Rusty
Postmaster
Reged: 08/06/03
Posts: 16399
Loc: Brooker, FL
|
|
I don't use Vista, but this would be disconcerting if I did. I have no idea of its significance - I'll leave that for Vista users to evaluate...
--------------------
N11GPS Fastar
TOA-130S
MK66 Std
Vintage C5
Megrez II 80mm ED Triplet APO
SolarMax 40
NJP Temma II
Sirius EQ-G
ST8XE/CFW-8(LRGBHa)/AO-7/DF-2/STV Dlx/ST237a/350D (Unmodded)/Mallincam Color Hyper Plus/DSI III Color/DSI II Pro
Two not-spoiled Golden Retrievers - Maggie and Casey
Sometimes I think we're alone in the universe, and sometimes I think we're not. In either case the idea is quite staggering. - Arthur C. Clarke
|
bicparker
Pooh-Bah
Reged: 02/07/05
Posts: 1437
Loc: Plano, TX
|
|
That is huge. And for more than just Vista. The concept of address randomization has been considered a fundamental security approach for newer OS designs and was considered an innovative hallmark in Vista's design. It is even more disturbing to think that such a design could be effectively bypassed at the application level (in this case a browser).
On another note, the researchers presenting that at Black Hat are not from the most MS friendly venues (IBM and VMWare). There is some irony in all of that.
In the end, it is just another case in point that there are no substitutes for depth of defense. One cannot depend on any single layer of protection for effective security against malware threats.
--------------------
Bic Parker
17.5" f/5 dob
10" f/10 SCT
5" f/8 refractor
80mm f/6 refractor
66mm f/6 refractor
Plus a few others out of the rotation
|
Tom L
Reged: 01/07/04
Posts: 29817
Loc: Sunny Oregon
|
|
On the surface of it, it doesn't sound good. I'll wait to see what the details are.
Just a reminder to the folks reading this thread: This posting is not an open invitation to attack Microsoft or Vista.
--------------------
Tom 
Tele Vue 102mm f/8.6 on an EzTouch
Vixen 80mm f/5 A80SSWT on a grab-n-go mount
|
BlueMoon
super member
Reged: 06/14/07
Posts: 174
Loc: Idaho, USA
|
|
First let me state I'm not posting my comments as an attack on the Vista OS or Microsoft.
Quote:
The methods employed have enabled the researchers to bypass Vista's Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and other protections by simply loading malware through a standard web browser.
This is *very* bad news for MS and it's ironic in a way. After all the hub-bub surrounding the "de-integration" of Internet Explorer from the OS itself, that IE should be the gateway used to launch malicious attacks... and a fairly simple attack methodology it appears to be too.
The other ironic thing is DEP. Data Execution Prevention is central to the security model of Vista. This was Microsoft's of "protecting us from outselves". DEP is supposed to shutdown processes that *could* be rogue or malicious. Or if a process was trying to access a core OS or "off limits" executable. What DEP became was a PITA for developers who had programs that ran just fine on XP but would trigger a DEP shutdown in Vista.
--------------------
Jeff
Antares 1529 152mm f/6.5 Achromat Refractor
EQ5/ST-2 mount
1984 Tasco 19ER 20X-60X50 Refractor
Oberwerks 15x70 Binoculars
Herrett Observatory, Twin Falls, Idaho.
Edited by BlueMoon (08/09/08 05:20 PM)
|
Lamb0
professor emeritus
Reged: 07/25/07
Posts: 668
Loc: Fairbury, Nebraska
|
|
 I wonder how long it will be before there's an exploit like this for the Linux/Unix based OSs. The crackers are out for everything. The more revuenue from "advertising" and stolen credit card numbers, the larger the incentive to steal, hijack, and otherwise zombify all computers. 
--------------------
John "Have eyepiece - will travel!"
