I'm calling BS here. Do you have any examples of MS's own major applications that were forced to use undocumented system calls?
I know that Windows Media Player used undocumented system calls but I'm not aware of any major applications (like Office) using undocumented API calls (certainly not in the past 10+ years).
MSFT claims that the reason it's 6.1 is because applications broke:
We learned a lot about using 5.1 for XP and how that helped developers with version checking for API compatibility. We also had the lesson reinforced when we applied the version number in the Windows Vista code as Windows 6.0-- that changing basic version numbers can cause application compatibility issues.
Actually it's a several hundred page document which lays out what makes a machine eligible for the premium SKU. And that document is on the web for any customer who wants to read it:).
Actually that's not quite true. Those "capable" machines with the low end Intel graphic card (915?) aren't capable of running glass, even on Win7. In fact, that's the crux of the lawsuit - apparently Intel pushed Microsoft to relax the logo requirements to allow the 915 cards even though it wouldn't support glass. Microsoft caved to Intel's requirement.
The only option for customers with the intel 915 chipset is a new video card, which might be difficult on a laptop.
Since when has MSFT ever said that IE is integrated into the core OS?
What MSFT has said is that the IE's HTML rendering platform is an integral part of the Windows OS (remember that the Windows OS is more than the OS kernel - it's more akin to a distro). That means that parts of the Windows OS (like the shell, help system, etc) depend on having an HTML rendering platform with certain behaviors present. In addition because MSFT has documented the interfaces to their HTML rendering platform there are something like a bazillion 3rd party applications that depend on that HTML rendering platform.
Removing the HTML rendering platform from Windows would cripple Windows just like removing Webkit from OSX would cripple OSX.
There are also applications that depend on the IE front end which will also break if it's removed (it's unfortunate but there ARE 3rd party apps that launch iexplore.exe instead of using ShellExecute(); which would launch the users preferred browser).
What MSFT agreed to do back in 2000 or so is to remove all the hard coded uses of iexplore.exe in the Windows OS and allow end users OR OEMs to replace IE with the browser of their choice.
Part of the consent decree that Microsoft agreed to with the DoJ was that they would not retaliate against any OEM that chose to install an alternative browser. There is absolutely nothing that stops an OEM from bundling a 3rd party browser as the default browser in Windows even though none have chosen to do so. On the other hand, it appears that Google is apparently working on a plan to do just this. And if Microsoft DID retaliate, the DoJ would come down on them like a ton of bricks.
There are TONs of PoC exploits for the Mac and Linux (don't forget that the Mac was the first machine to fall in Pwn2Own this year). But they're not widespread because there's simply no money to be made by them - why deploy an exploit that hits 1,000 machines when you can deploy an exploit that hits 1,000,000 machines with the same effort?
And there IS malware for the Mac. I wouldn't be surprised if there are botnets out there that were entirely composed of Macs. After all, you don't need any special privileges to run a botnet client.
I KNOW that there are malware authors who are modifying their malware to run with limited privileges.
Good points all, but I think you forgot one major aspect of the "market share" argument.
There hasn't been a true "virus" out there in the wild for years (to me, a true virus means self propogating malware - malware that modifies existing binaries and relies on those modified binaries being distributed). Instead there's a TON of malware intended on converting machines into botnet clients.
The vast majority of malware (maybe as much as 95% or higher) these days is really "crimeware" - software intended to aid in criminal activity (identity theft, click fraud,etc).
As a criminal, let's say that it's going to cost me $10,000 to hire some eastern european hacker to develop malware for my criminal enterprise (number totally made up). I get to chose which platform I have the hacker target - I can target Windows with 90% of the market, I can target OSX with 8% of the market or I can target Linux with 2% of the market (market share numbers also made up, but probably in the right ballpark).
That means that if I'm interested in profit (and this IS a criminal enterprise, so profit is the primary motive), I want to have my hacker target the platform with the highest ROI. That means that the hacker's going to go after Windows and ignore OSX and Linux.
As the Mac's market share increases, it is going to be an increasingly more attractive target for hackers, because the ROI is higher.
I'll bite. Which "Cairo" features haven't yet been delivered?
The directory services were delivered in Windows 2000. The object filesystem hasn't been delivered, but all the functionality that it would have offered was delivered by Windows Desktop Search back in 2003ish.
I love/. This comment replies to the same comment I replied to and it says essentially the same thing that my comment is and it's moderated insightful. My comment is marked flamebait and I'm described as "idiotic".
Redundant I could absolutely see. But I don't get flamebait.
It's probably trying to make room for open office's code.
Because you don't have a swap partition configured, the system can't swap out your data so it's trying to find memory the only place it can - it's discarding the code segments for firefox.
But of course when open office wants to run it needs to swap in the code for the open office which means it needs to find some memory to throw away. And that means it throws away the memory for firefox.
And when firefox wants to run it needs to find a place to put the memory for the firefox code. Because it can't page out your data, it finds the memory in the only place it can: it throws out the memory used by openoffice and uses it for firefox.
wash, rinse, repeat.
There's a reason that most modern OS's have swap partitions (or paging files).
Ummm. I linked to Long Zheng's post where he clearly says that they are trademark applications. He in turn linked to the patent and TRADEMARK office filings.
The BBC (and the slashdot contributor) got it totally wrong.
But I assert that these days for online tranactions we need better locks - the ones that are there today (passwords) are proving to be insufficient.
Passwords are NOT good enough for my bank, for example - they require that I have a password (pin) AND a card (my debit card) to withdraw cash from my bank account. They require 3 factor auth to allow me to access my safe deposit bank - I need a key (something I have), a signature (something I am (or something I know) AND a valid photo ID (something I am) before they'll let me in.
Why shouldn't my bank have the same stringent restrictions for online access to my account?
The same is true for my amazon.com account - anyone who gets your amazon password can purchase anything with the credit card on file; when I make a credit card purchase in a store, I'm required to have 2 factor auth (what I have: a credit card) what I am (my signature/photo ID).
Why shouldn't online credit card transactions have the same restrictions that physical credit card transactions have?
Sure, for bulletin boards, 2 factor auth doesn't make a lot of sense. But for other forms of online transactions, it absolutely does.
But it's not smoke and mirrors, IF you're looking at the realm of threats to your data/transactions on the internet.
What makes your password so valuable today is that the password alone is sufficient to unlock access to all your online data.
A two factor auth mechanism renders the password effectively useless, especially if the smart card implementation is competent. At a minimum, it raises the bar for the attacker dramatically higher than it is today.
It's not possible to have perfect security. All you can do is to make it harder for an attacker.
If I had a choice between using strong passwords (with the knowledge that strong passwords either (a) get re-used often or (b) get written down) or using 2 factor auth, I'd take 2 factor auth in a heartbeat. It's dramatically better than simple passwords.
Please note that there are other schemes that use a PIN that are NOT 2 factor auth that ARE smoke and mirrors. For instance if you use a keylocker application that requires a pin to access the actual keys, the security provided by the keylocker IS smoke and mirrors, the if bad guy can steal your password they can then use it to retrieve your passwords and it's game over.
But proper 2 factor auth relies on the CPU on the smart card (that's why it's called a smart card) for every auth sequence. If you don't have both the card AND the pin, it's worthless.
You're right. It IS a password. And it doesn't matter.
The PIN is a password that unlocks the smart card. In order to authenticate with the remote server, you need both the PIN and the smart card.
It's called two factor authentication. There are essentially 3 types of authenticators: 1) What you know (a password) 2) What you have (a key or a smart card) 3) What you are (fingerprint or retina scan).
Most web sites use one factor authentication - their security depends only on what you know (your password).
The primary attack that's involved here is an attacker attempting to guess/steal your password to a remote site. All they need to know is your password and they're in. And they can take your authentication information and use it from any machine on the internet - thus they can sell your identity and make money from that.
