RE: Source Code
- From: Anteaus <Anteaus@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 30 Aug 2008 01:41:00 -0700
The fundamental issue with the NT vulnerabilities is not strictly the fault
of Microsoft coders, but is with the preceding code on which NT was based,
which contained numerous unchecked buffers. It's a failing of the C language
with its lack of any checks on variable bounds, and which therefore requires
the coder to perform the near-impossible task of setting traps for every way
in which the program could be presented with oversize data. The majority of
NT exploits operate on the crude principle of over-filling a data buffer to
the point where the data over-writes an adjacent piece of machine-code in
memory. The next time this code runs, your Trojan gets launched. The failing
here is in the programming-language itself not providing any protection
against this kind of exploit.
It is also perfectly true that Windows 9x is a far more secure OS. In fact,
its main weakness is in having Internet Explorer built-in. Without that
attack-vector it is surprisingly hard to exploit.
"Dan" wrote:
Here is an article about how the NT source code was leaked and apparently.
even DOS source code was leaked back in the day but no one cared because it
was so old. I now ask Microsoft how long will it be before Microsoft has new
operating systems with new source code. Wikipedia mentions Windows 7 will
use the Windows NT source code much to my dismay. How about the successor to
Windows 7 will people finally get an operating system with new source code
that will be a relief from the tired out code that has caused so many
security problems.
http://news.bbc.co.uk/1/hi/technology/3485545.stm
http://en.wikipedia.org/wiki/Windows_7
- Follow-Ups:
- RE: Source Code
- From: Dan
- RE: Source Code
- References:
- Source Code
- From: Dan
- Source Code
- Prev by Date: RE: VPN Client Security
- Next by Date: Re: VPN Client Security
- Previous by thread: Re: Source Code
- Next by thread: RE: Source Code
- Index(es):
Relevant Pages
|
