| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 26555 | 2002-10-30 02:37:00 | Microsoft OS code name "LongHorn" | shockwave (1089) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 94520 | 2002-10-31 19:28:00 | How can they design a service pack without releasing it for hackers to find all the holes first? SiK |
SoniKalien (792) | ||
| 94521 | 2002-11-01 01:44:00 | Well, they could start by fixing the "unchecked buffer" fault which has been a security "flaw" in every bit of network code MS have produced. Are they incapable of learning? It's a well known problem. See the online PC World article "Flaw leaves Windows open to attack". | Graham L (2) | ||
| 94522 | 2002-11-01 03:42:00 | I reakon they need to focus a lot more on security before releasing the product, rather than going "Whooops, We should have seen that, but wanted to give you the product ASAP, So we didnt really have time to test it!". I for one dont hear this kind of thing about Linux or BSD software, admittedly its still there, but still, not as much!!! | Chilling_Silence (9) | ||
| 94523 | 2002-11-01 03:55:00 | That particular "flaw" is not something that needs to be tested for. It is something which will happen if there is no code to ensure that inputs don't overflow the buffers. It isn't a surprise when it occurs. The way to prevent it has been known for a very long time. It occurs because the programming is done by incompetents. Which means that the management is incompetent. Would you buy an operating system from incompetents? |
Graham L (2) | ||
| 94524 | 2002-11-01 03:57:00 | I dunno, but AFAIK, the majority here, including myself, have/do! | Chilling_Silence (9) | ||
| 94525 | 2002-11-01 04:23:00 | > That particular "flaw" is not something that needs to > be tested for . It is something which will happen if > there is no code to ensure that inputs don't > overflow the buffers . It isn't a surprise when it > occurs . The way to prevent it has been known for a > very long time . Give MS a break . Are you suggesting that Linux doesn't suffer from this problem? If so what about the following list: DSA 184-1 New krb4 packages fix buffer overflow DSA 183-1 New krb5 packages fix buffer overflow ESA-20021029-028 syslog-ng: buffer overflow in macro handling code (UPDATED) DSA 182-1 New kghostview packages fix buffer overflow CSSA-2002-036 . 0 Linux: remote buffer overflow in reverse lookup code NetBSD Security Advisory 2002-026]: Buffer overflow in kadmind daemon DSA 179-1 New gnome-gv packages fix buffer overflow ESA-20021016-025 syslog-ng buffer overflow in macro handling code DSA 176-1 New gv packages fix buffer overflow DSA 175-1 New syslog-ng packages fix buffer overflow CSSA-2002-SCO . 39 OpenServer 5 . 0 . 5 OpenServer 5 . 0 . 6 : Buffer Overflow in Multiple DNS Resolver Libraries RHSA-2002:175-16 Updated nss_ldap packages fix buffer overflow These are just a few from Redhat, Caldera, Debian NetBSD there are 53 buffer overflows that I can find for linux/BSD distributions in just the last 3 months alone . |
BIFF (1) | ||
| 94526 | 2002-11-01 06:20:00 | Well you gotta compare apples to apples. Sorry, that should probably not be apples... Anyway, Windoze is a complete integral package of components designed to work specifically with each other and not with anything else (eg future OS's) and I have always said that Windoze is a shoddy product. Why the helck should we pay top $ for a patch to fix something that we didn't break in the first place? AFAIC M$ should be sending out CD's with each service pack released. Unfortunately (for Bill) this will send them broke rather rapidly. Especially when a service pack creates more bugs than it fixes. Imagine if all other products were handled in the same way. Heh, imagine an army tank with a minor design flaw - no lock on the back door... *nix however is a totally different barrel of fish. It is generally composed of lots of differing modules all designed to work to a universal standard. Ok, so versioning is still present and obviosly forward compatibility is still an issue, but at least it's being worked on by 100 times more people than any M$ OS is... SiK |
SoniKalien (792) | ||
| 94527 | 2002-11-01 06:23:00 | Oh yea, if I had a choice, I would not be using any M$ product. as it is, the only MS thing running on this old beat-up laptop here is windoze. Not grunty enough for Linux (and it has a winmodem) | SoniKalien (792) | ||
| 94528 | 2002-11-01 06:38:00 | > Well you gotta compare apples to apples. Sorry, that > should probably not be apples... So what is the difference between a distribution of linux that comes with a web server versus windows that comes with IIS. The answer is NOTHING. If your machine gets hacked due to a coding mistake it doesn't matter who's fault it was, you're still stuck with a rooted machine. What exactly is the argument? -That MS coders are bad? Ok then show me some good coders. Perhaps those who wrote VMS or OpenBSD are examples? Don't try to tell me that linux is some super secure OS. It isn't. MS employs some of the best coders in the world. Many are even from the open source camp. Linux is great, but don't start blindly spouting inaccurate claims as to it's superiority. > Why the helck should we pay top $ for a patch to fix something that we > didn't break in the first place? I suggest you don't. Go run linux. See how free your patches are when you get to download them with your not free ISP account. |
BIFF (1) | ||
| 94529 | 2002-11-01 07:30:00 | Actually I disagree with every single paragraph you typed apart from Linux being a supersafe OS, which I never even implied it was. As this is a help forum, I'll not go into it. SiK |
SoniKalien (792) | ||
| 1 2 3 4 | |||||