Re: Microsoft finally acknowledges the security drumbeats

From: Alun Jones (alun@texis.com)
Date: 01/28/02 

From: alun@texis.com (Alun Jones)
Date: Mon, 28 Jan 2002 19:35:01 GMT

In article <3C559012.5010503@promofinarsa.es>, Jesus Manuel NAVARRO LOPEZ
<jesus_navarro@promofinarsa.es> wrote:
>I'm not a programming expert, so I can't point out how many in/out
>routines have proper bound cheking in place, and even then it can be
>regarded not to be an *architectural problem*. Anyway, marketroid
>assertions *are* apropiated here, since Microsft is mostly a marketroid
>company backgrounded by some engineeries.

No, marketroid assertions are _not_ appropriate here. The question was
prompted by an assertion that the technical design of the operating system's
core was at fault, and needs redesign, rather than fixing. Only a technical
answer is appropriate. A marketing answer would be "of course it doesn't need
any work, it's perfect, it occupies number one in the hit parade."

>Take out javascript, vbscript, autoupdaters, assitants, big bloatant
>apps that share secure (or unsecure) environments, macro-enabled
>programs, shutdown unneeded services, uninstall unneeded programs and
>all that stuff and you probably will have a much enhanced environment
>regarding security

This is my point - the flaws in the apps are no cause to be calling for a
complete redesign of the OS. Every app-based flaw so far could be replicated
on most other operating systems; hence, the flaw is in the app, and its
authors, rather than in the OS it's running on.

>Well... yes and no. Technically is not part of the house, but if you're
>conviced to buy the house because of the car, taking apart the car will
>change a lot your point of view regarding the house.

Why? Who would suggest that the car and house are maintained, let alone
built, or designed, by the same people? It takes a different skill set to
design/build/maintain each of them.

And, of course, if you could find a way to legally separate the car from the
house (say, for instance, a judge decided it was an unreasonable contract),
you'd have a house whose design was completely unrelated to that of the car.

To assert that the state of Windows apps says anything about the state of the
kernel is to assert that the team responsible for designing and implementing
the kernel then went on to start writing the apps. As you say, you're not a
developer; I doubt that I've met a kernel developer who would be pleased at
the thought of being shuffled into the apps design team.

Alun.
~~~~

[Note that answers to questions in newsgroups are not generally
invitations to contact me personally for help in the future.] 

-- 
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun@texis.com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for NT.

Relevant Pages

  • Re: Microsoft finally acknowledges the security drumbeats
    ... >apps that share secure environments, ... >conviced to buy the house because of the car, ... you'd have a house whose design was completely unrelated to that of the car. ...
    (comp.security.misc)
  • Re: Blind spots
    ... Then you would have reversed into the house. ... So there's no space between the wheels of your car? ... Interesting design. ...
    (uk.rec.driving)
  • Re: Blind spots
    ... Then you would have reversed into the house. ... Interesting design. ... If a child is between the wheels, then no ammount of blindspot checking ... Car PC Build starts again. ...
    (uk.rec.driving)
  • Re: Newsgroup question
    ... Is there a newsgroup which would allow me to post a plant picture ... Please design and build me a house. ... the overall plans for the house: ...
    (uk.rec.gardening)
  • Re: mfc pitfalls
    ... In most MFC apps, you are writing code in that kind ... virtual methods usually work better than callbacks for most ... no syntax in the design for function pointers. ... programming in OO environment requires new ...
    (microsoft.public.vc.mfc)