Put up and shut up about the environment? One of my favorite things about normal C++ is that you never have to do that; like C you could write an entire OS kernel in C++, with a few assembly helpers.
Type templates are going to be available in.NET 2.0 and VS2005. There are no plans to support non-type template parameters. I also forgot to mention that pointers to pointers (a pointer to a __gc reference) are illegal in managed C++. That was a pretty big feature of C and C++. (this is due to the fact that.NET references are not objects) It's nice that reflection is more powerful but it is still incompatible.
[...] or are features of C++ that were dropped because they are too low level.
One of the reasons for programming in normal C++ is because it is very low level. (ever heard 'high level assembly'?)
I'm not saying that managed C++ is bad, but that it is very different from normal C++. Are managed C++ and C# (.NET) often better for writing your standard Windows app? Yes. Is converting a normal C++ app to managed C++ easy in many cases due to the similarity? Yes.
Maybe because "Managed C++" and "ISO C++" are two entirely different languages? Sure, they may have some syntax in common, but they have almost nothing in terms of purpose, design philosiphy or capibilities in common.
Managed C++ has less features than ISO C++, namely templates and multiple inheritance.
You cannot mix code from the two in many ways, like having a class from one inherit from another.
Sizeof of managed classes is impossible. Managed classes cannot use const or volaitle.
Managed objects cannot be passed by value; only references or value types. (ISO C++ objects are structs that can always be passed by value)
Operator delete doesn't work if no user-defined destructor exists in a managed object.
Managed classes cannot override operator& or operator new.
A managed object cannot be used as a member in a union.
Managed c++ does not use unions; instead a complicated field offset system.
Pointers to objects cannot always be casted in managed C++, pointers of the same size can always be casted in ISO C++.
Data in managed C++ is zero-initialized. Data in ISO C++ has arbitrary values unless explicitly initialized.
Managed C++ adds certain members to all classes (as derived from Object), like GetType; all classes derive from System::Object. ISO C++ classes can have no parent class.
Static sized arrays are illegal in.net
C-style multiple parameters are not supported; use param array instead
Normal c++ supports static-only typing. Managed c++ requires dynamic typing, at least to some extent.
Pointers to members are not supported in any way in managed c++; delegates replace them.
Normal C++ makes absolutely no library requirements on outputted code; not even the startup library is necessary. Managed c++ requries the entire.net runtime, and requries you to include mscorlib.
Classes cannot be defined inside of functions in managed C++.
Any class can be derived from in normal C++. Sealed classes cannot be derived from in managed C++.
Conversion functions are always static in managed c++. The naming convention is different.
RTTI is not supported in managed c++.
Only public inheritance is supported in managed c++.
Normal c++ explicitly has no garbage collector as part of the language; if you want one, use a library. Managed c++ requires you to use.net's GC.
The layout of members in a class or struct in normal c++ can always be known at runtime. Managed makes them permanently opaque.
Removing anything from C++, espescially something as important as templates or multiple inheritance, makes managed C++ a distinctly different language. And this is just a list of some of the things that normal c++ has that managed doesn't. The list of extensions is much longer.
Internet Explorer runs entirely in user mode, in the security context of the current user. The only way to get more privledges from there is to exploit a local vulnerability in the kernel or some privledged service. Any user mode program can make use of a local vuln; IE and ActiveX are not special. Many operating systems have had local vulns; Linux patched one involving mremap() not too long ago. The local vuln in the article you linked to has been fixed since NT4sp4; it isn't going to work on 2k or XP. Besides, all the problems listed either exist on UNIXes too or have been fixed for 5+ years.
That is very interesting. To test your story, I created a new user account, 'Bogus' as only a member of the users group on my xpsp2 machine.
Using IE, I then went to yahoo.com and tried to install their toolbar. It told me that there was an error during installation and to click here to try again (clicking again didn't work).
I tried to install Google's toolbar; after a couple of warning dialogs (do you trust this file? it could be dangerous) it told me "You do not have sufficent access permissions to install the Google Toolbar onto this computer. Please log out, and log back in as an administrator. You can then install the toolbar."
Then I tried to install the gator wallet spyware thingy; it said "Setup cannot write to the registry. In order to install and run on Windows 2000 or XP, you must be a Standard User or an Administrator." Wrong. A standard user won't cut it.
So then I went to www.weatherbug.com. IE blocked a popup and a cookie (with an information screen telling me about what happened the first time). I then tried to install the program: it asked me my zipcode and then crashed while copying files telling me that it couldn't create some file in the \program files directory.
Maybe things have been beefed up since 2000? I created a similar account on a 2000sp3 computer. From IE, I tried to install the Yahoo and Google toolbars, Gator and Weatherbug. They all failed, giving me the same errors as XP did. The only thing different was that a popup from weatherbug.com got thru this time.
Do you have any other spyware/crapware/global programs for me to try? Perhaps you misconfigured the accounts somehow or installed the junk yourself? Don't get me wrong; I personally use Mozilla for the tabs and increased resilance. IE may have its holes but the local security on NT doesn't. IE is just another user mode program; no hole in IE can cause the privledge escilation you describe. If you are going to bash Windows, at least be fair.
The only other new security related service in sp2 I can find is the DCOM launcher, which seems to divide rpcss's old duties into two categories: DCOM hosting and everything else, while running the everything else (RPC) with less privledges. (network service instead of LocalSystem) They are both implemented in the library rpcss.dll. It's not really new, only more modular. And there is the security center notification program (wscntfy.exe) which is a whopping 14k program. All it does is have explorer pop up a baloon if you have an outstanding security center alert. (like no automatic updates)
What other processes were you referring to, specifically?