8" f/5 Dob w/2.14" sec in a 12" alum tube 'The Mortar' - w/PCorr 2° TFoV @ 36.5X ~70% illum *NICE*
Typical eyepieces: 32 Burg, 24 Pan, 20T5, 5-8 SW, Others ALL 2": Pcorr, 2X PwrMt, Ast H-b, Lum UHC + OIII
60mm $50 Walmart Special in training - aka "Backpack Observatory"
Minolta Activa 12x50 , Steiner 15X80
|
astrotrf
sage
Reged: 09/30/07
Posts: 287
Loc: Rodeo, NM
|
|
Quote:
The other ironic thing is DEP. Data Execution Prevention is central to the security model of Vista. This was Microsoft's of "protecting us from outselves". DEP is supposed to shutdown processes that *could* be rogue or malicious. Or if a process was trying to access a core OS or "off limits" executable. What DEP became was a PITA for developers who had programs that ran just fine on XP but would trigger a DEP shutdown in Vista.
Data Execution Prevention is a method of preventing the system from executing data as if it were code. It's primary reason for existence is not to punish malformed programs, but rather to prevent a common cracker attack that involves overrunning a user input buffer on the stack. By marking the stack as non-executable, this attack is thwarted.
The upshot of this is that any program that, accidentally or on purpose, stuffed executable code into a section marked as "data" suddenly wouldn't work any more, and deservedly so. It should never have worked in the first place.
DEP is mostly a hardware function; the system marks pages as either executable or not when they are loaded into memory from the program file. The processor then checks the "executable" bit in the page table when it fetches the instruction from memory, and generates an error exception if the "executable" bit is not lit. Additionally, executable pages are typically not writable, protecting the code from modification on the fly.
All of that is well and good, and cannot be bypassed by malicious software unless somehow Vista can be made to fail to light the "executable" bit when it should. I strongly doubt that this is happening, as it's deep down in the lowest level of the operating system, and is an unambiguous "yes" or "no" thing that's not really subject to "design" decisions.
But there's also a *software* component to DEP, and my bet is that this is where things are going wrong. Microsoft says that software DEP is "designed to block malicious code that takes advantage of exception-handling mechanisms in Windows". Now *this* is where design decisions can happen and things can go wrong.
DEP in and of itself is a fine idea, and makes your system safer; it would and should be central to the security of *any* operating system. It is not DEP but the possible bypassing of it that is the problem.
--------------------
Terry (astrotrf)
|
Mattbtn
Post Laureate
Reged: 02/08/06
Posts: 3163
Loc: Chattanooga, TN
|
|
So as someone who doesn't completely understand the "tech-speak", but has very good hardware & software firewalls in place, how does this affect me?
--------------------
"Computers help us solve the many mysteries of the universe. They also help us make the same mistake many times, really fast."
|
BlueMoon
super member
Reged: 06/14/07
Posts: 174
Loc: Idaho, USA
|
|
Quote:
But there's also a *software* component to DEP, and my bet is that this is where things are going wrong. Microsoft says that software DEP is "designed to block malicious code that takes advantage of exception-handling mechanisms in Windows". Now *this* is where design decisions can happen and things can go wrong.
Evidently.
Quote:
The researchers were able to load whatever content they wanted into any location they wished on a user's machine using a variety of objects, such as Java, ActiveX and even .NET objects. This feat was achieved by taking advantage of the way that Internet Explorer (and other browsers) handle active scripting in the Operating System.
And, to make matter worse, DEP is integrated into the core of Vista. I wouldn't be looking for any "service packs" to be issued anytime soon.
Quote:
So as someone who doesn't completely understand the "tech-speak", but has very good hardware & software firewalls in place, how does this affect me?
Frankly, after reading further and considering the implications of this, I don't think there's really a lot one can do at this time so I guess we'll just have to "wait it out" and see how MS handles the problem...
