Singling out "BITS" is stupid. The exact same thing can be done with virtually any service or application that is allowed to pass through the local outgoing software firewall. As long as the software has some kind of programmatic interface, it can easily be used to bypass these firewalls.
I wrote a proof of concept application that bypassed all of the major outgoing software firewalls (BlackIce, Zonealarm, McAfee, Symantec) by utilizing the COM interfaces for Internet Explorer and funneling all my requests through it. This is almost impossible to detect. Even better, I wrote this app in freakin' VB!
The real problem is that local outgoing software firewalls simply don't work in an environment where all the users are admin. Once the machine is compromised, it's compromised. No number of software defenses are going to help. This includes, by the way, Symantec's expensive and incredibly crappy products. These products are there to make users feel secure, not actually make them secure.
Remember WordMasters from grade school? You know, the analogy test they used to give every once in a while. Here is an analogy for you:
Symantec is to computer security as the Bush Administration is to homeland security.
They do their best to scare the crap out of people in an attempt to get them to buy their software... or vote for their party. Don't trust either of them and you'll be better off.
Only 1 of the 6 bugs that affected Vista was rated "critical". (Critical is typically reserved for bugs that could allow somebody to remotely take over the machine.)
In the case of the one bug that was rated critical, the rating was dependent on several mitigating factors, including that the user running as full admin with UAC turned off. (Obviously not the default configuration.)
Only in that scenario could the machine be compromised, and even then the successful execution of exploit code was unlikely thanks to ASLR and various other security measures. It was far more likely to simply cause a browser crash.
Considering Vista has been out since November of last year, its security record so far as been extremely impressive.
People modded you as funny because they're so blinded by their hatred for Microsoft that they simply ignore data that suggests that a Microsoft product is more secure than their favorite open source product.
If you remove the data you used to back up your statement, you can see how they would find it funny.
Well, I gave a link to the search results for Apache, as opposed to a specific Apache version, to allow people to compare the versions they choose. How convenient that in your comparison you chose to concentrate only on Apache 2.2, which has, by far, the fewest vulnerabilities of the Apache family.
To compare them somewhat accurately, one should compare IIS 6 with the version of Apache that has been out a similar amount of time, and, ideally, has a similar market share.
I guess this would mean you would compare IIS 6.0 to Apache 2.0. In that case, IIS 6.0 has 3, and Apache 2.0 has 33. Furthermore, none of the IIS 6.0 issues were "critical", while at least 2 of the Apache ones were.
Even this isn't really a fair comparison, since I would be that a *huge* percentage of Apache sites run Apache 1.3.x, not 2.x or 2.2.x. Apache 2.2 has been out for only about 1.5 years. (Versus 4.5 years for IIS 6.)
For the IIS users base, almost everybody is running IIS 6. (And for obvious reasons... IIS 5 and earlier sucked hardcore.)
The point is that the idea that IIS 6 is insecure is clearly false.
An, indeed, they likely are the most hacked web servers in the world. IIS 6, on the other hand, appears to be extremely secure. Whether this is a factor of market share or code quality, we don't know.
The fact of the matter is that you do not have enough information to conclude that IE is more poorly coded that any other browser out there. You are coming to this conclusion based on assumptions, not based on facts.
In my previous post I linked to a 3rd party benchmark of Vista that show little if any performance difference between Vista and XP.
I'm sure there are other benchmarks that show different results. But the fact of the matter is that Vista and XP are "close enough" to make the differences meaningless.
Add that to the fact that Vista has features such as ReadyBoost, which can dramatically increase the responsiveness of the machine, and the perf issue is absolute FUD.
Vista is completely usable, and in fact quite enjoyable, even on 4 or 5 year old hardware. That's a fact.
As far as a "Vista dev" saying these things, link to it.
In fact, the idea that Vista is significantly slower than XP is FUD.
First, I run Vista on three machine, my laptop, my desktop, and my work machine. My laptop is an IBM T42P. Not exactly the fastest machine on earth. (1.8 Ghz, 1GB of ram, 128MB ATI FireGL 2) It runs Vista faster than it ran XP... or, rather, it "feels" faster thanks to things like Readyboost. My "Windows Experience Index" is 3.8.
