Linked by Eugenia Loli on Tue 1st May 2007 00:35 UTC
Privacy, Security, Encryption Dino Dai Zovi, the New York-based security researcher who took home USD b10000 in a highly-publicized MacBook Pro hijack on April 20, has been at the center of a week's worth of controversy about the security of Apple's operating system. In an e-mail interview with Computerworld, Dai Zovi talked about how finding vulnerabilities is like fishing, the chances that someone else will stumble on the still-unpatched bug, and what operating system - Windows Vista or Mac OS X - is the sturdiest when it comes to security.
Permalink for comment 235996
To read all comments associated with this story, please click here.
Nelson
Member since:
2005-11-29

Maybe the marketshare bit was just poking fun ;)

Vista is built off of the Windows 2003 Codebase which (iirc) is an audited version of the XP sourcecode with a lot of buffer overflow exploits found and removed.
I think it's inherently more secure than XP but sure some simple bugs (like the cursor exploit) will remain because it's something that's relatively unchanged from WinXP to WinVista.

I do find it interesting to how the .ani exploit bypassed the /GS, ALSR, etc.. in Windows Vista..

Obviously, things like this will not make Vista bullet proof but it will stop a great deal of it. Point being, that Vista is more secure than XP so comparing your experiences with XP isnt' exaclty accurate.

I agree whole heartedly that you can't insert security into insecure code. it needs to be designed that way. However given the complexity of the Windows Operating System I think that these "obstacles" that exploits now face is a good thing.

The attack surface is greatly minimized from what I can see.

Anyhow, I'm tired and I'll mod you up for a good post.

Reply Parent Score: 3