For myself, I use Firefox and Thunderbird instead of Internet Explorer and Outlook, the Avast! anti-virus/malware program (excellent BTW) and I tweaked my software and hardware firewalls. There's no quarantee that any precaution I've taken will *stop* a hacker from compromising my PC, but IE and Outlook have been exploited targets for years and have a "tighter" integration with the OS than Firefox and Thunderbird. While neither Firefox nor Thunderbird are "flawless", I judge Mozilla's offering to be more "secure" in this regard... YMMV...
Edited by BlueMoon (08/10/08 12:36 PM)
|
JAT Observatory
Space Freak
Reged: 02/20/05
Posts: 5649
Loc: Eastern PA
|
|
I think you have given yourself a false sense of security.
--------------------
-Marcus
The problem with free speech is even the stupid have a voice.
http://jatobservatory.org
12" LX200R on a Paramount ME
|
BlueMoon
super member
Reged: 06/14/07
Posts: 174
Loc: Idaho, USA
|
|
Quote:
I think you have given yourself a false sense of security.
Hi Marcus,
Assuming your comment was directed to me, no, I haven't really. After 20 years of IT work, both as an Administrator, network engineer and programmer, and having suffering through numerous security "flaws and fixes" in a number of operating systems during those years, I have no delusions concerning security.
There is no security. There will always be exploitable code because there will never be a "perfect" OS. The more society integrates digital technologies into its fabric, the greater the consequences and risks IMO. The comment I made earlier; "This was Microsoft's way of "protecting us from ourselves." was intended to reflect this personal belief. DEP and ASLR are certainly worthy security technologies but IMO, integrating them in to the Vista core was (in retrospect certainly) a serious mistake. ASLR is not unique to Windows, having also been weakly supported in Linux and OpenBSD...
My choice of using Firefox and Thunderbird is predicated partially on their lack of dependence on ActiveX controls and .NET technologies, both fairly exploitable.
Quote:
In some instances, Data Execution Prevention can have the unintended consequence of preventing legitimate software from executing. In these cases, the affected software needs to be flagged as being allowed to execute code in those parts of memory, but this itself leads to a possible attack if the application isn't rigorous in validating data that is passed into a region of memory that is marked as being executable.
Hence the need to become "Admin" on Vista systems either to install software or assign "executable" status to the affected executable(s).
Is this good security? Not in my book! Anytime you force a user to assume "Admin" rights, it represents a potential security compromising situation. Pretty dumb IMO for an OS that touts its "enhanced security" model.
Back before wireless, we used to say "the best security is a one inch air gap". All one can realistically do these days is try and minimize the risk exposure and damage when compromised.
Cheers!
--------------------
Jeff
Antares 1529 152mm f/6.5 Achromat Refractor
EQ5/ST-2 mount
1984 Tasco 19ER 20X-60X50 Refractor
Oberwerks 15x70 Binoculars
Herrett Observatory, Twin Falls, Idaho.
Edited by BlueMoon (08/10/08 01:30 PM)
|
astrotrf
sage
Reged: 09/30/07
Posts: 287
Loc: Rodeo, NM
|
|
Quote:
DEP and ASLR are certainly worthy security technologies but IMO, integrating them in to the Vista core was (in retrospect certainly) a serious mistake.
Disclaimer: I don't use Windows and know nothing about its internals -- but I used to design, write, and maintain operating systems for a living.
DEP and ASLR *have* to be in the Vista core. Both must occur at the point where the operating system loads user programs into memory for execution, which means selecting free pages of physical memory to load them into and setting up the process address-translation tables (which includes lighting the "executable" bit). You're directly manipulating the hardware here. The various data structures must then be updated to keep track of the process status.
I'm guessing (and it's a SWAG for sure) that some of the Vista exception handlers (for software exceptions rather than lower-level hardware ones) found it necessary or convenient to run with DEP disabled, and the researchers found a way to subvert this. The fact that they mention ASLR as well probably means they also discovered how to extract the true locations of the various modules from the operating system (which, of course, has to know).
That suggests design decisions that are probably very deeply ingrained in Vista that could be extremely difficult to uproot.
If it were simply a matter of the software component of DEP failing to account for something, or getting fooled by certain conditions, I would think that would not present a major stumbling block to fix.
--------------------
Terry (astrotrf)
|
BlueMoon
super member
Reged: 06/14/07
Posts: 174
Loc: Idaho, USA
|
|
Terry, I certainly respect your experience and opinion. I've done a little "kernel hacking" in LINUX myself over the years. However, I'm not disputing the fact that both DEP and ASLR *have* to be integrated into the core code. For the software to interact as closely with hardware as both these need to do, it would not have sufficed to create dynamically loaded modules with all the requisite system call overhead that would ensue...
Quote:
That suggests design decisions that are probably very deeply ingrained in Vista that could be extremely difficult to uproot.
I agree 100%...
Now, what will MS do to satisfy and secure the millions of installs of VISTA (in all it's various "versions") is the question in my mind.
Cheers!
--------------------
Jeff
Antares 1529 152mm f/6.5 Achromat Refractor
EQ5/ST-2 mount
1984 Tasco 19ER 20X-60X50 Refractor
Oberwerks 15x70 Binoculars
Herrett Observatory, Twin Falls, Idaho.
|
Tom L
Reged: 01/07/04
Posts: 29817
Loc: Sunny Oregon
|
|
That is the million dollar question.
--------------------
Tom
Tele Vue 102mm f/8.6 on an EzTouch
Vixen 80mm f/5 A80SSWT on a grab-n-go mount
|
Rusty
Postmaster
Reged: 08/06/03
Posts: 16399
Loc: Brooker, FL
|
|
Quote:
So as someone who doesn't completely understand the "tech-speak", but has very good hardware & software firewalls in place, how does this affect me?
There isn't much, IMHO - but read BlueMoon's posts.
What you can do is set the hardware firewall in your router and ISP modem, grab some software firewall, antivirus, anti-malware apps, and exercise caution in your email and Web surfing activities.
And be aware that this isn't a static defense - one has to stay abreast of the issues.
Sadly, virtually every app that may be associated with the 'net (Java, Flash, QTime, and the browsers themselves) has vulnerabilities, and only constant vigilance can keep you (relatively) safe.
--------------------
N11GPS Fastar
TOA-130S
MK66 Std
Vintage C5
Megrez II 80mm ED Triplet APO
SolarMax 40
NJP Temma II
Sirius EQ-G
ST8XE/CFW-8(LRGBHa)/AO-7/DF-2/STV Dlx/ST237a/350D (Unmodded)/Mallincam Color Hyper Plus/DSI III Color/DSI II Pro
Two not-spoiled Golden Retrievers - Maggie and Casey
Sometimes I think we're alone in the universe, and sometimes I think we're not. In either case the idea is quite staggering. - Arthur C. Clarke
|
sang33ta
professor emeritus
Reged: 07/08/08
Posts: 539
Loc: UK
|
|
Linux has been concidered the safe operating system for years because it's designed to keep users and admin access seperate.
Microsoft have tried to copy this idea but because it's supporting legacy software a lot of stuff wont work unless you run it with full access.
Little known but admin is not the true administator mode on Vista you have to unlock it via command prompt!
Vista is much better than XP at least you can't log into it as guest anymore! 
--------------------
Hioptic 152mm f12.5 Maksutov
Celestron Advanced CG5-GT Mount (Mr Noisy!)
Meade 4000 Super Plossl Set
Casio QV-2900UX
Got fed up of waiting for Meade ETX-150 so put this together for £500/$1000 
Edited by sang33ta (08/11/08 12:41 PM)
|
bicparker
Pooh-Bah
Reged: 02/07/05
Posts: 1437
Loc: Plano, TX
|
|
Quote:
Quote:
So as someone who doesn't completely understand the "tech-speak", but has very good hardware & software firewalls in place, how does this affect me?
There isn't much, IMHO - but read BlueMoon's posts.
