Windows 2003 comes with IE in "security enhanced" mode, which basically means that virtually everything (javascript, activex, etc.) is turned off for all but the built in trusted sites, of which there is only one by default: windowsupdate. So, with the default config, Windows 2003 is *not* affected.
In other words, the admin would have to go out of his or her way to make sure that Win2k3 Server was affected by this, not to mention the fact that they would have to browse the web on a freaking server, which usually doesn't make much sense to begin with.
It's not as low as you might think. All it takes is somebody to insert exploit code into a banner advertisement on a major online ad network and sites that you trust all of a sudden become malicious.
This has always been the plan. Since Microsoft first announced they would distribute IE7 via Windows Update they have consistently maintained it would be optional and would always ask the user for permission.
Like many other Microsoft-related stories, the Slashdot crowd tends to prefer making up their own facts and ignoring reality if that reality happens to show Microsoft in a less than satanic light.
Just to be clear, Microsoft is NOT automatically installing IE 7 on people's machines.
The "critical" Windows update is simply an installer shim which first prompts the user and asks if they want to install IE 7. They can say yes, no, or not now (remind me later.)
In principle I agree that an open source voting system would help lend some kind of transparency to elections, but only in principle.
In practice, it would do basically nothing. The problem isn't really that we don't know what the code in these things is doing, it's that we have absolutely no checks and balances in place over the machines at all.
There is more or less nothing stopping people from putting something completely different on these machines to begin with. They publish the source code, and it checks out fine, but what's running on the machines is nothing even close to what they published.
The process involved in making sure these machines haven't been tampered with would work nearly as well with closed source as with open source. There would need to be tests that would fool these machines into thinking it was the real deal and then make sure that each vote is counted correctly. If they're not, the machine fails.
But this process doesn't exist, so whether or not the source code is open makes little difference.
Since IE7 (on Vista only) runs as a user with no privs, it doesn't matter if somebody figures out how to bypass the request to the broker. The operation will fail due to the fact that IE is running as what amounts to sub-guest privs.
I think you need to look more carefully at what's going on here. It's not that MS is offering an AV product (fine), it's that it will use kernel hooks that are simply not available to other competitors. I think Symantec et al are clever enough to rewrite for Vista, assuming they're not literally locked out. That's what MS is apparantly doing, and that's a problem.
Actually, that's not what's happening at all. Microsoft OneCare NOT using any kernel hooks. It is using the EXACT same APIs available to all of Microsoft's competitors. Anybody who tells you any different is just spreading FUD.
Several other anti-virus companies have come out in support of Microsoft, and have actually released beta versions of their suites that work just fine on Vista.
The fact of the matter is that Symantec and McAfee don't want to invest the time and money into re-writing their existing applications that rely on all these kernel hooks, which, by the way, were NEVER supported to begin with. They see a great opportunity to do some good old fashion MS-bashing and FUD spreading in an attempt to get Microsoft to give up on one of the most important security improvements in Windows... um... ever.
What about IE made it easier to exploit than other browsers? One could suggest that it was more poorly written than browsers like Firefox, but there is really no evidence of that. The number of exploits does not necessarily indicate the quality of the code. There is almost no way to isolate code quality by looking at exploits because of all of the other factors that must be considered.
I would certainly agree that even now, with IE7 (on XP, not Vista), it is still more dangerous to use IE than it is to use Firefox. But how dangerous it is to use IE is not just another way of stating something about the quality of the code.
I do enjoy the fact that you continue to try and change the topic of the argument. First it was that Protected Mode is nothing new, then it was that only IE would require something like that because it's so crappy, now it's that IE is easier to exploit than other browsers. What's next?
Not really. The idea that IE had "hooks" into the OS was iffy at best to begin with.
The "hooks" started with Windows 98 and consisted of Windows detecting when you typed a URL into the address bar in explorer and automatically loading IE in that process. That, and the fact that IE's controls and HTML parsing libraries shipped with Windows and were eventually used by lots of Microsoft and 3rd party applications, making them difficult to remove without breaking lots of stuff.
IE still always ran in user mode. It never did any funky kernel tricks. It never had any more access to the machine than any other browser.
Furthermore, its security problems had very little to do with these "hooks" aside from the fact that since it was used by 95% of the browsing public it became a great attack vector for Windows.
