No. NP-complete is different from NP. There are several NP (but not NP-complete) problems that quantum computers can solve in polynomial time: integer factoring, for example.
Yeah, I agree with you otherwise. You should definitely upgrade IE to the latest version. Just wanted to clear this misconception about IE having "deep hooks" into the kernel.
> Can you fully totally completely remove Internet Explorer from, say, Windows XP?
You can, but you'll break whatever depends on Trident, of course.
> you should upgrade it as it is a core part of the Windows Kernel.
from this
> Internet Explorer it is used behind the scenes in many places; the eye-candy interfaces of most Norton products, for example, runs on the IE engine.
Do you understand what a library is? No one's forcing anyone to use Trident, the IE engine -- they can very well use Gecko or Webkit instead. IE is not a "core" part of the kernel in any sense -- the kernel has no dependencies on IE.
When a points to the same location as b, *a XOR *b becomes 0. So *a becomes 0. But a is the same as b, so *b becomes 0 as well. Both *a and *b are destroyed. This will happen when the array indices that are passed into the macro are equal.
What doesn't seem to make sense? Neither system is targeted as a web server. It's only Windows desktops that are targeted for the users' gullibility. (Fully up-to-date) Windows servers aren't really targeted. No server admin worth his salt will ever run any untrusted program on any production server.
> Notice it doesn't ask for your password again because there is a sensible grace period.
It is a potential avenue for malware to gain admin privileges within that time.
> <blah blah about sudo and UAC>
With su/sudo (the command line version) anyone can pick up your password if your shell is compromised, and there's of course the timeout thing you mentioned. (yes, it's a tradeoff between security and usability) With gksudo and UAC it's better -- only the keyboard/mouse can communicate with the password box. (Yes, UAC has a password box)
With UAC, with the user running as an "admin", all a piece of software has to do is to become a plugin for a piece of software in non-elevated mode, and then entice the user to run that software in elevated mode -- the software's run in the user's context. With the user running in "standard" mode, that isn't possible, but other, more sophisticated attacks involving shared memory, are. The only way for a true boundary is separate user sessions.
In any case, most malware today needs only standard user permissions, so it doesn't really make a difference, except in that Microsoft is bringing devs a lot closer to the run in standard user mentality.
(Notice how almost all of the above requires some sort of user intervention? Ultimately, security is in the user's hands.)
> It's also quite difficult to run random binaries downloaded of the 'net, which brings us neatly back to the article, as an extra permission on the file is required. This bug in Safari would not be as much of an issue on *nix.
There's a huge warning about untrusted executables that shows up on Windows. Too bad only IE and Firefox tag the exe properly. Safari doesn't.
> This is enough without getting into Windows Firewall + random services
Do you know about PLP and session 0 isolation applied to services in Vista and Windows Server 2008? Each Microsoft provided service runs with only the permissions it needs. Plus no service can communicate with a user session directly. This pretty much takes care of any potential Blaster worms.
A firewall is just another layer of security to protect against bugs in services. I'd much rather have one on any OS than not have one.
What do you mean by random services anyway? I'd say that all those services -- from audio to network to diagnostics -- are required for a fully functional Windows desktop.
> Web servers are riper targets for Internet based attacks (always on, always connected) and *nix has a clear lead there [securityspace.com].
Err, neither *nix nor Windows are attacked in the web server space.
> Also, the privilege escalation methods on *nix are less obnoxious than the Windows equivalent, which is usually switched off as a result.
Proof please.
> Meaning Windows hasn't got the relevant market share, and is less secure than the alternatives.
No. Windows is not less secure. Proof please. Spyware and all do not count: they are not security issues if the user initiated them, which is true for 100% of patched Windows machines today.
I don't. How are they? Please list some actual 2008 vulnerabilities that were exploited before being patched.
Spyware, trojans et al are not security issues, if the user initiated them.
Also read up about the Security Development Lifecycle sometime.
I don't see any evidence for this. How do you say that? AFAIK OS X has had more security patches than Vista this year. And don't give me BS about "proving that Vista does not have security holes" -- you can't prove a negative.
> you can rootkit even a fully patched Vista box with an email?
I'm not sure exactly what you're talking about. If I send you an email with some sort of file, and you're stupid enough to go ahead and execute it, then I don't see what any OS can do to stop you. So you can basically rootkit even a fully patched OS X/Linux box with an email. User intervention is required in each case.
Your RAM will never be half-unused with Vista. it will always be fully used. Check out the "Free" counter in Task Manager. Most of the time it will be below 10 MB.
Slashdot Mirror
Also, NP doesn't mean deterministic exponential. There are sub-exponential problems in NP too.
No. NP-complete is different from NP. There are several NP (but not NP-complete) problems that quantum computers can solve in polynomial time: integer factoring, for example.
IIRC, no. I did try removing IE (6) once but I don't think Windows Explorer was b0rked. Also, IE7 is totally separate from it.
> bloated_browser_I_don't_use.automatic_updating.required_service['BITS'] = USELESS_OVERHEAD;
operating_system_I_use.automatic_updating.required_service['BITS'] = ABSOLUTELY FUCKING ESSENTIAL.
> BITS creates constant traffic.
Evidence or retract.
The person can't (unless he has the source and the time), the developer has to. :)
> That's also why it's a good idea to upgrade it.
Agreed.
> "Core part of the Windows kernel" is a bit far, but that's the right idea
No. It isn't technically accurate no matter how you look at it.
Yeah, I agree with you otherwise. You should definitely upgrade IE to the latest version. Just wanted to clear this misconception about IE having "deep hooks" into the kernel.