What you can do is set the hardware firewall in your router and ISP modem, grab some software firewall, antivirus, anti-malware apps, and exercise caution in your email and Web surfing activities.
And be aware that this isn't a static defense - one has to stay abreast of the issues.
Sadly, virtually every app that may be associated with the 'net (Java, Flash, QTime, and the browsers themselves) has vulnerabilities, and only constant vigilance can keep you (relatively) safe.
This is the depth in defense that I was talking about earlier. Depending upon a single point of defense such as a firewall, your antivirus software, your personal computer firewall, email sniffer, NAT, encryption, DMZ's, etc. is simply no good these days. If you want your computer/network protected, you need to use things like these in combination (intelligently, of course, just throwing hardware and software at the problem can also make matters worse if it follows a bad design).
Having these things in place still isn't enough if they aren't kept up-to-date. And that may include adding new technologies as time goes on. One of the newer approaches, for instance, is different types of application level firewalls (as opposed to the traditional SPI firewall). Again, this isn't a substitute for an SPI firewall, but rather an augmentation. Interestingly enough, looking at the original paper that brought this discussion about, an application firewall could be part of the defense against the problems that the researchers found (emphasis on "part of the defense).
It is sad that that the state of affairs is as such that measures like the above are necessary. But, in the end, I think it can be good in the long run.. as Frost's character in the "Mending Wall" said, "Good fences make good neighbors"
--------------------
Bic Parker
17.5" f/5 dob
10" f/10 SCT
5" f/8 refractor
80mm f/6 refractor
66mm f/6 refractor
Plus a few others out of the rotation
|
BlueMoon
super member
Reged: 06/14/07
Posts: 174
Loc: Idaho, USA
|
|
Speaking of keeping things up-to-date, one may wish to install a neat little utiity from Secunia: http://secunia.com/
called the Secunia Personal Software Inspector: https://psi.secunia.com/
From the website:
Quote:
The Secunia PSI is the FREE security tool that is designed with the sole purpose of helping you secure your computer from software vulnerabilities. Software vulnerabilities affect all applications installed on your computer, from the Operating System down to your email client, office application, instant messaging, and so on.
I use it on a regular basis and have found it to be a very handy application. Basically, it scans your installed software, compares it to an up-to-date software database and then notifies you of any issues. You can then take the appropriate action to rectify the issue(s). PSI can run in the background or manually "on demand" to check your system.
I've used Secunia for years to keep abreast of software and OS flaws and fixes and I've no qualms about installing and running PSI on my home PC. BTW, ZDNet rated Secunia PSI in the #1 spot of "Ten free security utilities you should already be using." http://content.zdnet.com/2346-12691_22-95490-1.html
Not a bad endorsement...
Cheers!
--------------------
Jeff
Antares 1529 152mm f/6.5 Achromat Refractor
EQ5/ST-2 mount
1984 Tasco 19ER 20X-60X50 Refractor
Oberwerks 15x70 Binoculars
Herrett Observatory, Twin Falls, Idaho.
|
Rusty
Postmaster
Reged: 08/06/03
Posts: 16399
Loc: Brooker, FL
|
|
There's more news on this; while the jist is to minimize the impact, I remain skeptical - but then, I also stay on WinXP...so Vista users, note, and I have nothing else useful to report, as I'm unfamiliar with the threat.
--------------------
N11GPS Fastar
TOA-130S
MK66 Std
Vintage C5
Megrez II 80mm ED Triplet APO
SolarMax 40
NJP Temma II
Sirius EQ-G
ST8XE/CFW-8(LRGBHa)/AO-7/DF-2/STV Dlx/ST237a/350D (Unmodded)/Mallincam Color Hyper Plus/DSI III Color/DSI II Pro
Two not-spoiled Golden Retrievers - Maggie and Casey
Sometimes I think we're alone in the universe, and sometimes I think we're not. In either case the idea is quite staggering. - Arthur C. Clarke
|
Mike Casey
Postmaster
Reged: 11/11/04
Posts: 5922
Loc: Pasadena CA
|
|
Thanks for the tip on Secunia, Jeff. Have downloaded it and will do a run later. Hopefully no issues will crop up that will cause more grey hairs than I've already got.
