|
BlueMoon
super member
Reged: 06/14/07
Posts: 192
Loc: Idaho, USA
|
Re: Vista - Uh-Oh...
08/10/08 12:48 PM
|
|
|
Quote:
I think you have given yourself a false sense of security.
Hi Marcus,
Assuming your comment was directed to me, no, I haven't really. After 20 years of IT work, both as an Administrator, network engineer and programmer, and having suffering through numerous security "flaws and fixes" in a number of operating systems during those years, I have no delusions concerning security.
There is no security. There will always be exploitable code because there will never be a "perfect" OS. The more society integrates digital technologies into its fabric, the greater the consequences and risks IMO. The comment I made earlier; "This was Microsoft's way of "protecting us from ourselves." was intended to reflect this personal belief. DEP and ASLR are certainly worthy security technologies but IMO, integrating them in to the Vista core was (in retrospect certainly) a serious mistake. ASLR is not unique to Windows, having also been weakly supported in Linux and OpenBSD...
My choice of using Firefox and Thunderbird is predicated partially on their lack of dependence on ActiveX controls and .NET technologies, both fairly exploitable.
Quote:
In some instances, Data Execution Prevention can have the unintended consequence of preventing legitimate software from executing. In these cases, the affected software needs to be flagged as being allowed to execute code in those parts of memory, but this itself leads to a possible attack if the application isn't rigorous in validating data that is passed into a region of memory that is marked as being executable.
Hence the need to become "Admin" on Vista systems either to install software or assign "executable" status to the affected executable(s).
Is this good security? Not in my book! Anytime you force a user to assume "Admin" rights, it represents a potential security compromising situation. Pretty dumb IMO for an OS that touts its "enhanced security" model.
Back before wireless, we used to say "the best security is a one inch air gap". All one can realistically do these days is try and minimize the risk exposure and damage when compromised.
Cheers!
--------------------
Jeff
Antares 1529 152mm f/6.5 Achromat Refractor
EQ5/ST-2 mount
1984 Tasco 19ER 20X-60X50 Refractor
Oberwerks 15x70 Binoculars
Herrett Observatory, Twin Falls, Idaho.
Edited by BlueMoon (08/10/08 01:30 PM)
|
|
3 registered and 9 anonymous users are browsing this forum.
Moderator: desertstars
|
Forum Permissions
You cannot start new topics
You cannot reply to topics
HTML is disabled
UBBCode is enabled
|
Rating:
Thread views: 1292
|
|
|
|
|
|
|
Previous
Index
Next
Flat
Edit
Reply
Quote
