment removed based on user account deletion
Isn't this just a little too much? Do the people who accept these sort of stories have ANY introspection at all?
Humor from a Genetically Molested Mind
...that Longhorn (now Vista) is completly new design... from scratsh... none of the earlier flaws would be ported to it ? ...or are they full of shit as usual ?
Do I remember wrong ?
The fact this old 'vunerability' suddenly crops up makes me wonder if the paranoid are right and this was an intentional back door...
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
Comment removed based on user account deletion
They aren't attempting to release a more secure Windows, this bug makes that apparent. This is a bug that they probably should have noticed when they ported the code from Windows 3.0 over to Vista, and thus MS would have noticed the bug last year or earlier and realized it affected Windows XP too and patched it before WMF became a 0 day exploit.
Saskboy's blog is good. 9 out of 10 dentists agree.
You are totally missing the point here. Go back to school.
tard
Rosetta handles *some* software written *within* last five years - ie. PowerPC OS X software that doesn't require G5's or other tricky system stuff. Anything written earlier is for Mac OS 9 and earlier, and requires the not-supported-on-Intel Classic environment.
This, of course, means that the Mac software written in the timeframe of, say, Office 2000 and Office 97 (still used by tons of companies) would not run on any of these new machines.
(Of course, Microsoft would love if they had a way to force people to stop using those versions, but that's another issue...)
From the Microsoft Security Center Blog, facts about "the recent WMF issue" and SetAbortProc.
4 17431.aspx
Now that the monthly release has passed and people are deploying the updates I wanted to take a moment to discuss some things related to questions we've been receiving on the recent WMF issue. (Which was addressed in MS06-001).
http://blogs.technet.com/msrc/archive/2006/01/13/
Please - M$ is now so security aware that they publish patches BEFORE the product is available! Hmmm.... What is wrong there?
Apple provided a backward compatible environment for their apps. Why can't MS? License VMWare or something. Really, using newer hardware you could run old apps in a sandbox running on top of a complete rewrite. Really it all comes down to a lack of will. They have the money, they have examples (OS 9/OSX, VMWare) why not do it? Seriously, VM technology has been around since the 70's at least.
putting the 'B' in LGBTQ+
A bug exists in a product 6 months away from release and we learn Microsoft hasn't rewritten every single line of code for Vista.
Oh the humanity!
I think MS should invest in a new scourer to "scour" their (rusty, limescaled, old) code with.
Apple bought an abandoned OS from the 1980s, that uses kernel with code originally written in the late 1970s. On top of that, they bolted a bunch of Toolbox compatibility code dating from the 80s and 90s, and a bunch of *nix stuff which is also 10-20 years old.
So, it somewhat silly that you would argue that MS performs a "complete ground up rewrite", all while advocating MacOS X, which is a complete slut for legacy code.
So why is it then that Apple seems to have managed to copy all the working bits, while Microsoft has brought forward the parts that bring the most grief to users?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I agree with some guy early one, who said users don't need this. This whole thing must sound great if you're a network admin or something, but I can't say anything about it sounds particularly exciting, or even interesting, as I do not program, make web pages or Admin a huge network. I don't even know what half the acronyms mean really... I think they don't apply to 90% of computer users. The only thing I've heard about it that sounds slightly useful is the "breadcrumbs" thing, that sounds like a cool feature. If you know what that is,then you know it isn't a terribly big deal, and thus I don't give a crap about WIndows Vista. I wonder if that's how others feel?
Vista will appear in the consumer market as the successor to Win MCE, at a time when HDTV, the HTPC and on-line media services are becoming mass-market.
But all Vista will offer such devices is a small improvement on UI, and even then most media-dedicated computers have customized UI anyway.
Vista will not help at all if other companies produce devices with better software. Why are people still using TiVO? Would WiVO really be better if based on Vista?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I've read elsewhere on Slashdot that they knew the XP code base was so mangled that they stopped the XP-to-Longhorn project and started again with the excellent Windows Server 2003 codebase. This is why it's taking forever to get it out the door.
We are in the times in which the people have to protect each other. And we all are the people, and the ones that are against the people are the powerful that will not take into consideration peoples rights.
What NSA is doing is an abuse, but the people that communicate through the internet are very vulnerable to abuse, not only by the governments, but also by mafias and groups of a diversity of allied criminals, some of them acting with white gloves.
Internet is today the field for criminal activities. In the last few days I have been receiving an enormous amount of emails which were fake from ebay, pay pal, the Netherlands Lotto etc... trying to get from me my password to this accounts. And some of them looked so good that could be mistaken by the real thing, but users of the internet that engage in criminal activities disguise themselves in anonymity that internet provides.
Our communications throuh the internet are surveiled since time immemorial by NSA, and a wealth of information about us can be collected and may be collected. And this is a great danger to the people, and no law protects us these days.
What about an internet between authenticated and identified users... so that the majority of internet users that don't mind to be identified because they live in a free country and at the same time, not being engaged in fraudulent activity or criminal activity don't mind to inter-communicate with other identified and authenticated members of the net. Why should anyone want to be anonymous if not engaged in criminal activity?
This is my point. We should suport the institutions, companies and private people that support the target to bring privacy and security within identified users when using the internet to communicate This is the case of a company called Amteus.
Now, once in communication with an identified user, which is properly authenticated, then you provide privacy, so... unless you want to make it public, nobody can access your communication because it is properly secured and encrypted. i.e. it travels in a closed envelope and it is unlawful to open it, and it is being between identified and authenticated users that trust each other. Otherwise, not only the governments with their NSAs involved in their own practices will snoop on us, but gangs of gangsters will easily intercept our communications, phishing like the email I have received will only be the beginning. I am starting a website to support this kind of approach.
This requires legislation, but also requires technology. Like the one developed by Amteus. But there are many other.
I hope that the people with vision that have given to the internet a view that will promote freedom and cleanliness, like John Perry Barlow will help this company to succeed in a very honorable project.
It is very distressing these days what is going on with the Internet. Hopefully companies like Amteus Plc that are bringing a technology to overcome this problem of snooping, spam, phishing etc.. will survive attacks from those that hide behind anonimity.
Ramon Leonato
But going forward MS is going a whole new outlook on security.
That's funny. Outlook was one of Microsoft's first major security problems.
Microsoft is to software what Budweiser is to beer.
Imagine that, a patch for a piece of software in beta. Why am I suppose to care?
Just how do you "Notice" a bug.
If the program works as specified, satisfies all the boundary conditions and tests devised to establish that is stable, then it could be said to be bug free.
Since the data/tests required to prove a given piece of software is incomplete (as in infinite), it is never possible to claim a program is bug free.
Microsoft is fixing the newer versions of Windows, but not older ones, through some means of a careful definition of "critical vulnerability". But Guilfanov's patch works for earlier versions. The funny thing, and the point about open source, is that Gibson wouldn't have dug into this had there been a patch for all versions. And granted, it isn't as big an issue, with the earlier versions, because of the default settings for opening WMF files. But either way, another muddled and poor showing by Microsoft, but they are definitely improving, because of folks like Gibson, the folks at f-secure, Guilfanov, and this is my main point.
the first of many
Thanks for the explanation.....so........ Windows 2000, Windows XP, Windows ME are beta software then? Is there any code that ISN'T beta? Just wondering.
A large professional company like Microsoft, that claims to be always "generating the most secure OS ever - next" should be going over re-used code as if it were just written and using the perspective of a modern eye, spot coding techniques or processes that are no longer used for various reasons. Given the number of flaws with other image types from png to jpg, they should have gone over any code of their's that can process images and check for things like buffer overflow exploits and ancient processes. If hackers can do it, why can't the all powerful Microsoft, especially since they have access to the commented code?
Saskboy's blog is good. 9 out of 10 dentists agree.
#1 This is a serious bug.
#2 This is also in production code. Win2k, XP.
#3 Many people don't seem to realize just what the term 'beta' is. Now, I'm not talking about MSFT's standards, they seem to dicker on what a "critical vulnerability" is. But typically, beta software has passed testing and is ready for limited use. Many open source tools languish as beta for years, while being used in production environments. Google seems to follow this practice, I've been using their 'beta' version of gmail.
#4 Not interested? The previous post got over 600 comments. What's your definition of newsworthy? Britney Spears? This is America, this is entertainment. # 5 It's interesting because it illustrates Microsoft's software process, in that this ancient piece of code got swept right in to their latest and greatest, and could very well have been production software, as pointed out it's in XP. This is the reasoning behind Steve Gibson's statement this is a huge benefit of open source (down at the bottom of the interview he states that he's getting interested in open source for this very reason.)
and since 2K was released in 2000... Apple 5 Microsoft 6, since it's 2006?
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Sorry, those Microsoft marketers again.
So exactly when were they supposed to check it line-by-line as they were adding code that has been in windows for 10 years?
Maybe before they made their claim that this is the safest version of Windows ever.
Seriously, it should've been checked when they added the WMF functionality to Windows, but maybe because it's in assembly language they didn't check it (that was what was hinted at on Ars where Microsoft has some rather vague excuses, none of which answer to Steve's points. Just don't whine about this to Steve Gibson, he lives and breathes in assembly. Not a big deal). Yes granted this was back when security was no big deal. And yes granted, this is a tricky isssue, when the design requirements were are certain way, but the context changed. This is what makes coding a challenge. This was code designed for one way, where they retrofitted it to another use, rather than refactoring. But when you have 16 million lines of code plus...
.
Now people are making fun of microsoft for porting this over to vista! Do any of you know what it is. If you are a graphics designer you probably should know what it is. Look it up graphics designers and web designers love vector graphics. This is the file that allows windows to draw vector and bitmap images on pre 2000 systems, though it is still included for backwards compatability.
A metafile is a list of commands that can be played back to draw a graphic. Typically, a metafile is made up of commands to draw objects such as lines, polygons and text and commands to control the style of these objects. NOTE: Some people equate metafiles with vector graphics. In most cases this is fine; but, strictly speaking, a metafile can contain any mix of vector and raster graphics. For example, a metafile could contain just one command to display a bitmap! Unless the distinction is important, we will consider a metafile to be a kind of vector graphic.
The reason it was still included is cause it is technically a file format! Do you rewrite everything in linux? Was php totally rewritten from the ground up from php4 to php5 i don't think so.
Just my take on things!
I am giving away 2000 premium accounts on my new dating website myfantasyromance.com check it out!
Because Apple, starting 5 - 10 years after Microsoft, had substantial hindsight and hardware advantages.
I see, you are saying that since Microsoft Windows has been around for almost fifteen years, that Microsoft is unable (or unwilling) to learn from the past whereas Apple is.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Vista almost certainly won't be a flop. What matters is that when people do buy a new Dell, or whatever else, they're likely to get it whether they want it or not. Vista will become popular for exactly the same reason that previous versions of Windows became popular, because Microsoft withdraws support from its older releases and forces it at people if they want to keep the software running that they've pre-invested in.
Microsoft has been constrained by a choice they made: to make binary backwards compatibility a major priority. Intel also prized backwards compatibility and Microsoft sticking with them for the long run helped also. Some (not all but quite a few) old old old old DOS programs still will run on Windows XP today; only the new 64-bit versions of Windows will cut off support for this stuff that's more than 20 years old.
Yes, it is and was a choice and therefore I hold them accountable to the results of that choice.
The recent news on having to patch the WMF flaw in Vista shows that they continue to make the same choice even when it is far past obvious that it's not the right one.
Impressive, sure. But also problematic. The way I see it it's nice to be able to run old programs seamlessly. But I don't think Microsoft would lose much business if they just stopped supporting parts of the old API they didn't like. Software in active development would adjust; abandonware would be replaced, hopefully by something better. Life would go on. And if you ever really need to run some horribly old program virtualization technologies should be your answer. Far better in my opinion to annoy a minority of people depending on legacy code than to allow sloppy application coders to force almost all Windows users into bad security practices.
Yes, I agree on that point - I really think Microsoft would not be hurting themselves as much as they might think by breaking some of those old API's and starting out anew, and as you say they could easily introduce a compatibility layer similar to Classic on OS X. The right time to do that though was around NT, now they face a harder choice because there are more viable alternatives to Windows now that people might potential switch to if forced to make a new choice themselves. But still there is not really a good argument for not making that choice when they are hurting their image badly by waffling.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
No, I'm saying when you aren't constrained by decisions made fifteen years ago, it's a lot easier to take advantage of more modern technology.
Thus the "unwilling" part of my comment.
Microsoft's constraint is all self-imposed, and the discloser of the need to re-fix the WMF flaw shows that even after the correct choice to make becomes obvious, Microsoft is unwilling to take that option because it might sting a little temporarily. Or rather would have if they had made the right choice when the time was ripe.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Just out of curiosity, why the hell was this comment modded as troll? Too difficult to understand?
Please can we have a 'blatant liar' mod for use in situations such as the parent post.
Thanks,
Justin.
You're only jealous cos the little penguins are talking to me.
I propose a deal.
OSs, protect yourself all you want.
Hackers, get in there all you want.
Just leave my naked picture if Bea Arther alone !
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
Because as we all know, commented sourcecode always tells us where everything is: // There is a critical exploit here
Change is certain; progress is not obligatory.
That would suggest they aren't making changes, when they are.
If I put a band-aid on a sucking chest-wound, am I really making changes to the situation or just making it look like I am to keep shareholder morale up?
Right, because no other platform has ever had an arbitrary code exploit before.
Lots of other platforms have arbitrary expoits. I'm sure the vresion of OS X I am running has a number of them.
Few companies however seem as determined to use a codebase full of more than the average number, some by design, as a base for all future work. That's as stupid as it is irresponsible. Or do you hold Microsoft utterly blameless for all security woes?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Um... pardon me for being ignorant here, but to me, all of these technologies are stupid. I really do not care how easy it is to draw some friggin GUI elements to make it "easier" for a program to make a useful program. All these things do is "bloat" code and waste extreme amounts of CPU cycles.
Seriously, what benefit do *I* see as an end user? Do these technologies make Photoshop render transformations faster? Do these technologies make my games run at a higher framerate? Do these technologies make amazing new types of programs available to me? No!
I was pretty happy with my Amiga. Higher resolutions, more colors, more ram, bigger hard disks, and faster CPUs were all I really wanted. I honestly do not see any need at all for these "great" new technologies.
strike
"Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
Bad security practices (eg: running as Administrator, not patching)/End user ignorance (exacerbating problems exposed by #1).
Which you have to do (run as admin) for some programs and most users do because it is default. I guess you are blaming the victim then.
So sad that these problems are greatly alleviated on other systems by such simple practices and Windows cannot find the time over a decade to try it on.
Relatively few Windows exploits use unpatched holes, coding bugs or design flaws. Most of them are "run this random download from a website" or "run this random code I've just emailed to you".
So you're saying it's not a design flaw to have the user run as admin by default.
There's little evidence to suggest Windows has relatively more (or less) holes than any other OS.
About a 100,00 and growing. The sad thing is I need provide no more detail, you already know what I'm talking about.
I blame them for "security woes" that are their fault. ActiveX, for example, was a reasonable idea in theory, but practice quickly showed it to be a disaster - it should have been dropped years ago. Defaulting to Administrator-level users was also a less than ideal choice, although it's not really a design or coding issue and was understandable in context.
So you *do* think running as admin by default is not a design issue. Staggering.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The blame falls wholely and solely on developers writing software that needlessly requires elevated privileges to run (which they are still doing today - eg: Doom 3).
No need then to blame the people that write API's that require it, or design the system so game makers come to expect it as normal.
The problem isn't in Windows, it's in the applications that "need" to run as Administrator. Windows NT has been multiuser since the day it was released. Even DOS-based Windows has had per user profiles and registries since about 1997. That's nigh-on a decade developers have had to target both versions of Windows with a single LUA-compliant codebase.
But if you look there are reasons why many of these apps do things that require admin - they need to touch some part of the system untouchable otherwise.
_Design_ flaw ? Hell, no. It's a configuration default that's easily changable by the end user.
So the configurations came to spring form thin air, no-one sat down and thoguht about what they should be.
100,000 whats ? Please don't tell me you're stupid enough to be counting viruses for your comparison.
Even grudgingly you have to admit understanding my point. There is the reality of little numbes on a pretty chart, and then what actually is in this world.
Of course it's not. You can't change design flaws with 30 seconds of user management.
Except you can't run a lot of apps then...
Does Linspire (I think it was) defaulting to a root user mean Linux has a _design_ flaw ? of course not, it's just a configuration detail.
Yes that is a design flaw of that distro. or it would be except I do not believe that's how Linspire works. They set you up in an account with sudo abilites, similar ot OS X admin accounts.
And that takes us back to where we started.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt