Linked by Amjith Ramanujam on Mon 11th Aug 2008 16:13 UTC, submitted by gonzo
Privacy, Security, Encryption Ars Technica has analyzed recently publicized Vista's security flaws. "Unfortunate, yes, but not as was reported in the immediate aftermath of the presentation evidence that Vista's security is useless, nor does this work constitute a major security issue. And it's not game over, either. Sensationalism sells, and there's no news like bad news, but sometimes particularly when covering security issues, it would be nice to see accuracy and level-headedness instead. ... Furthermore, these attacks are specifically on the buffer overflow protections; they do not circumvent the IE Protected Mode sandbox, nor Vista's (in)famous UAC restrictions."
Thread beginning with comment 326563
To read all comments associated with this story, please click here.
.Net is the answer?
by fridder on Tue 12th Aug 2008 01:17 UTC
fridder
Member since:
2007-11-03

The part the really irked me about this article is the instance that C/C++ are ancient languages and that if code were only written in the pure light of .Net or JAVA then security would be assured.

Reply Score: 2

RE: .Net is the answer?
by baadger on Tue 12th Aug 2008 02:06 in reply to ".Net is the answer?"
baadger Member since:
2006-08-29

Yeah that irked me too, there are plenty of ways to write good, pretty safe, pointer burdened code in C and C++, utilising dynamic memory allocation, without incurring the overheads of garbage collection or excessive automatic compiler-inserted checks...

The 'safety' of the language really isn't even one of the main appeals of C# or .NET.

Edited 2008-08-12 02:07 UTC

Reply Parent Score: 2

RE[2]: .Net is the answer?
by abraxas on Fri 15th Aug 2008 09:36 in reply to "RE: .Net is the answer?"
abraxas Member since:
2005-07-07

The 'safety' of the language really isn't even one of the main appeals of C# or .NET.

It is one of the main appeals of .NET when you are talking about buffer overflows.

Reply Parent Score: 2

RE: .Net is the answer?
by Soulbender on Tue 12th Aug 2008 11:40 in reply to ".Net is the answer?"
Soulbender Member since:
2005-08-18

I found that notion hilarious when contrasted with further down in the article where it mentions that Java marks all it's memory as executable. Heh.

Reply Parent Score: 2