According to Microsoft guidelines, you aren't supposed to let privledged services interact directly with the user at any time, except for error message boxes in some cases. You have to go out of your way to make a service interactive; you can override the setting in the services control snap-in: in service properties in the log on tab, clear the 'Allow service to interact with desktop' checkbox. It will be given its own sandbox to create windows in; the user can't see or interact with them. Like it says in the page, you can set the registry value HKLM\SYSTEM\CurrentControlSet\Control\Windows\ NoInteractiveServices to 1 to prevent all services from interacting directly. The 'correct' way to do it is to create a client program that uses IPC to communicate with the service; something that would only be running with a logged-on user.
Wrong. Process Explorer tells me that the firewall and security center are hosted in the main svchost process, along with 21 other services. With the SharedAccess (firewall) and wscsvc (Security Center) services stopped, that svchost was using 18,872k of private memory. With both of them running, the process was using 19,108k of private memory, a difference of 236k. The services are implemented in DLLs so they are considered shared memory: the Securty Center binary (wscsvc.dll) is 80k and the firewall binary (ipnathlp.dll) is 323k. That's a total 639k of memory used by the firewall and security center on my computer (xpsp2). Hardly 20mb.
I'm curious; how did you come up with the 20mb number?
Paraphrasing Einstein, code should be as simple as possible, but not any simpler. Good programmers are ones who don't introduces unnecessary complications into code. Really good programmers are ones who can express something complicated very cleanly, or can lucidly document why they've done something strange.
Sometimes the problem itself is too complicated to write code that is both simple and correct. Here are a few ways to proceed from there:
1. Oversimplify: A simple but wrong design is chosen. It is simple to understand so others can maintain it. It will do what it is supposed to but not without a mess of special case handling, which will bloat the project size. This will give some programmers headaches by knowing that the solution is incorrect by design.
2. Use a unique and complex solution: The first programmer comes up with a new solution. The solution is non-standard; other programmers are faced with a steep learning curve to understand how it works. The origninal programmer can maintain the code easily but anyone else has a hard time getting started.
3. Change the rules: Perhaps the reason that the solution needs to be so complicated is because the tools being used to implement it aren't well suited to this type of problem. Change the language or the environment; use something nonstandard that is good at solving the problem. It is hard to find the right one (if it even exists) and it will take a lot of research; you may not have the time or resources to risk finding nothing usable. Another problem is that your programmers need to be skilled in a wide range of languages or they won't be able to maintain the code. Outsiders may not like your code because it uses an obscure environment. Creating or extending the programming environment is difficult in Java or C# but it is trivial in LISP; LISP adapts itself to the problem. Writing a good operating system kernel in Visual Basic would be a nightmare but works well in C.
As for expressing something complicatd in a clear way, this is a measure of writing and communication skills. Unfortunately, many people are bad at that in general. I see solution #1 used wayy too often; simplicity of design at the expense of bloat and elegance. XYZ corporation can assign huge teams of programmers and managers to these projects. My favorite solution is #2 but most of my projects are only maintained by myself, so I don't have to worry about explaining them. I like having control; I get complete control over things I make myself. #3 is nice, but it is so hard to find what you are looking for. You can't do web searches on concepts. I guess the best way to make this one work is to know about a diverse library of environments. Maybe I just need to get out more:P
Yes, Dark Forces had dynamic music: a track for battles and another when you haven't fought for a while plus transitions. I love the quiet/puzzle music in Dark Forces. It gives you the feeling of searching dark, quiet hallways worried that stormtroopers could be in an ambush around the next corner. Rooms that are too quiet; you have to be alert just in case, but it is starting to wear you down.
I'm not sure if it was released earlier, but Wing Commander has dynamic music too.
I think music should be there to add to the ambiance, espescially when it would be otherwise quiet.
On the Windows end, make the user that the backup program runs as a member of the 'Backup Operators' group. Backup operators can ignore security to read all files for backup. Since backup operators (anyone with SeBackupPrivilege) can read all files (regardless of ACL), it can be a security risk; use it carefully.
Try VDM Sound. It provides sound and joystick support to the DOS VDM in Windows NT (and XP and 2k). I use it to play DOS CD version of TIE fighter (the best version IMO) and it works great.
I hate the graphics updates for the Windows versions; they use very low color depth and resolution textures that make the ships look... dirty. The vector based gouraud shading looked much better to me. Also, there is this really annoying engine sound that plays way too loud and has this short repeating sample (no, it can't be tured off). They ruined the music entirely. There used to be this great, original, MIDI soundtrack, but the Windows version replaces it with some low-quality generic Star Wars movie music ripoff. Think about turning the Star Wars soundtrack into elevator music. I'm not sure, but I get the feeling that they altered the laser firing rate to be faster in the Windows version. It seems different. Plus, you can still have the high-res (640x480) flight mode in the DOS Tie CD.
I tried getting a grasp on those 1024-characters-long API call names from MicroSoft, and I was really glad that *n?xes provided me simple _system calls_ (which MS does _not_ provide, since the developers can use only the APIs).
I agree that the names can get a little long, but at least they are descriptive. If you had never heard of freopen before, could you tell what it does without looking it up (from just the name)? How about SetStdHandle?
No, the system call interface isn't documented by MS. Yes, that sucks. There are alternative sources that do document the native API (the system call interface).
Anyway, I find MS libraries too chaotic. But when we speak about kernels, the win32 kernel and the event-driven idea behind everything windows-like aren't really good, nor new. Why, else, people would use *nix kernels for critical applications, such as servers? The only thing interesting about the win32 approach is the HAL. Everything else is just (bad, imho) habit: you think that using already prebuilt APIs would speed your work, but for me it is only laziness.
Chaotic? The win32 api maintains source-level compatibility (that's all POSIX offers) with win16 since Windows 1.0, and binary compatibility with win16 binaries by use of a virtual machine. Could I hope to run a binary created in a Linux 1.0 era environment on the newest stable environment? How about a kernel module? You can load drivers from NT3.1 (first release of NT) in WS2003. Windows developers have gone to great lengths to maintain stability and compatibility in their APIs. You are lucky if the next release of the GNU C runtime doesn't have breaking changes requiring code modifications. The reason behind this is that customers get really mad and tend to not buy upgrades when the next version of your product breaks their existing apps; custom business apps that have long lost the source code and developer support.
What do you have against the concept of asyncronous IO? You wouldn't want all the hardware busses in your computer to behave syncronously. I see it as a question of balance between a generic solution and a specific solution. When UNIX uses a filesystem to access almost everything and treats as many things as files, that is a generic solution. Generic solutions are more consistent and usually simpler, but don't handle variations and unique situations well. Anyways, if an application would be best served by handling something in a special way and the operating system is willing to participate, where is the harm in letting them do it? Asyncronous IO doesn't work for everything but when it does, syncronous IO really looks ugly.
Keeping some APIs static for 10 yrs means also keeping backwards compatibility with some old or "slow" functions. And more code you write more bugs you can potentially generate. So I don't really see the point of having a lot of APIs you'll never use instead of a hundred syscalls and then you use another library (for example, STL). If you want a thousand functions, pick up a library like, who knows, GTK+. It's in userland and fully extendible. Don't you like it? Change it.
Or you could keep the old APIs and get people to use new ones that work better. I'm confused; you said Microsoft APIs were too chaotic, but now they're static..? In Windows, the system call interface is the native API, exported in ntdll.dll (look for the Nt* functions). Win32 sits on top of that, as a big runtime library that provides compatibility, graphics and user interface controls. Many win32 functions are thin wrappers to native functions: CreateThread (from win32) just calls NtCreateThread (a syscall). XP sp1 has 285 syscalls. Linux 2.6.7 appears to have 268.
Change it, as in create (yet another, I'm sure) fork of whatever project,
hProcess
[in] Handle to the process in which the thread is to be created. The handle must have the PROCESS_CREATE_THREAD, PROCESS_QUERY_INFORMATION, PROCESS_VM_OPERATION, PROCESS_VM_WRITE, and PROCESS_VM_READ access rights.
It's not insecure because you need the proper access rights first. This function is quite useful for debuggers. Same thing applies to ReadProcessMemory and WriteProcessMemory.
What are you talking about 'global memory space'? Each process has its own address space (its own set of page tables). The only global memory is kernel memory, and it's not accessible from user mode. Shared memory is accomplished through section objects; no section object is connected to every process (except for system libraries, and those are read-only).
Slashdot Order of Blame:
Microsoft
SCO
Other greedy corps, media cartels (RIAA, MPAA)
The government: patent office, stupid senators, George W.
People who vote independant instead of lesser evil
PHBs
Stupid people in general
Lawyers
People who aren't lawyers (but give legal advice anyways)
Linux user interfaces (never internals)
Pedantic nazis: grammar, it's GNU/Linux! --who blame various things
Yourself (yeah right)
DirectX is implemented in win32k.sys. This file also implements the win32 subsystem, GDI and the window manager (USER). You can't remove DirectX because GDI uses it to do drawing and map device surfaces; they are integrated; not with the kernel, but with win32.
If you want to control the software that your users run, Software Restriction Policies will work much better, as they are designed for that. Create a whitelist of allowed program hashes. All others will be denied.
UNIX security model is much more easy to grasp and implement than whatever MS kludged together in the various pro versions of their environment.
I don't find the NT security model to be hard to understand; what don't you understand? It hasn't changed much since the first version.
There's no such thing as chroot/jail in windows isn't it?
Yes, they are called sessions. Each session has a set of symbolic links in the Object Manager that connect devices to a session's namespace. The Object Manager is like Linux's VFS. Change/delete those links and win32 can't get to the devices they point to. For example, if you changed the C:->\Device\HarddiskVolume1 link to point to \Device\HarddiskVolume1\MyDir, processes in that session cannot access files outside of \MyDir.
I'm perfectly aware that an XP registry is rife with cryptic and mulply overridden account policy keys that only a specialized enterprise admin might make something out of it (that's probably why SPs often FSCK up deployed servers...).
Are you saying that group policies are cryptic, despite the paragraphs per entry in the description tab? Here is how policy overriding works. Group policies applied from the domain always replace local settings; they would be useless without this. Computer policies override user policies in a single GPO object when a conflict exists. When you connect GPO objects to an orginizational object you get to pick what order the GPOs are applied in. When in doubt, lookup the "Effective Policy" in Local Security Policy. Policies overwrite each other; redundant entries are not created. Personally, I haven't had any problems with service packs.
When a security hole exposes a 'nobody' or 'www' jailed server I can patch it in no time being 100% shure the only service involved is the one I'm working on; sometimes I go to the point of duplicating shared libs (openssl) for the various servers... Windows is unsafe because of sloppy code and also because it has a byzantine security model.
If I had an unprivledged local service breached on a NT machine, the only thing I would worry about is local exploits, same as on a UNIX. You can duplicate libraries if you want, but that's a bit pointless. The security model is just different, not bad.
1. Move the video acceleration level to zero. (Display->Settings->Advanced->Troubleshoo t) This will implicitly disable direct draw and direct3d. Or, use dxdiag.exe to disable them more directly. Only local admins can change those settings.
2. Connecting to a single window remotely isn't natively supported but Citrix supports it. There is some kind of deal between MS and Citrix to prevent MS from including it standard. Oh and what happens when the X server dies unexpectedly, takes your server (X client) app along with it and causes corruption?
3.Use the Guest account; or a user account that is only a member of the Guests group. You can also change the shell to something executed remotely if you want. In a domain, the group Domain Guests is a member of the Guests group on local computers.
4. NT has always had a fine grained ACL security system. Files and directories have 17 permission types as opposed to the UNIX standard 3. Every object (from section to thread to mutex) has a seperate ACL. Perhaps you could be more specific?
5. I can't tell what the problem is from here based on the information (lack thereof) you provided. If someone (external or not) can fix it, then it's not the OS's fault but the ignorant party's fault.
6. You don't need a desktop environment. See the group policy User Interface.
Here is an interesting page from MS about how WebDAV works. Apparently, any app in XP can use WebDAV since it has been added as a new filesystem driver (mrxdav.sys).
Yep. I was thinking that maybe runas was completely broken for a second, so I tried running a cmd.exe as administrator, and that worked fine. Unfortunately, I'm a *nix guy and I don't know how to change directory permissions from the cmd shell in windows.
You can try to launch explorer from the cmd window: it will inherit the user it is logged on as. See the command 'calcs' to change ACLs from the command line.
Thats odd, its not admin on my machine. I'd actually tried the other guys exact command line with the user as admin and it said that user doesn't exist
I renamed the Administrator account to Admin using the local policy settings.
I've just always had to deal with this kind of crap, from windows junkies. Trust me, I do begrudgingly use Windows for some software, because I have to, but I get REALLY TIRED of hearing the crap of "but things just WORK in windows, no modifying of config files, install xyz lib", etc, but at the same time some very simple things suck so badly in windows. To reverse the argument, I shouldn't HAVE to download some extra software to make something fscking simple like run an explorer window as admin work right.
Things tend to work for me, but I have been dealing with crappiness from Windows for a while:) Nope, you shouldn't have to download extra files. I always carry a set of third-party tools around with me to make up for built-in deficencies. NT is capable of all kinds of stuff underneath, but the interfaces on top suck.
For protecting the system from malicious users who know what they are doing, it would in fact be useless.
For protecting yourself against crapware and IE's holes, it is very useful; a malicious program would have to be pretty intelligent to search for scripts with passwords. Yeah, it's security through obscurity but it has very little chance of failing; most (everything I've seen) Windows crapware just expects to have access already or fails. Plus, su/sud lets you create a key file that only lets you start one program as one user(without knowing the password); it has similar uses to setuid.
I'd say it's about as secure and useful as giving someone sudo access on UNIX.
I don't know why it isn't working. This may be a stupid question, but are you sure the SecondaryLogon service is running? Maybe explorer is quitting for some reason; try starting another cmd. The user is really named Admin. Did you try SUD/SU? I always use that instead of RunAs anymore. Also, see psexec. It can do the same thing, and it can also do it on remote computers (assuming you have access).
Hell, when Administrative priv. are required, what does Windows software do? It pops up, "You have to be running as an Administrator to...". It doesn't even ask you for Admin. password to complete its function. You just have to relogin. And thanks to the great "multi user capabilities", you have to log out of your current session first.
First, every version of NT (since 3.1) has been multiuser. You could have processes running as different users, side by side at the same time all interacting with the user. The tools provided by MS haven't been so great however. Runas (as previously mentioned) from 2000 is about it. This tool works better; but it's not like it does anything undocumented.
The reason that programs tell you that you have to be admin to do this but don't ask you for a password to continue, is becuase even if they had the password they couldn't do anything with it. Every time a user logs on, a security primary token is created that can be used to create processes with the user's priveledges. Even if you know a user's password, those tokens cannot be created in an unprivileged process; a process requires the SeCreateTokenPrivilege to create primary tokens. By default, only the SYSTEM account has that privilege. Change it in the Local Security Settings snap-in, or the User Manager for NT4 and earlier. Notice that runas and SUD require a privileged service account that runs as SYSTEM. Windows installer can prompt you for a password because it has a service too.
Yes, you can still use fast user switching even when the (stupid) welcome screen is disabled. What you can't do is use it and be part of a domain (this is due to some dumb licencing thing from MS)
First, disable the welcome screen. Then set the DWORD HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AllowMultipleTSSessions to 1. Restart. Now use Task Manager's Users tab: Right click yourself and select Disconnect to get back to the logon screen without logging off. Right click a different user and select connect to go directly to that user. You can also log users off from here, too. Users must be a member of the 'Remote Desktop Users' group to be able to see other logged on users on the computer. From the logon screen you can enter a user name that already has a session to reconnect. On the command line, use tsdiscon to disconnect (back to logon). Use tscon to connect to another session (you will need the session ID number). Lock still works, and it is not the same thing as disconnecting.
I just tried "runas/u:Admin explorer". It promted me for a password, and then created a new explorer process running as the user Admin. It worked from xpsp1 and 2ksp3. You could also start a command prompt and run explorer from there.
I don't like runas becuase you can't use it for setuid or make the password a command line parameter. Here is a tool that does that.
No, comparing FireFox to IE directly really isn't fair; I should have put a disclaimer on that. I wanted to point out that IE is divided into more modules than FireFox. Thanks for the dependency list in KDE. Here is a list of all the libraries that IE depends on, or may depend on (delay-load): (posted without line breaks because the list is really long: spaces seperate entries) lz32.dll,2560,
msimg32.dll,4608,
wmi.dll,5632,
netrap.dll,10752,
powrprof.dll,14848,
linkinfo.dll,15360,
version.dll,16384,
cfgmgr32.dll,16896,
wtsapi32.dll,17408,
ws2help.dll,18944,
wsock32.dll,21504,
w32topl.dll,22016,
wzcsapi.dll,23552,
efsadu.dll,24576,
utildll.dll,25600,
mssign32.dll,35840,
ntlanman.dll,38400,
rtutils.dll,39936,
regapi.dll,44032,
mprui.dll,47104,
winsta.dll,48128,
authz.dll,51200,
msasn1.dll,51712,
secur32.dll,52224,
clusapi.dll,54272,
samlib.dll,54784,
mpr.dll,55808,
rasman.dll,55808,
wzcdlg.dll,56832,
cabinet.dll,59904,
ntdsapi.dll,64512,
netui0.dll,74752,
atl.dll,74810,
ws2_32.dll,75264,
mprapi.dll,79360,
iphlpapi.dll,82944,
cscdll.dll,89600,
advpack.dll,91136,
iexplore.exe,91136,
msoert2.dll,91136,
winscard.dll,93184,
dhcpcsvc.dll,99840,
imm32.dll,103936,
olepro32.dll,106496,
apphelp.dll,115712,
shsvcs.dll,116224,
oledlg.dll,117760,
imagehlp.dll,126976,
msrating.dll,132096,
winspool.drv,132096,
dnsapi.dll,139264,
adsldpc.dll,139776,
cdfview.dll,142336,
netman.dll,154112,
credui.dll,158720,
oleacc.dll,163328,
tapi32.dll,165376,
wintrust.dll,166912,
wldap32.dll,168448,
winmm.dll,171520,
scecli.dll,174592,
activeds.dll,181760,
certcli.dll,186880,
mobsync.dll,196096,
uxtheme.dll,203264,
odbc32.dll,204800,
rasapi32.dll,217088,
mswsock.dll,228352,
netui1.dll,230400,
gdi32.dll,257536,
comdlg32.dll,258048,
devmgr.dll,263168,
duser.dll,263680,
wzcsvc.dll,264704,
netapi32.dll,306176,
netui2.dll,308224,
msvcrt.dll,323072,
shlwapi.dll,395264,
msvcp60.dll,401462,
cryptui.dll,477696,
urlmon.dll,484352,
dbghelp.dll,489984,
printui.dll,522240,
rpcrt4.dll,535552,
crypt32.dll,544256,
comctl32.dll,557056,
advapi32.dll,558080,
user32.dll,560128,
oleaut32.dll,569344,
mlang.dll,577024,
netcfgx.dll,584192,
wininet.dll,588288,
inetcomm.dll,593408,
rasdlg.dll,631808,
ntdll.dll,654336,
userenv.dll,667136,
netplwiz.dll,857600,
kernel32.dll,930304,
setupapi.dll,932864,
msgina.dll,971264,
mfc42u.dll,995384,
esent.dll,1018368,
browseui.dll,1026048,
ole32.dll,1183744,
shdocvw.dll,1339904,
query.dll,1349120,
netshell.dll,1622528,
gdiplus.dll,1703936,
msi.dll,2086400,
mshtml.dll,2795520,
shell32.dll,8240640
For a total of 46028456 bytes. Note that many libraries are loaded on demand; many of them are never loaded during a normal session. Also, all the win32 interface libraries and runtime libraries that IE may use are included, with their dependencies. For anyone who cares, Dependency Walker will tell you all about it.
Slashdot Mirror
Type templates are going to be available in
I also forgot to mention that pointers to pointers (a pointer to a __gc reference) are illegal in managed C++. That was a pretty big feature of C and C++. (this is due to the fact that
It's nice that reflection is more powerful but it is still incompatible.One of the reasons for programming in normal C++ is because it is very low level. (ever heard 'high level assembly'?)
I'm not saying that managed C++ is bad, but that it is very different from normal C++. Are managed C++ and C# (.NET) often better for writing your standard Windows app? Yes. Is converting a normal C++ app to managed C++ easy in many cases due to the similarity? Yes.
Managed C++ has less features than ISO C++, namely templates and multiple inheritance.
You cannot mix code from the two in many ways, like having a class from one inherit from another.
Sizeof of managed classes is impossible. Managed classes cannot use const or volaitle.
Managed objects cannot be passed by value; only references or value types. (ISO C++ objects are structs that can always be passed by value)
Operator delete doesn't work if no user-defined destructor exists in a managed object.
Managed classes cannot override operator& or operator new.
A managed object cannot be used as a member in a union.
Managed c++ does not use unions; instead a complicated field offset system.
Pointers to objects cannot always be casted in managed C++, pointers of the same size can always be casted in ISO C++.
Data in managed C++ is zero-initialized. Data in ISO C++ has arbitrary values unless explicitly initialized.
Managed C++ adds certain members to all classes (as derived from Object), like GetType; all classes derive from System::Object. ISO C++ classes can have no parent class.
Static sized arrays are illegal in .net
C-style multiple parameters are not supported; use param array instead
Normal c++ supports static-only typing. Managed c++ requires dynamic typing, at least to some extent.
Pointers to members are not supported in any way in managed c++; delegates replace them.
Normal C++ makes absolutely no library requirements on outputted code; not even the startup library is necessary. Managed c++ requries the entire .net runtime, and requries you to include mscorlib.
Classes cannot be defined inside of functions in managed C++.
Any class can be derived from in normal C++. Sealed classes cannot be derived from in managed C++.
Conversion functions are always static in managed c++. The naming convention is different.
RTTI is not supported in managed c++.
Only public inheritance is supported in managed c++.
Normal c++ explicitly has no garbage collector as part of the language; if you want one, use a library. Managed c++ requires you to use .net's GC.
The layout of members in a class or struct in normal c++ can always be known at runtime. Managed makes them permanently opaque.
Removing anything from C++, espescially something as important as templates or multiple inheritance, makes managed C++ a distinctly different language. And this is just a list of some of the things that normal c++ has that managed doesn't. The list of extensions is much longer.
Internet Explorer runs entirely in user mode, in the security context of the current user. The only way to get more privledges from there is to exploit a local vulnerability in the kernel or some privledged service. Any user mode program can make use of a local vuln; IE and ActiveX are not special. Many operating systems have had local vulns; Linux patched one involving mremap() not too long ago. The local vuln in the article you linked to has been fixed since NT4sp4; it isn't going to work on 2k or XP. Besides, all the problems listed either exist on UNIXes too or have been fixed for 5+ years.
That is very interesting. To test your story, I created a new user account, 'Bogus' as only a member of the users group on my xpsp2 machine.
Using IE, I then went to yahoo.com and tried to install their toolbar. It told me that there was an error during installation and to click here to try again (clicking again didn't work).
I tried to install Google's toolbar; after a couple of warning dialogs (do you trust this file? it could be dangerous) it told me "You do not have sufficent access permissions to install the Google Toolbar onto this computer. Please log out, and log back in as an administrator. You can then install the toolbar."
Then I tried to install the gator wallet spyware thingy; it said "Setup cannot write to the registry. In order to install and run on Windows 2000 or XP, you must be a Standard User or an Administrator." Wrong. A standard user won't cut it.
So then I went to www.weatherbug.com. IE blocked a popup and a cookie (with an information screen telling me about what happened the first time). I then tried to install the program: it asked me my zipcode and then crashed while copying files telling me that it couldn't create some file in the \program files directory.
Maybe things have been beefed up since 2000? I created a similar account on a 2000sp3 computer. From IE, I tried to install the Yahoo and Google toolbars, Gator and Weatherbug. They all failed, giving me the same errors as XP did. The only thing different was that a popup from weatherbug.com got thru this time.
Do you have any other spyware/crapware/global programs for me to try?
Perhaps you misconfigured the accounts somehow or installed the junk yourself?
Don't get me wrong; I personally use Mozilla for the tabs and increased resilance.
IE may have its holes but the local security on NT doesn't. IE is just another user mode program; no hole in IE can cause the privledge escilation you describe.
If you are going to bash Windows, at least be fair.
The only other new security related service in sp2 I can find is the DCOM launcher, which seems to divide rpcss's old duties into two categories: DCOM hosting and everything else, while running the everything else (RPC) with less privledges. (network service instead of LocalSystem) They are both implemented in the library rpcss.dll. It's not really new, only more modular.
And there is the security center notification program (wscntfy.exe) which is a whopping 14k program. All it does is have explorer pop up a baloon if you have an outstanding security center alert. (like no automatic updates)
What other processes were you referring to, specifically?
According to Microsoft guidelines, you aren't supposed to let privledged services interact directly with the user at any time, except for error message boxes in some cases. You have to go out of your way to make a service interactive; you can override the setting in the services control snap-in: in service properties in the log on tab, clear the 'Allow service to interact with desktop' checkbox. It will be given its own sandbox to create windows in; the user can't see or interact with them. Like it says in the page, you can set the registry value HKLM\SYSTEM\CurrentControlSet\Control\Windows\ NoInteractiveServices to 1 to prevent all services from interacting directly. The 'correct' way to do it is to create a client program that uses IPC to communicate with the service; something that would only be running with a logged-on user.
Wrong. Process Explorer tells me that the firewall and security center are hosted in the main svchost process, along with 21 other services. With the SharedAccess (firewall) and wscsvc (Security Center) services stopped, that svchost was using 18,872k of private memory. With both of them running, the process was using 19,108k of private memory, a difference of 236k. The services are implemented in DLLs so they are considered shared memory: the Securty Center binary (wscsvc.dll) is 80k and the firewall binary (ipnathlp.dll) is 323k. That's a total 639k of memory used by the firewall and security center on my computer (xpsp2). Hardly 20mb.
I'm curious; how did you come up with the 20mb number?
1. Oversimplify: A simple but wrong design is chosen. It is simple to understand so others can maintain it. It will do what it is supposed to but not without a mess of special case handling, which will bloat the project size. This will give some programmers headaches by knowing that the solution is incorrect by design.
2. Use a unique and complex solution: The first programmer comes up with a new solution. The solution is non-standard; other programmers are faced with a steep learning curve to understand how it works. The origninal programmer can maintain the code easily but anyone else has a hard time getting started.
3. Change the rules: Perhaps the reason that the solution needs to be so complicated is because the tools being used to implement it aren't well suited to this type of problem. Change the language or the environment; use something nonstandard that is good at solving the problem. It is hard to find the right one (if it even exists) and it will take a lot of research; you may not have the time or resources to risk finding nothing usable. Another problem is that your programmers need to be skilled in a wide range of languages or they won't be able to maintain the code. Outsiders may not like your code because it uses an obscure environment. Creating or extending the programming environment is difficult in Java or C# but it is trivial in LISP; LISP adapts itself to the problem. Writing a good operating system kernel in Visual Basic would be a nightmare but works well in C.
As for expressing something complicatd in a clear way, this is a measure of writing and communication skills. Unfortunately, many people are bad at that in general.
I see solution #1 used wayy too often; simplicity of design at the expense of bloat and elegance. XYZ corporation can assign huge teams of programmers and managers to these projects. My favorite solution is #2 but most of my projects are only maintained by myself, so I don't have to worry about explaining them. I like having control; I get complete control over things I make myself. #3 is nice, but it is so hard to find what you are looking for. You can't do web searches on concepts. I guess the best way to make this one work is to know about a diverse library of environments. Maybe I just need to get out more
Yes, Dark Forces had dynamic music: a track for battles and another when you haven't fought for a while plus transitions. I love the quiet/puzzle music in Dark Forces. It gives you the feeling of searching dark, quiet hallways worried that stormtroopers could be in an ambush around the next corner. Rooms that are too quiet; you have to be alert just in case, but it is starting to wear you down.
I'm not sure if it was released earlier, but Wing Commander has dynamic music too.
I think music should be there to add to the ambiance, espescially when it would be otherwise quiet.
On the Windows end, make the user that the backup program runs as a member of the 'Backup Operators' group.
Backup operators can ignore security to read all files for backup.
Since backup operators (anyone with SeBackupPrivilege) can read all files (regardless of ACL), it can be a security risk; use it carefully.
Try VDM Sound. It provides sound and joystick support to the DOS VDM in Windows NT (and XP and 2k).
I use it to play DOS CD version of TIE fighter (the best version IMO) and it works great.
I hate the graphics updates for the Windows versions; they use very low color depth and resolution textures that make the ships look... dirty. The vector based gouraud shading looked much better to me. Also, there is this really annoying engine sound that plays way too loud and has this short repeating sample (no, it can't be tured off).
They ruined the music entirely. There used to be this great, original, MIDI soundtrack, but the Windows version replaces it with some low-quality generic Star Wars movie music ripoff. Think about turning the Star Wars soundtrack into elevator music.
I'm not sure, but I get the feeling that they altered the laser firing rate to be faster in the Windows version. It seems different.
Plus, you can still have the high-res (640x480) flight mode in the DOS Tie CD.
I agree that the names can get a little long, but at least they are descriptive. If you had never heard of freopen before, could you tell what it does without looking it up (from just the name)? How about SetStdHandle?
No, the system call interface isn't documented by MS. Yes, that sucks. There are alternative sources that do document the native API (the system call interface).
Chaotic? The win32 api maintains source-level compatibility (that's all POSIX offers) with win16 since Windows 1.0, and binary compatibility with win16 binaries by use of a virtual machine. Could I hope to run a binary created in a Linux 1.0 era environment on the newest stable environment? How about a kernel module? You can load drivers from NT3.1 (first release of NT) in WS2003. Windows developers have gone to great lengths to maintain stability and compatibility in their APIs. You are lucky if the next release of the GNU C runtime doesn't have breaking changes requiring code modifications.
The reason behind this is that customers get really mad and tend to not buy upgrades when the next version of your product breaks their existing apps; custom business apps that have long lost the source code and developer support.
What do you have against the concept of asyncronous IO? You wouldn't want all the hardware busses in your computer to behave syncronously.
I see it as a question of balance between a generic solution and a specific solution. When UNIX uses a filesystem to access almost everything and treats as many things as files, that is a generic solution. Generic solutions are more consistent and usually simpler, but don't handle variations and unique situations well.
Anyways, if an application would be best served by handling something in a special way and the operating system is willing to participate, where is the harm in letting them do it? Asyncronous IO doesn't work for everything but when it does, syncronous IO really looks ugly.
Or you could keep the old APIs and get people to use new ones that work better. I'm confused; you said Microsoft APIs were too chaotic, but now they're static..?
In Windows, the system call interface is the native API, exported in ntdll.dll (look for the Nt* functions). Win32 sits on top of that, as a big runtime library that provides compatibility, graphics and user interface controls. Many win32 functions are thin wrappers to native functions: CreateThread (from win32) just calls NtCreateThread (a syscall). XP sp1 has 285 syscalls. Linux 2.6.7 appears to have 268.
Change it, as in create (yet another, I'm sure) fork of whatever project,
Same thing applies to ReadProcessMemory and WriteProcessMemory.
What are you talking about 'global memory space'? Each process has its own address space (its own set of page tables). The only global memory is kernel memory, and it's not accessible from user mode. Shared memory is accomplished through section objects; no section object is connected to every process (except for system libraries, and those are read-only).
What is the UNIX equivalent to an IoCompletionPort?
Personal responsibility? You must be new here :)
Slashdot Order of Blame:
Microsoft
SCO
Other greedy corps, media cartels (RIAA, MPAA)
The government: patent office, stupid senators, George W.
People who vote independant instead of lesser evil
PHBs
Stupid people in general
Lawyers
People who aren't lawyers (but give legal advice anyways)
Linux user interfaces (never internals)
Pedantic nazis: grammar, it's GNU/Linux! --who blame various things
Yourself (yeah right)
DirectX is implemented in win32k.sys. This file also implements the win32 subsystem, GDI and the window manager (USER). You can't remove DirectX because GDI uses it to do drawing and map device surfaces; they are integrated; not with the kernel, but with win32.
If you want to control the software that your users run, Software Restriction Policies will work much better, as they are designed for that. Create a whitelist of allowed program hashes. All others will be denied.
Personally, I haven't had any problems with service packs.If I had an unprivledged local service breached on a NT machine, the only thing I would worry about is local exploits, same as on a UNIX. You can duplicate libraries if you want, but that's a bit pointless.
The security model is just different, not bad.
1. Move the video acceleration level to zero. (Display->Settings->Advanced->Troubleshoo t) This will implicitly disable direct draw and direct3d.
Or, use dxdiag.exe to disable them more directly. Only local admins can change those settings.
2. Connecting to a single window remotely isn't natively supported but Citrix supports it. There is some kind of deal between MS and Citrix to prevent MS from including it standard.
Oh and what happens when the X server dies unexpectedly, takes your server (X client) app along with it and causes corruption?
3.Use the Guest account; or a user account that is only a member of the Guests group. You can also change the shell to something executed remotely if you want. In a domain, the group Domain Guests is a member of the Guests group on local computers.
4. NT has always had a fine grained ACL security system. Files and directories have 17 permission types as opposed to the UNIX standard 3. Every object (from section to thread to mutex) has a seperate ACL.
Perhaps you could be more specific?
5. I can't tell what the problem is from here based on the information (lack thereof) you provided.
If someone (external or not) can fix it, then it's not the OS's fault but the ignorant party's fault.
6. You don't need a desktop environment. See the group policy User Interface.
7. See Terminal Services.
Here is an interesting page from MS about how WebDAV works.
Apparently, any app in XP can use WebDAV since it has been added as a new filesystem driver (mrxdav.sys).
See the command 'calcs' to change ACLs from the command line.I renamed the Administrator account to Admin using the local policy settings.Things tend to work for me, but I have been dealing with crappiness from Windows for a while
Nope, you shouldn't have to download extra files. I always carry a set of third-party tools around with me to make up for built-in deficencies.
NT is capable of all kinds of stuff underneath, but the interfaces on top suck.
For protecting the system from malicious users who know what they are doing, it would in fact be useless.
For protecting yourself against crapware and IE's holes, it is very useful; a malicious program would have to be pretty intelligent to search for scripts with passwords.
Yeah, it's security through obscurity but it has very little chance of failing; most (everything I've seen) Windows crapware just expects to have access already or fails.
Plus, su/sud lets you create a key file that only lets you start one program as one user(without knowing the password); it has similar uses to setuid.
I'd say it's about as secure and useful as giving someone sudo access on UNIX.
I don't know why it isn't working. This may be a stupid question, but are you sure the SecondaryLogon service is running? Maybe explorer is quitting for some reason; try starting another cmd.
The user is really named Admin.
Did you try SUD/SU? I always use that instead of RunAs anymore.
Also, see psexec. It can do the same thing, and it can also do it on remote computers (assuming you have access).
The reason that programs tell you that you have to be admin to do this but don't ask you for a password to continue, is becuase even if they had the password they couldn't do anything with it. Every time a user logs on, a security primary token is created that can be used to create processes with the user's priveledges. Even if you know a user's password, those tokens cannot be created in an unprivileged process; a process requires the SeCreateTokenPrivilege to create primary tokens. By default, only the SYSTEM account has that privilege. Change it in the Local Security Settings snap-in, or the User Manager for NT4 and earlier.
Notice that runas and SUD require a privileged service account that runs as SYSTEM. Windows installer can prompt you for a password because it has a service too.
Yes, you can still use fast user switching even when the (stupid) welcome screen is disabled. What you can't do is use it and be part of a domain (this is due to some dumb licencing thing from MS)
s to 1. Restart.
First, disable the welcome screen. Then set the DWORD HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AllowMultipleTSSession
Now use Task Manager's Users tab:
Right click yourself and select Disconnect to get back to the logon screen without logging off. Right click a different user and select connect to go directly to that user. You can also log users off from here, too. Users must be a member of the 'Remote Desktop Users' group to be able to see other logged on users on the computer. From the logon screen you can enter a user name that already has a session to reconnect.
On the command line, use tsdiscon to disconnect (back to logon). Use tscon to connect to another session (you will need the session ID number).
Lock still works, and it is not the same thing as disconnecting.
I just tried "runas /u:Admin explorer". It promted me for a password, and then created a new explorer process running as the user Admin. It worked from xpsp1 and 2ksp3. You could also start a command prompt and run explorer from there.
I don't like runas becuase you can't use it for setuid or make the password a command line parameter. Here is a tool that does that.
No, comparing FireFox to IE directly really isn't fair; I should have put a disclaimer on that. I wanted to point out that IE is divided into more modules than FireFox. :
Thanks for the dependency list in KDE. Here is a list of all the libraries that IE depends on, or may depend on (delay-load)
(posted without line breaks because the list is really long: spaces seperate entries)
lz32.dll,2560, msimg32.dll,4608, wmi.dll,5632, netrap.dll,10752, powrprof.dll,14848, linkinfo.dll,15360, version.dll,16384, cfgmgr32.dll,16896, wtsapi32.dll,17408, ws2help.dll,18944, wsock32.dll,21504, w32topl.dll,22016, wzcsapi.dll,23552, efsadu.dll,24576, utildll.dll,25600, mssign32.dll,35840, ntlanman.dll,38400, rtutils.dll,39936, regapi.dll,44032, mprui.dll,47104, winsta.dll,48128, authz.dll,51200, msasn1.dll,51712, secur32.dll,52224, clusapi.dll,54272, samlib.dll,54784, mpr.dll,55808, rasman.dll,55808, wzcdlg.dll,56832, cabinet.dll,59904, ntdsapi.dll,64512, netui0.dll,74752, atl.dll,74810, ws2_32.dll,75264, mprapi.dll,79360, iphlpapi.dll,82944, cscdll.dll,89600, advpack.dll,91136, iexplore.exe,91136, msoert2.dll,91136, winscard.dll,93184, dhcpcsvc.dll,99840, imm32.dll,103936, olepro32.dll,106496, apphelp.dll,115712, shsvcs.dll,116224, oledlg.dll,117760, imagehlp.dll,126976, msrating.dll,132096, winspool.drv,132096, dnsapi.dll,139264, adsldpc.dll,139776, cdfview.dll,142336, netman.dll,154112, credui.dll,158720, oleacc.dll,163328, tapi32.dll,165376, wintrust.dll,166912, wldap32.dll,168448, winmm.dll,171520, scecli.dll,174592, activeds.dll,181760, certcli.dll,186880, mobsync.dll,196096, uxtheme.dll,203264, odbc32.dll,204800, rasapi32.dll,217088, mswsock.dll,228352, netui1.dll,230400, gdi32.dll,257536, comdlg32.dll,258048, devmgr.dll,263168, duser.dll,263680, wzcsvc.dll,264704, netapi32.dll,306176, netui2.dll,308224, msvcrt.dll,323072, shlwapi.dll,395264, msvcp60.dll,401462, cryptui.dll,477696, urlmon.dll,484352, dbghelp.dll,489984, printui.dll,522240, rpcrt4.dll,535552, crypt32.dll,544256, comctl32.dll,557056, advapi32.dll,558080, user32.dll,560128, oleaut32.dll,569344, mlang.dll,577024, netcfgx.dll,584192, wininet.dll,588288, inetcomm.dll,593408, rasdlg.dll,631808, ntdll.dll,654336, userenv.dll,667136, netplwiz.dll,857600, kernel32.dll,930304, setupapi.dll,932864, msgina.dll,971264, mfc42u.dll,995384, esent.dll,1018368, browseui.dll,1026048, ole32.dll,1183744, shdocvw.dll,1339904, query.dll,1349120, netshell.dll,1622528, gdiplus.dll,1703936, msi.dll,2086400, mshtml.dll,2795520, shell32.dll,8240640
For a total of 46028456 bytes. Note that many libraries are loaded on demand; many of them are never loaded during a normal session. Also, all the win32 interface libraries and runtime libraries that IE may use are included, with their dependencies. For anyone who cares, Dependency Walker will tell you all about it.