> Can you fully totally completely remove Internet Explorer from, say, Windows XP?
You can, but you'll break whatever depends on Trident, of course.
> Many folks also disable the BITS service because of the process overhead it chews up.
No. There is absolutely no "overhead" due to BITS. Anyone who disables it is a retard.
I'm having trouble figuring out how you got this
> you should upgrade it as it is a core part of the Windows Kernel.
from this
> Internet Explorer it is used behind the scenes in many places; the eye-candy interfaces of most Norton products, for example, runs on the IE engine.
Do you understand what a library is? No one's forcing anyone to use Trident, the IE engine -- they can very well use Gecko or Webkit instead. IE is not a "core" part of the kernel in any sense -- the kernel has no dependencies on IE.
When a points to the same location as b, *a XOR *b becomes 0. So *a becomes 0. But a is the same as b, so *b becomes 0 as well. Both *a and *b are destroyed. This will happen when the array indices that are passed into the macro are equal.
> Sorry, this doesn't seem to make sense.
What doesn't seem to make sense? Neither system is targeted as a web server. It's only Windows desktops that are targeted for the users' gullibility. (Fully up-to-date) Windows servers aren't really targeted. No server admin worth his salt will ever run any untrusted program on any production server.
> Notice it doesn't ask for your password again because there is a sensible grace period.
It is a potential avenue for malware to gain admin privileges within that time.
> <blah blah about sudo and UAC>
With su/sudo (the command line version) anyone can pick up your password if your shell is compromised, and there's of course the timeout thing you mentioned. (yes, it's a tradeoff between security and usability) With gksudo and UAC it's better -- only the keyboard/mouse can communicate with the password box. (Yes, UAC has a password box)
With UAC, with the user running as an "admin", all a piece of software has to do is to become a plugin for a piece of software in non-elevated mode, and then entice the user to run that software in elevated mode -- the software's run in the user's context. With the user running in "standard" mode, that isn't possible, but other, more sophisticated attacks involving shared memory, are. The only way for a true boundary is separate user sessions.
In any case, most malware today needs only standard user permissions, so it doesn't really make a difference, except in that Microsoft is bringing devs a lot closer to the run in standard user mentality.
(Notice how almost all of the above requires some sort of user intervention? Ultimately, security is in the user's hands.)
> It's also quite difficult to run random binaries downloaded of the 'net, which brings us neatly back to the article, as an extra permission on the file is required. This bug in Safari would not be as much of an issue on *nix.
There's a huge warning about untrusted executables that shows up on Windows. Too bad only IE and Firefox tag the exe properly. Safari doesn't.
> This is enough without getting into Windows Firewall + random services
Do you know about PLP and session 0 isolation applied to services in Vista and Windows Server 2008? Each Microsoft provided service runs with only the permissions it needs. Plus no service can communicate with a user session directly. This pretty much takes care of any potential Blaster worms.
A firewall is just another layer of security to protect against bugs in services. I'd much rather have one on any OS than not have one.
What do you mean by random services anyway? I'd say that all those services -- from audio to network to diagnostics -- are required for a fully functional Windows desktop.
> Web servers are riper targets for Internet based attacks (always on, always connected) and *nix has a clear lead there [securityspace.com].
Err, neither *nix nor Windows are attacked in the web server space.
> Also, the privilege escalation methods on *nix are less obnoxious than the Windows equivalent, which is usually switched off as a result.
Proof please.
> Meaning Windows hasn't got the relevant market share, and is less secure than the alternatives.
No. Windows is not less secure. Proof please. Spyware and all do not count: they are not security issues if the user initiated them, which is true for 100% of patched Windows machines today.
You're confusing me with the AC.
> But you are neglecting the fact that en masse there are alot of people who dont update/patch their machines every day.
Yeah. Fuck them. This doesn't change the fact that Windows is as secure as most Linux distros (SELinux is probably an exception).
One of the two you've linked to isn't a vulnerability at all, and you have to go out of your way to allow the other one to happen. Next please.
I don't. How are they? Please list some actual 2008 vulnerabilities that were exploited before being patched. Spyware, trojans et al are not security issues, if the user initiated them. Also read up about the Security Development Lifecycle sometime.
What exactly do you mean by a false positive anyway? UAC prompts for exactly the same reasons as something like sudo prompts.
> What matters is that Vista is full of holes
I don't see any evidence for this. How do you say that? AFAIK OS X has had more security patches than Vista this year. And don't give me BS about "proving that Vista does not have security holes" -- you can't prove a negative.
> you can rootkit even a fully patched Vista box with an email?
I'm not sure exactly what you're talking about. If I send you an email with some sort of file, and you're stupid enough to go ahead and execute it, then I don't see what any OS can do to stop you. So you can basically rootkit even a fully patched OS X/Linux box with an email. User intervention is required in each case.
Your RAM will never be half-unused with Vista. it will always be fully used. Check out the "Free" counter in Task Manager. Most of the time it will be below 10 MB.
... just crashes randomly of its own accord.
Here: http://forum.notebookreview.com/showthread.php?t=120228/
Yes, I'm aware of it. It was somewhat of a rhetorical question. There's no patch for human stupidity (in this case, the developers').
This is not a flaw in UAC, contrary to GGP.
What can?
Your entire comment is verifiably false. Stop bullshitting, and shame on the mods who upmodded this without checking their facts.
So you're saying IIS isn't secure? Please check your facts.
Well designed PCB design programs will not require administrator permissions.
n/t