Ars Technica has analyzed recently publicized Vista's security flaws. "Unfortunate, yes, but not as was reported in the immediate aftermath of the presentation evidence that Vista's security is useless, nor does this work constitute a major security issue. And it's not game over, either. Sensationalism sells, and there's no news like bad news, but sometimes particularly when covering security issues, it would be nice to see accuracy and level-headedness instead. ... Furthermore, these attacks are specifically on the buffer overflow protections; they do not circumvent the IE Protected Mode sandbox, nor Vista's (in)famous UAC restrictions."
To read all comments associated with this story, please click here.
Member since:2006-02-21
They crash, that's why. I'm presuming some software behaves in such a way as they try to execute software that is stored in data pages. (I'm no programmer. I just read Wikipedia...http://en.wikipedia.org/wiki/Data_Execution_Prevention That, and I know that having DEP on crashed an older version of flash.)
Member since:2006-04-18
The article mentions that some apps/plugins choose to 'opt-out' of Vista's security features. Why would somebody choose to do that? Does it take a lot of extra coding to write something that uses those features? Does it slow down the app?
Because it's more difficult. I've written most of my code in C (long ago). I tried Ada and even Java, and there's lots of short-cuts you get used to in the permissive environment C provides that more structured languages make impossible. It's not just coding, sometimes you have change the way you think about solving the problem. When coupled with a business environment where re-learning means you miss your deadline, or flip a switch and have it work, you know which will be chosen.
(I don't know if this is exactly what happens in Vista, but I would guess it is)
Member since:
2005-11-13
The article mentions that some apps/plugins choose to 'opt-out' of Vista's security features. Why would somebody choose to do that? Does it take a lot of extra coding to write something that uses those features? Does it slow down the app?