Adequacy front page
Stories Diaries Polls Users
Google

Web Adequacy.org
Home About Topics Rejects Abortions
This is an archive site only. It is no longer maintained. You can not post comments. You can not make an account. Your email will not be read. Please read this page if you have questions.
Poll
Microsoft software is:
insecure 5%
horribly insecure 13%
more holey than a sieve 0%
more holey than a Swiss cheese 5%
cheesy 13%
actually, it's just as secure as Linux, if not more so. 63%

Votes: 38

 Microsoft Windows secure and stable

 Author:  Topic:  Posted:
Aug 06, 2002
 Comments:
Maybe in Billy's dreams. However, the reality says something other.
diaries

More diaries by The Mad Scientist
Linux Woes
Cultural Imperialism vs Star Trek
Open the champagne, Elenchos!
Skipping ads is stealing, says CEO of Turner Broadcasting
I am back.
The news just hit Bugtraq. A new class of attacks reveals a serious (and apparently impossible to fix) architecture flaw, allowing a whole new class of vulnerabilities.

Microsoft was aware about it for long time already, according to Jim Allchin's testimony.

I am curious about what The Beast's PR machinery will do now; these news aren't exactly helpful when more and more corporations look for the way out of Bill's tightening grip.

Now, local Microsofties, it's time to bite the bullet and admit the superiority of unixoids.

       
Tweet

correct me if I am wrong (none / 0) (#1)
by Anonymous Reader on Tue Aug 6th, 2002 at 03:58:28 PM PST
I am not an X11 expert, but I am pretty sure that X11 has a similar architecture, and I would expect it to be vulnerable in the same way.

You are not wrong. (none / 0) (#2)
by because it isnt on Tue Aug 6th, 2002 at 04:29:56 PM PST
X11 has had this same problem for years. Does anyone remember the old buffer exploit in the Xaw library that could wean the root privileges from an xterm window?

As detailed by many people now, this "Windows" exploit is in fact a failing of Windows applications. GUI windows should not be running as superusers.

UNIX users will be pleased to hear that the GTK and GNOME libraries refuse to initialise themselves if they realise the application thread using them is running as root, and they pop up a message box to inform the normal user of the fact. This way, the user complains to the author of the graphical application, and they fix it, because without fixing the problem, their application simply isn't going to get its window open.
adequacy.org -- because it isn't

Slight nit (none / 0) (#3)
by Anonymous Reader on Tue Aug 6th, 2002 at 07:13:32 PM PST
>> GTK and GNOME libraries refuse to initialise themselves if they realise the application thread using them is running as root

Actually, they will only fail if the process in question is running SUID root. The actual UID 0 user is free to use gtk+ apps.

 
You are wrong. (none / 0) (#4)
by m on Wed Aug 7th, 2002 at 04:16:56 AM PST
Well, at least according to the actual Shatter paper you are. It mentions why X11 isn't quite the same. I read the paper this morning (it's evening now) but from memory, basically X11 just handles drawing windows and passing "notifications" of events to the program. The program can choose to ignore events (unlike in Win32 where the program doesn't have a choice).

Also in Win32 all controls, like edit boxes, are windows that can have messages sent to them. It's up to the program in X11 to draw controls and then interpret the notifications to see if their controls are affected.

I hope that makes some sense.. anyway, read the actual paper it explains it all.
M.

 
You are not wrong (none / 0) (#5)
by Juan Fernandez on Wed Aug 7th, 2002 at 10:36:38 AM PST
Jesus it is going to be hard to hide my ignorance about the topic, but i *feel* this thread must go on, so let me think... oh, yes! you people sound like a buch of those very same geeks and lunix advocates every honest Christian Patriot hates!

 
The poll... (none / 0) (#6)
by The Mad Scientist on Fri Aug 9th, 2002 at 10:38:44 AM PST
...is rigged.

I smell astroturf.

I think what you mean... (none / 0) (#7)
by Anonymous Reader on Fri Aug 9th, 2002 at 03:03:40 PM PST
is that the poll, which was rigged when it was initially devised, has been corrected.

The poll... (none / 0) (#8)
by The Mad Scientist on Fri Aug 9th, 2002 at 03:42:34 PM PST
...was objective as designed, according to all rules common on this site (maybe except general alignment).

Another thing that struck me was the high initial number of votes for the added choice, which doesn't seem to grow anymore. Common with astroturfs.


Sadly typical. (none / 0) (#9)
by Anonymous Reader on Fri Aug 9th, 2002 at 04:49:50 PM PST
Oh, sure. If a poll doesn't go the way you want it to, it must be "astroturfed." How pathetic.

Look, when they rig the voting on this site, they don't bother with subtlty. They just throw on an extra 100 or 1000 votes, and are done with it.

Your complaint reeks of sour grapes.

 

All trademarks and copyrights on this page are owned by their respective companies. Comments are owned by the Poster. The Rest ® 2001, 2002, 2003 Adequacy.org. The Adequacy.org name, logo, symbol, and taglines "News for Grown-Ups", "Most Controversial Site on the Internet", "Linux Zealot", and "He just loves Open Source Software", and the RGB color value: D7D7D7 are trademarks of Adequacy.org. No part of this site may be republished or reproduced in whatever form without prior written permission by Adequacy.org and, if and when applicable, prior written permission by the contributing author(s), artist(s), or user(s). Any inquiries are directed to legal@adequacy.org.