Re: Delphi Bugs
From: TeamB (chris_at_uzdavinis.com)
Date: 08/03/04
- Next message: William Meyer: "Re: Delphi Bugs"
- Previous message: Ed Weatherup: "Re: Delphi Bugs"
- In reply to:(deleted message) Captain Jake: "Re: Delphi Bugs"
- Next in thread: Nick Hodges [TeamB]: "Re: Delphi Bugs"
- Reply: Nick Hodges [TeamB]: "Re: Delphi Bugs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 03 Aug 2004 12:30:33 -0400
"Captain Jake" <johnjac76[nospam]@comcast.net> writes:
>> 1) the large number of user-level services running in kernel-space
>
> I've covered this in another post. It is not the number of things
> you are running, it is WHAT you are running.
Like, say, web servers?
> As for "kernel space", are you referring to memory space? Windows
> 200 and XP happen to be very strict about what part of memory a
> program can access, so you'll have to be more specific here.
I'm talking about code running in the inner-ring.
>> 2) tight integration between different applications and the kernel
>
> This argument blows my mind, considering that I once had to
> recompile the Linux kernel just to install a driver.
You configure the kernel to have whatever features you want in it.
You can caompile them all in, or compile them as modules, or compile
just those that you want (for a lean&mean kernel.) Obviously, if you
built the kernel without support for some function, you'll need to
rebuild it with that functionality if you change your mind and decide
you need it afterall. For example, SMP support is configurable at
compile time.
You can have multiple images if necessary.
>> 3) MS's strong tendendency to blur the distinction between program
>> instruction code and "data", allowing what should be data to be become
>> executable without the user's involvement
>
> How is this point different than #1 and #2?
Question back to you: Why would you think this is indistinguishable
from #1 and #2 above? It's entirely different.
But if you need an explaination, consider when I send you email and
your Outlook program consideres it to be executable instead of just
"data". Sometimes the malicious coder can get Outlook to run code
without the user even clicking on it. By simply receiving the
message, it can treat the content as executable data and run it.
>> 4) the average uesr runs their day-to-day applications with
>> administrative/root permissions. (I know this CAN be dealt with, but
>> in the vast majority of installations, it's not.)
>
> And people CAN run as root in Linux. We are not talking about what
> happens when people are idiots are we? Because if we are, then Linux
> loses this race right away--given how destructive you can be when
> you log-in as root.
Are you saying the vast majority of windows users are idiots? You're
clearly off your rocker if you think that it's normal for people to
have different login accounts for windows. You have to go out of your
way to do that.
>> 5) being "insecure by default" requring users to turn off services
>> they don't want. Many people don't know what IIS is--let alone
>> realize they're running it. Admittedly, this is the easiest problem
>> for MS to fix, and I think it has been identified as one major
>> requirement to deliver on their promise of improved security.
>
> Every time my wife and I go to ShieldsUp! it probes our ports and
> reports that we have no exposed ports. And it is not the case that
> we deliberately closed all services on our PC's either.
Good for you. Still, there are millions of computers that are not the
case. It looks like you consider your computer as representitive of
all windows installations.
>> Linux, however, suffers none of these problems.
>
> Yet it gets hacked. If it doesn't suffer these problems then it must
> suffer from others not in this list.
Bugs happen, and misconfigurations happen too. But if you compare the
number of compromised computers, I think linux doesn't even show up on
the register compared to windows machines.
-- Chris (TeamB);
- Next message: William Meyer: "Re: Delphi Bugs"
- Previous message: Ed Weatherup: "Re: Delphi Bugs"
- In reply to:(deleted message) Captain Jake: "Re: Delphi Bugs"
- Next in thread: Nick Hodges [TeamB]: "Re: Delphi Bugs"
- Reply: Nick Hodges [TeamB]: "Re: Delphi Bugs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