With a smartcard/pin combination they need both the PIN (what you know) and the smartcard (what you have). The PIN is totally useless to the attacker unless they also have the smartcard.
Adding the second factor to the authentication system does move "beyond passwords".
Here's the danger of not identifying security fixes in your patch logs: If a security fix isn't clearly identified, then customers won't necessarily update it.
I run Windows at work, the IT department there has deployed its own WSUS servers. They only deploy security fixes from Microsoft on those servers (don't ask, it's stupid, but it's what they do). If Microsoft were to hide security fixes in non security updates, then our machines would remain vulnerable to those security bugs.
If Microsoft kills it's plugin technology (ActiveX) how do you expect people to render video?
Every major browser out there (with the possible exception of Lynx) has a plugin technology that allows things like video rendering to be possible. As long as you allow plugins that have the ability to render arbitrary code, you have an environment that is the functional equivilent of ActiveX.
ActiveX has a bad reputation simply because it is the most popular plugin technology out there. There is absolutely nothing inherently less secure with ActiveX controls than there is in the extension mechanisms used by other browsers.
Slashdot Mirror
I'm calling BS here. Do you have any examples of MS's own major applications that were forced to use undocumented system calls?
I know that Windows Media Player used undocumented system calls but I'm not aware of any major applications (like Office) using undocumented API calls (certainly not in the past 10+ years).
MSFT claims that the reason it's 6.1 is because applications broke:
Actually it's a several hundred page document which lays out what makes a machine eligible for the premium SKU. And that document is on the web for any customer who wants to read it :).
Actually that's not quite true. Those "capable" machines with the low end Intel graphic card (915?) aren't capable of running glass, even on Win7. In fact, that's the crux of the lawsuit - apparently Intel pushed Microsoft to relax the logo requirements to allow the 915 cards even though it wouldn't support glass. Microsoft caved to Intel's requirement.
The only option for customers with the intel 915 chipset is a new video card, which might be difficult on a laptop.
Since when has MSFT ever said that IE is integrated into the core OS?
What MSFT has said is that the IE's HTML rendering platform is an integral part of the Windows OS (remember that the Windows OS is more than the OS kernel - it's more akin to a distro). That means that parts of the Windows OS (like the shell, help system, etc) depend on having an HTML rendering platform with certain behaviors present. In addition because MSFT has documented the interfaces to their HTML rendering platform there are something like a bazillion 3rd party applications that depend on that HTML rendering platform.
Removing the HTML rendering platform from Windows would cripple Windows just like removing Webkit from OSX would cripple OSX.
There are also applications that depend on the IE front end which will also break if it's removed (it's unfortunate but there ARE 3rd party apps that launch iexplore.exe instead of using ShellExecute(); which would launch the users preferred browser).
What MSFT agreed to do back in 2000 or so is to remove all the hard coded uses of iexplore.exe in the Windows OS and allow end users OR OEMs to replace IE with the browser of their choice.
Part of the consent decree that Microsoft agreed to with the DoJ was that they would not retaliate against any OEM that chose to install an alternative browser. There is absolutely nothing that stops an OEM from bundling a 3rd party browser as the default browser in Windows even though none have chosen to do so. On the other hand, it appears that Google is apparently working on a plan to do just this. And if Microsoft DID retaliate, the DoJ would come down on them like a ton of bricks.
There are TONs of PoC exploits for the Mac and Linux (don't forget that the Mac was the first machine to fall in Pwn2Own this year). But they're not widespread because there's simply no money to be made by them - why deploy an exploit that hits 1,000 machines when you can deploy an exploit that hits 1,000,000 machines with the same effort?
And there IS malware for the Mac. I wouldn't be surprised if there are botnets out there that were entirely composed of Macs. After all, you don't need any special privileges to run a botnet client.
I KNOW that there are malware authors who are modifying their malware to run with limited privileges.
Good points all, but I think you forgot one major aspect of the "market share" argument.
There hasn't been a true "virus" out there in the wild for years (to me, a true virus means self propogating malware - malware that modifies existing binaries and relies on those modified binaries being distributed). Instead there's a TON of malware intended on converting machines into botnet clients.
The vast majority of malware (maybe as much as 95% or higher) these days is really "crimeware" - software intended to aid in criminal activity (identity theft, click fraud,etc).
As a criminal, let's say that it's going to cost me $10,000 to hire some eastern european hacker to develop malware for my criminal enterprise (number totally made up). I get to chose which platform I have the hacker target - I can target Windows with 90% of the market, I can target OSX with 8% of the market or I can target Linux with 2% of the market (market share numbers also made up, but probably in the right ballpark).
That means that if I'm interested in profit (and this IS a criminal enterprise, so profit is the primary motive), I want to have my hacker target the platform with the highest ROI. That means that the hacker's going to go after Windows and ignore OSX and Linux.
As the Mac's market share increases, it is going to be an increasingly more attractive target for hackers, because the ROI is higher.
Actually MP3 isn't open. It's public, but not open (nobody can submit changes to the spec, which is part of the definition of "open").
And then there are those patent restrictions...
I'll bite. Which "Cairo" features haven't yet been delivered?
The directory services were delivered in Windows 2000. The object filesystem hasn't been delivered, but all the functionality that it would have offered was delivered by Windows Desktop Search back in 2003ish.
So which part(s) of Cairo aren't there yet?
I love /. This comment replies to the same comment I replied to and it says essentially the same thing that my comment is and it's moderated insightful. My comment is marked flamebait and I'm described as "idiotic".
Redundant I could absolutely see. But I don't get flamebait.
It's probably trying to make room for open office's code.
Because you don't have a swap partition configured, the system can't swap out your data so it's trying to find memory the only place it can - it's discarding the code segments for firefox.
But of course when open office wants to run it needs to swap in the code for the open office which means it needs to find some memory to throw away. And that means it throws away the memory for firefox.
And when firefox wants to run it needs to find a place to put the memory for the firefox code. Because it can't page out your data, it finds the memory in the only place it can: it throws out the memory used by openoffice and uses it for firefox.
wash, rinse, repeat.
There's a reason that most modern OS's have swap partitions (or paging files).
I think it has something to do with Network Location Awareness
But I don't know for sure.
Did you try hovering your mouse over the broken page icon?
I believe that there's a tooltip which has essentially the text you listed above.
RTFA. The "Random Blog" is the source for the BBC article.
The BBC got it wrong.
Ummm. I linked to Long Zheng's post where he clearly says that they are trademark applications. He in turn linked to the patent and TRADEMARK office filings.
The BBC (and the slashdot contributor) got it totally wrong.
They aren't patent applications, they're trademark applications. Check the source
BIG difference.
Patents==Bad and subject to prior art.
Trademarks==Good, and not subject to prior art.
I completely agree with everything you say.
But I assert that these days for online tranactions we need better locks - the ones that are there today (passwords) are proving to be insufficient.
Passwords are NOT good enough for my bank, for example - they require that I have a password (pin) AND a card (my debit card) to withdraw cash from my bank account. They require 3 factor auth to allow me to access my safe deposit bank - I need a key (something I have), a signature (something I am (or something I know) AND a valid photo ID (something I am) before they'll let me in.
Why shouldn't my bank have the same stringent restrictions for online access to my account?
The same is true for my amazon.com account - anyone who gets your amazon password can purchase anything with the credit card on file; when I make a credit card purchase in a store, I'm required to have 2 factor auth (what I have: a credit card) what I am (my signature/photo ID).
Why shouldn't online credit card transactions have the same restrictions that physical credit card transactions have?
Sure, for bulletin boards, 2 factor auth doesn't make a lot of sense. But for other forms of online transactions, it absolutely does.
But it's not smoke and mirrors, IF you're looking at the realm of threats to your data/transactions on the internet.
What makes your password so valuable today is that the password alone is sufficient to unlock access to all your online data.
A two factor auth mechanism renders the password effectively useless, especially if the smart card implementation is competent. At a minimum, it raises the bar for the attacker dramatically higher than it is today.
It's not possible to have perfect security. All you can do is to make it harder for an attacker.
If I had a choice between using strong passwords (with the knowledge that strong passwords either (a) get re-used often or (b) get written down) or using 2 factor auth, I'd take 2 factor auth in a heartbeat. It's dramatically better than simple passwords.
Please note that there are other schemes that use a PIN that are NOT 2 factor auth that ARE smoke and mirrors. For instance if you use a keylocker application that requires a pin to access the actual keys, the security provided by the keylocker IS smoke and mirrors, the if bad guy can steal your password they can then use it to retrieve your passwords and it's game over.
But proper 2 factor auth relies on the CPU on the smart card (that's why it's called a smart card) for every auth sequence. If you don't have both the card AND the pin, it's worthless.
You're right. It IS a password. And it doesn't matter.
The PIN is a password that unlocks the smart card. In order to authenticate with the remote server, you need both the PIN and the smart card.
It's called two factor authentication. There are essentially 3 types of authenticators:
1) What you know (a password)
2) What you have (a key or a smart card)
3) What you are (fingerprint or retina scan).
Most web sites use one factor authentication - their security depends only on what you know (your password).
The primary attack that's involved here is an attacker attempting to guess/steal your password to a remote site. All they need to know is your password and they're in. And they can take your authentication information and use it from any machine on the internet - thus they can sell your identity and make money from that.
With a smartcard/pin combination they need both the PIN (what you know) and the smartcard (what you have). The PIN is totally useless to the attacker unless they also have the smartcard.
Adding the second factor to the authentication system does move "beyond passwords".
I agree.
Here's the danger of not identifying security fixes in your patch logs: If a security fix isn't clearly identified, then customers won't necessarily update it.
I run Windows at work, the IT department there has deployed its own WSUS servers. They only deploy security fixes from Microsoft on those servers (don't ask, it's stupid, but it's what they do). If Microsoft were to hide security fixes in non security updates, then our machines would remain vulnerable to those security bugs.
The theory that somehow hiding the patches will keep customers safe (or deter the hackers from figuring out the vulnerability) is totally bogus. Even though Microsoft is closed source, security researchers can reverse engineer a working exploit from the binary patches in minutes.
It's important to flag security fixes as security fixes so that customers know that they need to give them higher priority.
Usually "unpatched" means XP RTM. Microsoft hasn't sold XP RTM in about 5 years.
What's also funny is that typically the Stereo Mix functionality is implemented post-DAC. So when you're recording from stereo mix, the signal goes:
Output->DAC->ADC->Stereo Mix
So modulo electrical noise on the microphone and headphone jack, you get essentially the same result you'd get as if you went:
Output->DAC->Headphone Jack-> $6.00 Cable->Line In Jack->ADC->Line In
What's really funny is that I bet those machines run Vista.
And Vista has the Stereo Mix functionality built into the OS!
Wow, that sounds just like Microsoft's Virtual Worlds that they were running between 1995 and 2000!
Cool to see cutting edge stuff coming from Google.
What a great idea.
I do have one question...
If Microsoft kills it's plugin technology (ActiveX) how do you expect people to render video?
Every major browser out there (with the possible exception of Lynx) has a plugin technology that allows things like video rendering to be possible. As long as you allow plugins that have the ability to render arbitrary code, you have an environment that is the functional equivilent of ActiveX.
ActiveX has a bad reputation simply because it is the most popular plugin technology out there. There is absolutely nothing inherently less secure with ActiveX controls than there is in the extension mechanisms used by other browsers.
Does anyone remember the GreaseMonkey vulnerabilities? No ActiveX, but a buggy browser plugin.
Killing ActiveX won't make IE any more secure.