--------------------
Mike (tVA)
All those who believe in psychokinesis, raise my hand.
|
Scott K
scholastic sledgehammer
Reged: 09/13/07
Posts: 915
Loc: Dallas, TX & Eufaula, OK
|
|
Not to comment on the technical merits of the matter at hand, but I'd be remiss if I didn't point out that the Inquirer is not generally considered to be one of the most reliable sources of technical information on the internet. I've followed them over the years. They get it wrong fairly often - at least in the sense that they seem to overstate matters, and their fact checking would seem to be, well, limited.
|
basel10
scholastic sledgehammer
Reged: 07/15/05
Posts: 805
Loc: TN
|
|
Quote:
Not to comment on the technical merits of the matter at hand, but I'd be remiss if I didn't point out that the Inquirer is not generally considered to be one of the most reliable sources of technical information on the internet. I've followed them over the years. They get it wrong fairly often - at least in the sense that they seem to overstate matters, and their fact checking would seem to be, well, limited.
The inquirer is very very very Linux loving and Microsoft hating. If you want the real facts http://blogs.zdnet.com/Bott/?p=512 and http://blogs.zdnet.com/Bott/?p=513 Vista is by far the most secure OS on the market. The issues will be fixed long long before there are any threats in the wild. I would be much more scared if I was on a Mac http://community.winsupersite.com/blogs/paul/archive/2008/08/06/respected-consumer-advocacy-group-recommends-against-using-safari.aspx
--------------------
www.knoxvilleobservers.org
|
daev
Post Laureate
Reged: 03/10/04
Posts: 3482
Loc: On the edge of the desert
|
|
Microsoft is the big target, and likely will be for the foreseeable future. Regardless of how relatively secure they may or may not be, relentless assault makes for a rather persistent pain for them and their customers. When a sniper targets red cars, drive a blue one.
Interesting quote from the last link above:
Quote:
"This is the one area where the Mac doesn't have an advantage in security," Fox continued. "Significantly fewer Mac users were using antiphishing technologies, but they were pretty much identical to Windows users about giving personal information.
"Windows users are used to being paranoid about not clicking," he said.
Seems to me that MS' security isn't universally accepted as superior. They all have holes, I just don't want to have my head sticking out of the hole with the crosshairs on it.
dave
--------------------
"Yes, I know it's flat here. When the seeing is good you can stand on your toes and see Chicago...."
Edited by daev (08/12/08 11:42 PM)
|
Rusty
Postmaster
Reged: 08/06/03
Posts: 16399
Loc: Brooker, FL
|
|
Quote:
Not to comment on the technical merits of the matter at hand, but I'd be remiss if I didn't point out that the Inquirer is not generally considered to be one of the most reliable sources of technical information on the internet. I've followed them over the years. They get it wrong fairly often - at least in the sense that they seem to overstate matters, and their fact checking would seem to be, well, limited.
That's why I mentioned that its significance needed scrutiny. Nevertheless, The Inquirer, while it doesn't always double-check, it seems to me, neither does Microsoft...res ipsa loquitor applies. Better safe than sorry.
--------------------
N11GPS Fastar
TOA-130S
MK66 Std
Vintage C5
Megrez II 80mm ED Triplet APO
SolarMax 40
NJP Temma II
Sirius EQ-G
ST8XE/CFW-8(LRGBHa)/AO-7/DF-2/STV Dlx/ST237a/350D (Unmodded)/Mallincam Color Hyper Plus/DSI III Color/DSI II Pro
Two not-spoiled Golden Retrievers - Maggie and Casey
Sometimes I think we're alone in the universe, and sometimes I think we're not. In either case the idea is quite staggering. - Arthur C. Clarke
|
Paul Romero
professor emeritus
Reged: 04/05/05
Posts: 556
Loc: Reno, NV
|
|
Hi you guys,
I dont know if this has anything to do with the topic of this thread, but today, I got notice of 11 new security updates for my Vista OS....a new record!