IE7 is no longer loaded into Windows Explorer when a user types a URL into the address bar. In fact, in XP, when a user does this the default browser is spawned by default. In other words, IE 7 has no more of a "hook" than Firefox does.
The fact is that Linux would benefit just as much from a service-broker type security model for high risk applications. The fact that Linux people seem unwilling to admit that this is a good idea seems to ensure that Linux will never benefit from it. Too bad for you.
This security layer is COMPLETELY TRANSPARENT to the user. Sorry for the caps, but it seems like I have to repeat myself over and over despite the fact that all the documentation states exactly that.
Give me a break. There is no such thing as a perfectly secure OS or browser. They are too complicated to be 100% bug free.
Since it is impossible to know what bugs may arise in the future, any platform would benefit from this functionality. It just so happens that Microsoft was the first to do it.
Again, if you would spend as much time reading/learning as you do rushing to judgment, you would realize that the experience to the end user is ABSOLUTELY THE SAME as it is with IE 6. The user has no idea that IE is running in Protected Mode.
Does it really hurt to learn about something before you bash it?
It may be the first browser in Windows land but Browsers have been running in protected mode on Linux for years.
No, they haven't. There is a big difference between running a browser with fewer privileges and IE7 on Vista's "Protected Mode".
This has been explained here in the forums on Slashdot countless times, not to mention the fact that 10 minutes of research would make the differences clear.
Protected Mode IE uses what they call a "service broker" while simultaneously running IE as a user with virtually no rights. Protected Mode IE doesn't even have the right to save a file to the user's desktop. The service broker handles all actions that would normally require those higher privileges. If IE needs to save a file to the user's desktop it "asks" the service broker to ask the user if that's OK. If the user says it's OK it then accepts a stream of data from IE and performs the file save operation itself. Since the service broker runs with the privileges of the currently logged in user, it is able to complete the requested operation.
The principle here is that while IE is hundreds of thousands of lines of code, the service broker is perhaps 5000. This means that it is MUCH easier to audit the service broker for security issues than it is to do the same for the entire IE code base.
But please, find me an example of any other browser on any platform that does this.
With Active Directory it is possible to delegate control of subsets of an organization. Imagine a tree with various branches and sub-branches. You can delegate various administrative permissions to branches without allowing access to higher level nodes. I'm sure is something similar with Unix-style systems.
At any rate, since Exchange is fully integrated with Active Directory, organizations often give administrators control over only certain subsets of e-mail accounts. For instance, if Company has 5 offices there would be one or two primary admins, and perhaps one or two admins per office. Each office only has control over their respective accounts, while the primary admin has control over it all.
This is a fairly simply way of making it easier to manage a large organization's admin accounts.
GPUs are, for the most part, highly specialized parallel computers. Virtually all modern CPUs are serial computers. They do essentially one thing at a time. Because of this, most modern programming languages are taylored to this serial processing.
Making a general purpose parallel computer is very, very hard. It just so happens that you can use things like shaders for more than just graphics processing, and so via OpenGL and DirectX you can make GPUs do some nifty things.
In theory, and indeed often in practice, parallel computers are much, much faster than their serial counterparts. Hence the reason a GPU that costs $200 can render incredible 3D scenes that a $1000 CPU wouldn't have a prayer trying to render.
The amount of RAM used by Vista varies by the following:
1.) Available Physical RAM - the more RAM you have installed, the more it will use by default because it enables certain in-memory caching features and other performance related boosting features. I have a machine with 512MB of RAM and RC2 installed. On startup, with nothing else open, it uses about 320MB of RAM.
2.) Current Memory Pressure - Windows will relinquish memory that it is uses if it detects that applications need it. Sometimes this is through the managed framework (.NET) and its garbage collector, and sometimes its through other mechanisms.
The point is that looking at task manager for the amount of ram being used by a fresh boot is not an accurate way to guage Windows Vista's memory usage patterns.
The crash reports are for both the OS and applications running on it. Anytime an incompatible 3rd party app crashes, crash data is gathered and you are given the option to send it to MS. In addition, it is very likely that a person will try to run that same incompatible application over and over in hopes it will work.
At any rate, my personal experience with Vista is that it's as solid as XP once you run RC1 or later. Apps do crash (usually older ones), but the OS itself is very stable.
And before you make a snide remark about XP's stability, know that it will only expose the fact you haven't used Windows in 6 or 7 years.
Consider a current scenario: The IT guy who handled that server upgrade without doing proper testing in a staging environment is fired. Or, rather, he isn't hired to begin with due to his obvious incompetence.
The "scenario" you describe is completely arbitrary and activation could just as easily be replaced with "software upgrade" or anything else that might affect system availability.
Computers and computer software isn't perfect. When lives depend on that technology certain precautions are taken by all but the most irresponsible and incompetent.
First of all, Windows Activate *has* reduced the piracy it was intended to reduce. It was never meant to keep everybody from pirating Windows. It was meant to keep the casual "oh, sure, here is my Windows CD" type of pirate. And it works perfectly. See this KB article.
MPA helps reduce casual copying by making sure that the copy of the product that is being installed is valid and that it has been installed on the computer in accordance with the product's EULA. Installations that are not compliant with the EULA are not activated.
Second of all, one thing we've definitly heard over and over is how various anti-piracy measures will surely frustrate consumers to the point of switching to free alternatives. Except that it hasn't happened. And, very likely, it won't happen.
Windows Activation was never a big deal for all but a very, very vocal minority of users. Microsoft's policy has always been to give the user the benefit of the doubt when they call in to complain that their copy of Windows won't activate. In almost every scenario they just give you a key. In fact, the average length of a call to activate (or deal with an activation problem) your copy of Windows is between 2 and 3 minutes. OH THE HORROR!
Furthermore, dispite the predictions of rampant failure of the activation mechanisms due to hardware changes in user's machines, activation rarely rears its head after the initial prompt.
I suspect things will be just as smooth with Vista. Microsoft has no desire to piss off users. That's the last thing they want to do. But it's a constant battle with pirates, and as long as there is a net gain in the number of people using legal copies (or, rather, a net gain in $$$ as a result), they'll keep doing it.
Slashdot Mirror
Windows 2003 comes with IE in "security enhanced" mode, which basically means that virtually everything (javascript, activex, etc.) is turned off for all but the built in trusted sites, of which there is only one by default: windowsupdate. So, with the default config, Windows 2003 is *not* affected.
In other words, the admin would have to go out of his or her way to make sure that Win2k3 Server was affected by this, not to mention the fact that they would have to browse the web on a freaking server, which usually doesn't make much sense to begin with.
I think you may have missed the point of my post.
Firefox is just as susceptible to exploits *like* this one. Bugs happen. Simple as that.
IE 7's protected mode makes bugs like these more or less meaningless, and it's the only browser that takes this fairly novel approach.
IE 7 on Vista is, without a doubt, the most secure way to browse the web.
It's not as low as you might think. All it takes is somebody to insert exploit code into a banner advertisement on a major online ad network and sites that you trust all of a sudden become malicious.
This flaw does not affect Vista users thanks to IE 7's Protected Mode feature.
This has always been the plan. Since Microsoft first announced they would distribute IE7 via Windows Update they have consistently maintained it would be optional and would always ask the user for permission.
Like many other Microsoft-related stories, the Slashdot crowd tends to prefer making up their own facts and ignoring reality if that reality happens to show Microsoft in a less than satanic light.
Just to be clear, Microsoft is NOT automatically installing IE 7 on people's machines.
The "critical" Windows update is simply an installer shim which first prompts the user and asks if they want to install IE 7. They can say yes, no, or not now (remind me later.)
Sigh... I'm not going to bother to rehash an explanation I've given on slashdot about a dozen times now.
6 12262
If you're honestly interested in knowing how Microsoft's solution is different than *any* other existing solution, I'd be happy to reply.
You can also just examine this thread: http://slashdot.org/comments.pl?sid=203084&cid=16
In principle I agree that an open source voting system would help lend some kind of transparency to elections, but only in principle.
In practice, it would do basically nothing. The problem isn't really that we don't know what the code in these things is doing, it's that we have absolutely no checks and balances in place over the machines at all.
There is more or less nothing stopping people from putting something completely different on these machines to begin with. They publish the source code, and it checks out fine, but what's running on the machines is nothing even close to what they published.
The process involved in making sure these machines haven't been tampered with would work nearly as well with closed source as with open source. There would need to be tests that would fool these machines into thinking it was the real deal and then make sure that each vote is counted correctly. If they're not, the machine fails.
But this process doesn't exist, so whether or not the source code is open makes little difference.
Since IE7 (on Vista only) runs as a user with no privs, it doesn't matter if somebody figures out how to bypass the request to the broker. The operation will fail due to the fact that IE is running as what amounts to sub-guest privs.
Actually, that's not what's happening at all. Microsoft OneCare NOT using any kernel hooks. It is using the EXACT same APIs available to all of Microsoft's competitors. Anybody who tells you any different is just spreading FUD.
Several other anti-virus companies have come out in support of Microsoft, and have actually released beta versions of their suites that work just fine on Vista.
The fact of the matter is that Symantec and McAfee don't want to invest the time and money into re-writing their existing applications that rely on all these kernel hooks, which, by the way, were NEVER supported to begin with. They see a great opportunity to do some good old fashion MS-bashing and FUD spreading in an attempt to get Microsoft to give up on one of the most important security improvements in Windows... um... ever.
What about IE made it easier to exploit than other browsers? One could suggest that it was more poorly written than browsers like Firefox, but there is really no evidence of that. The number of exploits does not necessarily indicate the quality of the code. There is almost no way to isolate code quality by looking at exploits because of all of the other factors that must be considered.
I would certainly agree that even now, with IE7 (on XP, not Vista), it is still more dangerous to use IE than it is to use Firefox. But how dangerous it is to use IE is not just another way of stating something about the quality of the code.
I do enjoy the fact that you continue to try and change the topic of the argument. First it was that Protected Mode is nothing new, then it was that only IE would require something like that because it's so crappy, now it's that IE is easier to exploit than other browsers. What's next?
Not really. The idea that IE had "hooks" into the OS was iffy at best to begin with.
The "hooks" started with Windows 98 and consisted of Windows detecting when you typed a URL into the address bar in explorer and automatically loading IE in that process. That, and the fact that IE's controls and HTML parsing libraries shipped with Windows and were eventually used by lots of Microsoft and 3rd party applications, making them difficult to remove without breaking lots of stuff.
IE still always ran in user mode. It never did any funky kernel tricks. It never had any more access to the machine than any other browser.
Furthermore, its security problems had very little to do with these "hooks" aside from the fact that since it was used by 95% of the browsing public it became a great attack vector for Windows.
IE7 is no longer loaded into Windows Explorer when a user types a URL into the address bar. In fact, in XP, when a user does this the default browser is spawned by default. In other words, IE 7 has no more of a "hook" than Firefox does.
The fact is that Linux would benefit just as much from a service-broker type security model for high risk applications. The fact that Linux people seem unwilling to admit that this is a good idea seems to ensure that Linux will never benefit from it. Too bad for you.
This security layer is COMPLETELY TRANSPARENT to the user. Sorry for the caps, but it seems like I have to repeat myself over and over despite the fact that all the documentation states exactly that.
Give me a break. There is no such thing as a perfectly secure OS or browser. They are too complicated to be 100% bug free.
Since it is impossible to know what bugs may arise in the future, any platform would benefit from this functionality. It just so happens that Microsoft was the first to do it.
Again, if you would spend as much time reading/learning as you do rushing to judgment, you would realize that the experience to the end user is ABSOLUTELY THE SAME as it is with IE 6. The user has no idea that IE is running in Protected Mode.
Does it really hurt to learn about something before you bash it?
No, they haven't. There is a big difference between running a browser with fewer privileges and IE7 on Vista's "Protected Mode".
This has been explained here in the forums on Slashdot countless times, not to mention the fact that 10 minutes of research would make the differences clear.
Protected Mode IE uses what they call a "service broker" while simultaneously running IE as a user with virtually no rights. Protected Mode IE doesn't even have the right to save a file to the user's desktop. The service broker handles all actions that would normally require those higher privileges. If IE needs to save a file to the user's desktop it "asks" the service broker to ask the user if that's OK. If the user says it's OK it then accepts a stream of data from IE and performs the file save operation itself. Since the service broker runs with the privileges of the currently logged in user, it is able to complete the requested operation.
The principle here is that while IE is hundreds of thousands of lines of code, the service broker is perhaps 5000. This means that it is MUCH easier to audit the service broker for security issues than it is to do the same for the entire IE code base.
But please, find me an example of any other browser on any platform that does this.
With Active Directory it is possible to delegate control of subsets of an organization. Imagine a tree with various branches and sub-branches. You can delegate various administrative permissions to branches without allowing access to higher level nodes. I'm sure is something similar with Unix-style systems.
At any rate, since Exchange is fully integrated with Active Directory, organizations often give administrators control over only certain subsets of e-mail accounts. For instance, if Company has 5 offices there would be one or two primary admins, and perhaps one or two admins per office. Each office only has control over their respective accounts, while the primary admin has control over it all.
This is a fairly simply way of making it easier to manage a large organization's admin accounts.
GPUs are, for the most part, highly specialized parallel computers. Virtually all modern CPUs are serial computers. They do essentially one thing at a time. Because of this, most modern programming languages are taylored to this serial processing.
Making a general purpose parallel computer is very, very hard. It just so happens that you can use things like shaders for more than just graphics processing, and so via OpenGL and DirectX you can make GPUs do some nifty things.
In theory, and indeed often in practice, parallel computers are much, much faster than their serial counterparts. Hence the reason a GPU that costs $200 can render incredible 3D scenes that a $1000 CPU wouldn't have a prayer trying to render.
The amount of RAM used by Vista varies by the following:
1.) Available Physical RAM - the more RAM you have installed, the more it will use by default because it enables certain in-memory caching features and other performance related boosting features. I have a machine with 512MB of RAM and RC2 installed. On startup, with nothing else open, it uses about 320MB of RAM.
2.) Current Memory Pressure - Windows will relinquish memory that it is uses if it detects that applications need it. Sometimes this is through the managed framework (.NET) and its garbage collector, and sometimes its through other mechanisms.
The point is that looking at task manager for the amount of ram being used by a fresh boot is not an accurate way to guage Windows Vista's memory usage patterns.
The crash reports are for both the OS and applications running on it. Anytime an incompatible 3rd party app crashes, crash data is gathered and you are given the option to send it to MS. In addition, it is very likely that a person will try to run that same incompatible application over and over in hopes it will work.
At any rate, my personal experience with Vista is that it's as solid as XP once you run RC1 or later. Apps do crash (usually older ones), but the OS itself is very stable.
And before you make a snide remark about XP's stability, know that it will only expose the fact you haven't used Windows in 6 or 7 years.
...and as far as I'm concerned, if you kill Data you have to go.
Consider a current scenario: The IT guy who handled that server upgrade without doing proper testing in a staging environment is fired. Or, rather, he isn't hired to begin with due to his obvious incompetence.
The "scenario" you describe is completely arbitrary and activation could just as easily be replaced with "software upgrade" or anything else that might affect system availability.
Computers and computer software isn't perfect. When lives depend on that technology certain precautions are taken by all but the most irresponsible and incompetent.
Second of all, one thing we've definitly heard over and over is how various anti-piracy measures will surely frustrate consumers to the point of switching to free alternatives. Except that it hasn't happened. And, very likely, it won't happen.
Windows Activation was never a big deal for all but a very, very vocal minority of users. Microsoft's policy has always been to give the user the benefit of the doubt when they call in to complain that their copy of Windows won't activate. In almost every scenario they just give you a key. In fact, the average length of a call to activate (or deal with an activation problem) your copy of Windows is between 2 and 3 minutes. OH THE HORROR!
Furthermore, dispite the predictions of rampant failure of the activation mechanisms due to hardware changes in user's machines, activation rarely rears its head after the initial prompt.
I suspect things will be just as smooth with Vista. Microsoft has no desire to piss off users. That's the last thing they want to do. But it's a constant battle with pirates, and as long as there is a net gain in the number of people using legal copies (or, rather, a net gain in $$$ as a result), they'll keep doing it.
There is a big difference between how vulnerable a program is and how dangerous it is to use.
The more ubiquitous an application, the more it will be examined as a possible attack vector, and the more it will be exploited as an attack vector.
IE is still far more dangerous to use than Firefox thanks to the fact it is still used by far more people.
...I suspect one side to be a lot more rotten than the other.