My desktop is over 2 years old (3.8 Ghz, 2GB of ram, ATI Radeon X850XT), and it runs Vista blazingly fast. The index on this machine is 5.2.
My work machine is a crappy Dell Precision 360 that's about 3.5 years old. It has 2GB of ram, 64MB graphics card, and 3GHz CPU. Vista runs great, and has an index of 4.2.
So there are three machine, all of which are between 2 and 4 years old, and all of which run Vista just fine. Only the work machine doesn't do Aero due to a non-DX9 graphics card.
But that's just my personal experience. So why not look at some real benchmarks done by 3rd parties. They show that Vista is comparable (slightly slower in some cases, slightly faster in others) to XP on the same hardware. In most cases, the benchmarks Vista does worst in are gaming benchmarks. Although we're only talking about 1-2% in most cases, these can be explain by immature drivers. Give it a few months and those drivers will likely be up to par with XP's.
Again, there is a LOT of FUD out there. I can see why it would be hard to sort through.
I'm drawing my conclusions about Vista based on personal experience. I've been running it since the day it was released on MSDN in November '06.
I read these "reviews" online, which are so completely off base and inaccurate, I'm not surprised so many people think Vista is a steaming pile.
But the fact of the matter is that virtually all of the complaints about Vista are easily debunked. Whether it's the DRM FUD, the performance FUD, the "Vista is just a pretty face on XP" FUD, the "UAC is popping up CONSTANTLY" FUD, or any of the other baloney I've read.
Is Vista perfect? Hell no. But the minor issues it has are dwarfed by how much better it is than XP in virtually every way.
Even if you don't count the deferred sales, Vista did extremely well and *still* beat expectations.
Here is a quote from Paul Thurrott's analysis:
Allow me to predict one of the weak complaints Vista bashers will make about Microsoft's financial results: They'll charge that Microsoft's earnings last quarter were artificially inflated because the company previously deferred revenue from the free and low-cost Vista upgrades offered during the 2006 holiday season. So is it true? According to Microsoft, the company deferred $1.67 billion in revenue from the last calendar quarter of 2006 until the first calendar quarter of 2007, or about $1.14 billion in profits. But even without that one-time gain, Microsoft's revenue would have been up 17 percent. More to the point, the slice of the pie that Windows is responsible for would have still jumped a whopping 30 percent. Microsoft CFO Christopher P. Liddell said that regardless of trends, sales of Vista were $300 million to $400 million higher than the company's internal projections. Sales of Office 2007 were about $200 million higher than expected. You claim that PC sales are down, and indeed they were down, until Vista hit the market. Vista caused a complete reversal in the PC sales trend. This is even more surprising since Microsoft missed the holiday window for the Vista release.
So despite the best efforts of many people in the media, and certainly Slashdot, The Register, and similar anti-MS sites, Vista has done extremely well. My bet is that it would have done even better if all this FUD wasn't being spread.
Maybe, just maybe, you're all wrong about Vista. Maybe, just maybe, Vista is a really damn good OS. Stop regurgitating the FUD and try the OS for yourself.
When you go on batter power the power settings switch to "power saver", by default.
The "power saver" profile turns off Aero, although keeps desktop compositioning enabled. (I think.)
The article wasn't clear on whether or not it was the Aero theme (with all the pretty transparencies) or the desktop compositioning, that was causing the power drain.
.NET wasn't up to snuff? Find me a single article that says anything even remotely like this.
The Vista reset was caused by a flawed attempt to include too many features at once combined with unsustainable development practices / management. It had absolutely nothing to do with.NET. Not to mention the fact that Vista is based off of the Windows 2003 Server codebase, not XP's.
Furthermore, there was never a plan to rewrite Windows from the ground up.
MS SQL still used row locking for updates until 2005, which meant it was horrible under load and impossible to scale to high levels of concurrency. Huh? Your statement makes little to no sense. On both v2000 and v2005, the type of lock that SQL Server uses depends on a wide variety of factors, not to mention the fact that you can heavily customize the locking that is used via lock hints in your SQL statements.
PostgreSQL added transaction log shipping for backup / hot spare situations with its 8.0 release. MS added that feature 8 months later. Really? v8 of PostgresQL was release in Jan. of 2005. SQL Server has had transactional log shipping since version 7.0, which came out a really, really long time ago. (1998, I think)
Since then, Microsoft has dramatically improved their clustering / failover capabilities. They added some advanced mirroring features, snapshot replication, and a wide variety of other features. They're still not as good as Oracle, but they're getting damn close.
I've used all 3 databases quite extensively and could ramble on for a while about the mess of built-in stored procedures in SQL server, lack of UTF-8 support, defaulting to case-insensitive queries, the lack of extensible authentication methods, and so on. Lack of UTF-8 support in what sense? Case sensitivity is an easy option to change. It even asks you what you want to use when you install SQL Server. As far as the "lack of extensible authentication methods", I've never encountered a scenario where I needed something other than "SQL Server Authentication" or "Windows Authentication". Pretty much covers all bases in a Windows environment.
The other downside of SQL 2005 is that it embeds a bunch of unneeded junk, such as the.NET CLR (which itself is a huge memory hog), and wastes RAM that could be used for caching data. That's a bunch of crap. First, SQL Server's CLR host is disabled by default. Second, the CLR itself uses perhaps 5 or 6 MB of ram when loaded. It uses more only when you're taking advantage of it via.NET sprocs or what have you. So that's a silly argument.
The fact of the matter is that SQL Server has shown it can play with the big boys (DB2 and Oracle) just fine. In fact, it often dominates.
Howard said the attackers were able to wrap vulnerable code in an exception handler to find ways around those mitigations. This is incorrect.
Howard said that the vulnerable code happened to be wrapped in a very general try/catch block.
This try/catch block, which was in the vulnerable code already, and not injected by the attackers, potentially allowed the attackers to repeatedly try different memory locations looking for system call addresses that were randomized by ASLR.
Without this try/catch, the process would have crashed after the first failed attempt.
In other words, liberal try/catch policies can potentially expose security vulnerabilities by giving bad guys more than one chance to do their bad deeds.
Also, there were no reported instances of Vista being compromised. It is doubtful that the engineers of the various exploits targeted Vista, and therefor didn't take advantage of the try/catch issue to overcome ASLR since XP doesn't have ASLR. In addition, Protected Mode IE would have thwarted the attack even if they had.
Jet Blue/ESE is nowhere near the design of say, Oracle or PostgreSQL, or even MSSQL for that matter. Even MSSQL? SQL Server is on par with Oracle in most ways (and surpasses it in many), and it is far more advanced than PostgreSQL in every possible way.
Just a small nitpick. SQL Server is a great DB server, and it shouldn't be discounted simply because it's from Microsoft.
I'm not familiar enough with WDDM/DX10 to give a well informed explaination on the reason why DX10 requires the various WDDM/kernel improvements. I suppose it could all be a sham, but the only reason people are coming to that conclusion is because this is Microsoft. A lot of MS developer blogs talk in length about this topic because of the backlash Microsoft has received. They're a better place to find that out.
On a somewhat unrelated topic, why don't you want to upgrade to Vista? So far, the *vast* majority of people who I know that have taken the plunge love it almost without exception. I certainly hate going back to XP every day at work.
Wow. So because nVidia supported new features in OpenGL (none of which required dramatic new kernel features such as virtualized graphics memory or interruptibility of the GPU) by simply released driver updates, that means that Microsoft should automatically be able to do the same for DX10?
You made it sound like it was an arbitrary business decision, not one based on technical reasons. The general attitude toward DX10 only working on Vista is that people think that a bunch of guys in suits sitting in a board room unilaterally decided to only have DX10 in Vista so they could sell more copies of Vista.
In fact, it was a decision based on the technical facts at hand.
In the end, does it come down to money? Sure. Of course it does. But that wasn't what you were implying. Or, at least, that's not what you seemed to be implying in the content of this forum.
From what I've read, all the dependencies go one way, from DX10 to the kernel. This make sense.
The problem is that there are features that DX10 needs that are only available in the Vista kernel. This is no different than how you can't have secure ACLs in Windows 98 because there is no security subsystem with that feature in the 9x kernel.
Software builds on other software. It only becomes an issue when you have dependencies to/on the wrong things so that changes in unrelated parts of the system break stuff. Certainly Windows isn't the best in this respect, but I don't think this is an example of that.
There nothing inherently bad about saying its a business decision but don't make it out to be anything other than a business decision. That's baloney.
First, it's hard to separate "business decisions" from "technical decisions". It is technically possible to do almost anything, but the man hours, the resources, and the long term maintenance and support logistics of that "technical" choice has far reaching business implications.
Could Microsoft make DX10 work with XP? Of course. They would just have to back port tens of thousands of man hours worth of work into XP. For free. The kernel changes in Vista required LOTS of subsystem changes to preserve application compatibility. The new driver framework requires, well, new drivers. When you're shipping a new OS, requiring new drivers sucks, but it's doable. But how does that work for an OS with an install base in the hundreds of millions? Do you suddenly just break everybody's computer? Do you somehow disable DX10 until they upgrade their drivers? Does this mean you have to support two very different driver models simultaneously? (Wouldn't be the first time, I guess.)
The point is, this has a snowball effect. Soon you're adding more and more of Vista's unique features to XP, and, eventually, it's hard to tell the difference. In fact, Microsoft would likely have to make some real arbitrary restrictions on "XP SP3" to give Vista any real value at all.
So they said that DX10 is Vista only. That's both a technical and a business decision.
I know you, and most everybody else here, would love to believe that DX10's inability to run on XP was some plot by Microsoft to get people to buy Vista, but you're wrong.
You proclaim that there is "no reason why DirectX 10 can't work on windows XP", but offer absolutely no evidence to back up your claim.
Not surprising, I guess, considering the audience.
I know everybody wants to believe that Microsoft arbitrarily decided that DX10 would be Vista only so they could "force" people into buying the OS, but, as usual, it's a tiny bit more complex than that.
DX10 relies heavily on graphics card memory virtualization. The new Windows Display Driver Model, WDDM, introduces this feature. In order to accomplish this, it required a lot of low level kernel changes. So many, in fact, that back-porting it to XP would basically make XP's kernel into Vista's kernel.
There comes a point where you just have to say that a particular feature is only available in Vista. DX10 fits that bill.
Slashdot Mirror
Singling out "BITS" is stupid. The exact same thing can be done with virtually any service or application that is allowed to pass through the local outgoing software firewall. As long as the software has some kind of programmatic interface, it can easily be used to bypass these firewalls.
I wrote a proof of concept application that bypassed all of the major outgoing software firewalls (BlackIce, Zonealarm, McAfee, Symantec) by utilizing the COM interfaces for Internet Explorer and funneling all my requests through it. This is almost impossible to detect. Even better, I wrote this app in freakin' VB!
The real problem is that local outgoing software firewalls simply don't work in an environment where all the users are admin. Once the machine is compromised, it's compromised. No number of software defenses are going to help. This includes, by the way, Symantec's expensive and incredibly crappy products. These products are there to make users feel secure, not actually make them secure.
Remember WordMasters from grade school? You know, the analogy test they used to give every once in a while. Here is an analogy for you:
Symantec is to computer security as the Bush Administration is to homeland security.
They do their best to scare the crap out of people in an attempt to get them to buy their software... or vote for their party. Don't trust either of them and you'll be better off.
Only 1 of the 6 bugs that affected Vista was rated "critical". (Critical is typically reserved for bugs that could allow somebody to remotely take over the machine.)
In the case of the one bug that was rated critical, the rating was dependent on several mitigating factors, including that the user running as full admin with UAC turned off. (Obviously not the default configuration.)
Only in that scenario could the machine be compromised, and even then the successful execution of exploit code was unlikely thanks to ASLR and various other security measures. It was far more likely to simply cause a browser crash.
Considering Vista has been out since November of last year, its security record so far as been extremely impressive.
What do you mean I'm comparing IIS 6 to ALL versions of Apache? I'm doing no such thing.
My original post had a link to the search results for Apache. From there you could choose which version to compare it to.
My previous post specifically said that the most fair comparison was probably with Apache version 2.0, which had 33 vulnerabilities versus IIS 6's 3.
So take YOUR FUD somewhere else, buddy.
Really? That's incredible. Any evidence of that? Or are you just completely making shit up?
I'll be placing my bet on the later.
People modded you as funny because they're so blinded by their hatred for Microsoft that they simply ignore data that suggests that a Microsoft product is more secure than their favorite open source product.
If you remove the data you used to back up your statement, you can see how they would find it funny.
Well, I gave a link to the search results for Apache, as opposed to a specific Apache version, to allow people to compare the versions they choose. How convenient that in your comparison you chose to concentrate only on Apache 2.2, which has, by far, the fewest vulnerabilities of the Apache family.
To compare them somewhat accurately, one should compare IIS 6 with the version of Apache that has been out a similar amount of time, and, ideally, has a similar market share.
I guess this would mean you would compare IIS 6.0 to Apache 2.0. In that case, IIS 6.0 has 3, and Apache 2.0 has 33. Furthermore, none of the IIS 6.0 issues were "critical", while at least 2 of the Apache ones were.
Even this isn't really a fair comparison, since I would be that a *huge* percentage of Apache sites run Apache 1.3.x, not 2.x or 2.2.x. Apache 2.2 has been out for only about 1.5 years. (Versus 4.5 years for IIS 6.)
For the IIS users base, almost everybody is running IIS 6. (And for obvious reasons... IIS 5 and earlier sucked hardcore.)
The point is that the idea that IIS 6 is insecure is clearly false.
An, indeed, they likely are the most hacked web servers in the world. IIS 6, on the other hand, appears to be extremely secure. Whether this is a factor of market share or code quality, we don't know.
Apache: http://secunia.com/search/?search=Apache
IIS 6: http://secunia.com/product/1438/
The fact of the matter is that you do not have enough information to conclude that IE is more poorly coded that any other browser out there. You are coming to this conclusion based on assumptions, not based on facts.
In my previous post I linked to a 3rd party benchmark of Vista that show little if any performance difference between Vista and XP.
I'm sure there are other benchmarks that show different results. But the fact of the matter is that Vista and XP are "close enough" to make the differences meaningless.
Add that to the fact that Vista has features such as ReadyBoost, which can dramatically increase the responsiveness of the machine, and the perf issue is absolute FUD.
Vista is completely usable, and in fact quite enjoyable, even on 4 or 5 year old hardware. That's a fact.
As far as a "Vista dev" saying these things, link to it.
In fact, the idea that Vista is significantly slower than XP is FUD.
First, I run Vista on three machine, my laptop, my desktop, and my work machine. My laptop is an IBM T42P. Not exactly the fastest machine on earth. (1.8 Ghz, 1GB of ram, 128MB ATI FireGL 2) It runs Vista faster than it ran XP... or, rather, it "feels" faster thanks to things like Readyboost. My "Windows Experience Index" is 3.8.
My desktop is over 2 years old (3.8 Ghz, 2GB of ram, ATI Radeon X850XT), and it runs Vista blazingly fast. The index on this machine is 5.2.
My work machine is a crappy Dell Precision 360 that's about 3.5 years old. It has 2GB of ram, 64MB graphics card, and 3GHz CPU. Vista runs great, and has an index of 4.2.
So there are three machine, all of which are between 2 and 4 years old, and all of which run Vista just fine. Only the work machine doesn't do Aero due to a non-DX9 graphics card.
But that's just my personal experience. So why not look at some real benchmarks done by 3rd parties. They show that Vista is comparable (slightly slower in some cases, slightly faster in others) to XP on the same hardware. In most cases, the benchmarks Vista does worst in are gaming benchmarks. Although we're only talking about 1-2% in most cases, these can be explain by immature drivers. Give it a few months and those drivers will likely be up to par with XP's.
Again, there is a LOT of FUD out there. I can see why it would be hard to sort through.
I'm drawing my conclusions about Vista based on personal experience. I've been running it since the day it was released on MSDN in November '06.
I read these "reviews" online, which are so completely off base and inaccurate, I'm not surprised so many people think Vista is a steaming pile.
But the fact of the matter is that virtually all of the complaints about Vista are easily debunked. Whether it's the DRM FUD, the performance FUD, the "Vista is just a pretty face on XP" FUD, the "UAC is popping up CONSTANTLY" FUD, or any of the other baloney I've read.
Is Vista perfect? Hell no. But the minor issues it has are dwarfed by how much better it is than XP in virtually every way.
Here is a quote from Paul Thurrott's analysis: Allow me to predict one of the weak complaints Vista bashers will make about Microsoft's financial results: They'll charge that Microsoft's earnings last quarter were artificially inflated because the company previously deferred revenue from the free and low-cost Vista upgrades offered during the 2006 holiday season. So is it true? According to Microsoft, the company deferred $1.67 billion in revenue from the last calendar quarter of 2006 until the first calendar quarter of 2007, or about $1.14 billion in profits. But even without that one-time gain, Microsoft's revenue would have been up 17 percent. More to the point, the slice of the pie that Windows is responsible for would have still jumped a whopping 30 percent. Microsoft CFO Christopher P. Liddell said that regardless of trends, sales of Vista were $300 million to $400 million higher than the company's internal projections. Sales of Office 2007 were about $200 million higher than expected. You claim that PC sales are down, and indeed they were down, until Vista hit the market. Vista caused a complete reversal in the PC sales trend. This is even more surprising since Microsoft missed the holiday window for the Vista release.
So despite the best efforts of many people in the media, and certainly Slashdot, The Register, and similar anti-MS sites, Vista has done extremely well. My bet is that it would have done even better if all this FUD wasn't being spread.
Maybe, just maybe, you're all wrong about Vista. Maybe, just maybe, Vista is a really damn good OS. Stop regurgitating the FUD and try the OS for yourself.
When you go on batter power the power settings switch to "power saver", by default.
The "power saver" profile turns off Aero, although keeps desktop compositioning enabled. (I think.)
The article wasn't clear on whether or not it was the Aero theme (with all the pretty transparencies) or the desktop compositioning, that was causing the power drain.
.NET wasn't up to snuff? Find me a single article that says anything even remotely like this.
.NET. Not to mention the fact that Vista is based off of the Windows 2003 Server codebase, not XP's.
The Vista reset was caused by a flawed attempt to include too many features at once combined with unsustainable development practices / management. It had absolutely nothing to do with
Furthermore, there was never a plan to rewrite Windows from the ground up.
Informative, indeed.
Since then, Microsoft has dramatically improved their clustering / failover capabilities. They added some advanced mirroring features, snapshot replication, and a wide variety of other features. They're still not as good as Oracle, but they're getting damn close. I've used all 3 databases quite extensively and could ramble on for a while about the mess of built-in stored procedures in SQL server, lack of UTF-8 support, defaulting to case-insensitive queries, the lack of extensible authentication methods, and so on. Lack of UTF-8 support in what sense?
Case sensitivity is an easy option to change. It even asks you what you want to use when you install SQL Server.
As far as the "lack of extensible authentication methods", I've never encountered a scenario where I needed something other than "SQL Server Authentication" or "Windows Authentication". Pretty much covers all bases in a Windows environment. The other downside of SQL 2005 is that it embeds a bunch of unneeded junk, such as the
The fact of the matter is that SQL Server has shown it can play with the big boys (DB2 and Oracle) just fine. In fact, it often dominates.
When did Microsoft ever claim to have rewritten Windows from scratch?
I guess it's easy to be mad at Microsoft for lying when you put those lies in their mouth yourself.
Howard said that the vulnerable code happened to be wrapped in a very general try/catch block.
This try/catch block, which was in the vulnerable code already, and not injected by the attackers, potentially allowed the attackers to repeatedly try different memory locations looking for system call addresses that were randomized by ASLR.
Without this try/catch, the process would have crashed after the first failed attempt.
In other words, liberal try/catch policies can potentially expose security vulnerabilities by giving bad guys more than one chance to do their bad deeds.
Also, there were no reported instances of Vista being compromised. It is doubtful that the engineers of the various exploits targeted Vista, and therefor didn't take advantage of the try/catch issue to overcome ASLR since XP doesn't have ASLR. In addition, Protected Mode IE would have thwarted the attack even if they had.
Just a small nitpick. SQL Server is a great DB server, and it shouldn't be discounted simply because it's from Microsoft.
I'm not familiar enough with WDDM/DX10 to give a well informed explaination on the reason why DX10 requires the various WDDM/kernel improvements. I suppose it could all be a sham, but the only reason people are coming to that conclusion is because this is Microsoft. A lot of MS developer blogs talk in length about this topic because of the backlash Microsoft has received. They're a better place to find that out.
On a somewhat unrelated topic, why don't you want to upgrade to Vista? So far, the *vast* majority of people who I know that have taken the plunge love it almost without exception. I certainly hate going back to XP every day at work.
Wow. So because nVidia supported new features in OpenGL (none of which required dramatic new kernel features such as virtualized graphics memory or interruptibility of the GPU) by simply released driver updates, that means that Microsoft should automatically be able to do the same for DX10?
Ya. Great proof. What's next? The shape of a banana proves that Jesus is real?
Great logic man. Keep em coming.
You made it sound like it was an arbitrary business decision, not one based on technical reasons. The general attitude toward DX10 only working on Vista is that people think that a bunch of guys in suits sitting in a board room unilaterally decided to only have DX10 in Vista so they could sell more copies of Vista.
In fact, it was a decision based on the technical facts at hand.
In the end, does it come down to money? Sure. Of course it does. But that wasn't what you were implying. Or, at least, that's not what you seemed to be implying in the content of this forum.
What do you mean "separate projects"?
From what I've read, all the dependencies go one way, from DX10 to the kernel. This make sense.
The problem is that there are features that DX10 needs that are only available in the Vista kernel. This is no different than how you can't have secure ACLs in Windows 98 because there is no security subsystem with that feature in the 9x kernel.
Software builds on other software. It only becomes an issue when you have dependencies to/on the wrong things so that changes in unrelated parts of the system break stuff. Certainly Windows isn't the best in this respect, but I don't think this is an example of that.
First, it's hard to separate "business decisions" from "technical decisions". It is technically possible to do almost anything, but the man hours, the resources, and the long term maintenance and support logistics of that "technical" choice has far reaching business implications.
Could Microsoft make DX10 work with XP? Of course. They would just have to back port tens of thousands of man hours worth of work into XP. For free. The kernel changes in Vista required LOTS of subsystem changes to preserve application compatibility. The new driver framework requires, well, new drivers. When you're shipping a new OS, requiring new drivers sucks, but it's doable. But how does that work for an OS with an install base in the hundreds of millions? Do you suddenly just break everybody's computer? Do you somehow disable DX10 until they upgrade their drivers? Does this mean you have to support two very different driver models simultaneously? (Wouldn't be the first time, I guess.)
The point is, this has a snowball effect. Soon you're adding more and more of Vista's unique features to XP, and, eventually, it's hard to tell the difference. In fact, Microsoft would likely have to make some real arbitrary restrictions on "XP SP3" to give Vista any real value at all.
So they said that DX10 is Vista only. That's both a technical and a business decision.
I know you, and most everybody else here, would love to believe that DX10's inability to run on XP was some plot by Microsoft to get people to buy Vista, but you're wrong.
You proclaim that there is "no reason why DirectX 10 can't work on windows XP", but offer absolutely no evidence to back up your claim.
Not surprising, I guess, considering the audience.
I know everybody wants to believe that Microsoft arbitrarily decided that DX10 would be Vista only so they could "force" people into buying the OS, but, as usual, it's a tiny bit more complex than that.
DX10 relies heavily on graphics card memory virtualization. The new Windows Display Driver Model, WDDM, introduces this feature. In order to accomplish this, it required a lot of low level kernel changes. So many, in fact, that back-porting it to XP would basically make XP's kernel into Vista's kernel.
There comes a point where you just have to say that a particular feature is only available in Vista. DX10 fits that bill.
ASP.NET Ajax, with the default settings, is protected against these attacks.