Paul
--------------------
Nexstar 11 GPS
8'x10' backyard 'skyshed'
and presenting...."Sweet Pudding", my AM 110mm FLT on 'Max', a MI-250 mount.
travel: BORG 45EDII on an Astrotrac.
"Pablito Clavo un Clavito en la Calva de un Calvito"--by Jose A.
|
Rusty
Postmaster
Reged: 08/06/03
Posts: 16399
Loc: Brooker, FL
|
|
I'm hurt. Win XP only gave me 7...
--------------------
N11GPS Fastar
TOA-130S
MK66 Std
Vintage C5
Megrez II 80mm ED Triplet APO
SolarMax 40
NJP Temma II
Sirius EQ-G
ST8XE/CFW-8(LRGBHa)/AO-7/DF-2/STV Dlx/ST237a/350D (Unmodded)/Mallincam Color Hyper Plus/DSI III Color/DSI II Pro
Two not-spoiled Golden Retrievers - Maggie and Casey
Sometimes I think we're alone in the universe, and sometimes I think we're not. In either case the idea is quite staggering. - Arthur C. Clarke
|
Scott K
scholastic sledgehammer
Reged: 09/13/07
Posts: 915
Loc: Dallas, TX & Eufaula, OK
|
|
Quote:
That's why I mentioned that its significance needed scrutiny. Nevertheless, The Inquirer, while it doesn't always double-check, it seems to me, neither does Microsoft...res ipsa loquitor applies. Better safe than sorry.
Yes you did say that Rusty - no disrespect intended on my part.
I dunno, believe it or not, MS tries pretty hard to get stuff right, at least in my experience. They fail to get things right more often than I'd like, but I believe they try. (Note: I also don't always agree with their decisions, either.)
The Inq. doesn't seem to differentiate between facts and opinion, it seems to me. Now in all fairness, that is a slippery distinction at times. But they don't really even seem to try. I'm not trying to say they don't report facts - they certainly do. You just have to watch out for their conclusions, and kind of ignore those. It's an odd way to do journalism. Heck, maybe it's more honest in some ways - it's fairly obvious who they like and who they dislike. No subtle bias at the inq!
Interesting issue though - it's a shame that MS didn't release Vista as a 64 bit only OS, it appears that would reduce their vulnerability to these issues. Oh well, MS tried some things, and they didn't all work out. From a lot of people's perspective, that seems to be the story of their life with Vista. What are you gonna do?
By the way, my take on the Inquirer article is they were taking a bit of a dig at Vista, making it seem less secure than other operating systems, which certainly seems unfair, and also kind of pointless because most of us appear to have made up our minds one way or the other about this OS quite some time ago.
|
BlueMoon
super member
Reged: 06/14/07
Posts: 174
Loc: Idaho, USA
|
|
Quote:
Vista is by far the most secure OS on the market.
THAT'S highly debatable... and the debate, were it pursed with any vigor, would probably get this thread locked...
Quote:
The Inq. doesn't seem to differentiate between facts and opinion, it seems to me.
FWIW, Inquirer not withstanding, the flaw was announced and commented on in a number of other security sites so the information wasn't "single sourced" anyway...
--------------------
Jeff
Antares 1529 152mm f/6.5 Achromat Refractor
EQ5/ST-2 mount
1984 Tasco 19ER 20X-60X50 Refractor
Oberwerks 15x70 Binoculars
Herrett Observatory, Twin Falls, Idaho.
Edited by BlueMoon (08/13/08 05:55 PM)
|
bicparker
Pooh-Bah
Reged: 02/07/05
Posts: 1437
Loc: Plano, TX
|
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
[Re: