Slashdot Mirror
Hack in the Box Meets Windows Vista
Strange_Brew writes "It appears Microsoft is really going all out to get Windows Vista secured before its release date in 2007. There's an article on PC World which talks about Microsoft's plan to give Asia's largest hackers conference an inside look at the new security features in Windows Vista this coming September." From the article: "The Hack In The Box conference will host two speakers from Microsoft. The first, Dave Tamasi, a lead security program manager at Microsoft, will give a presentation on security engineering in Vista. The talk will include a discussion about features suggested by hackers and other security conscious members of the computing community, in addition to security improvements made on Vista. The second speaker, Douglas MacIver, a penetration engineer at Microsoft, will review Vista's BitLocker Drive Encryption and the company's analysis of threats and attempts to penetrate the security feature."
Most of all, every piece of crap program is tied into the kernel, or needs kernel level privileges. Can anyone give a reasonable clue why of all things a webbrowser, something that by its very nature deals with insecure content of the worst kind, needs kernel level permissions?
I mean, aside of being able to claim that you can't remove it from your system...
Who had that smart idea to make the webbrowser the local file manipulation tool, and why is he still alive? Why are (other) kernel level programs responsible for dealing with DNS and other network related issues? The whole system is flawed. Not because the code is buggy, but because the design has serious flaws that break it. Not at a code level, but at the level of the underlying design work.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Patch count means nothing. You'd need to have to examine patch content, what was patched (core OS? default install? other software?) Debian, for example, contains what, 20,000 packages? That's a little more than your windos install CD contains, even if you install everything from minesweeper to paint.
Also, MS has moved to regular patch cycles and every patch is actually a container with many patches inside, which you don't see unless you check the details.
So in short: You simply can not compare these numbers, because the methods and contents are too different to make any comparison meaningful. Maybe comparing with OSX would work better.
Assorted stuff I do sometimes: Lemuria.org
Who had that smart idea to make the webbrowser the local file manipulation tool, and why is he still alive?
I think the KDE team gave him refugee. At least they copied the idea. Idiots.
(disclaimer: I use KDE. I hate konqueror. If you're one of the konqueror designers, please go and drown yourself.)
Assorted stuff I do sometimes: Lemuria.org
The browser and the file manager are only visually the same in that they inhabit the same window. They are different kparts. Do you understand what this means? They are seperate components, with potentially different rights. Unless you think that the fact that you can use Gecko in Konqueror with the kmozilla kpart means that the Mozilla Foundation also make a file browser.
(Disclaimer: I use GNOME. I am also not a big fan of Konq. If you're someone who talks about technical issues but clearly doesn't bother to have an informed opionon, please go and drown yourself.)
"To any truly impartial person, it would be obvious that I am right."