Linked by Amjith Ramanujam on Mon 11th Aug 2008 16:13 UTC, submitted by gonzo
Ars Technica has analyzed recently publicized Vista's security flaws. "Unfortunate, yes, but not as was reported in the immediate aftermath of the presentation evidence that Vista's security is useless, nor does this work constitute a major security issue. And it's not game over, either. Sensationalism sells, and there's no news like bad news, but sometimes particularly when covering security issues, it would be nice to see accuracy and level-headedness instead. ... Furthermore, these attacks are specifically on the buffer overflow protections; they do not circumvent the IE Protected Mode sandbox, nor Vista's (in)famous UAC restrictions."
Thread beginning with comment 326591
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2006-05-04
"Internet Explorer 7 and Firefox 2 both opt out of DEP"
You can opt out? That's brilliant security design, right there."
I hope that you know that your whole rant makes no sense whatsoever?
You can opt out any security option in any OS you want: run OS as a root, without firewall, without hardened kernel, run services with root privileges, and so on.
This has nothing to do with security design.
DEP or ASLR are not mandatory.
These are options only. Linux kernel has ASLR as an option for very long time (PAX), but not every distro includes this.
If you would spent 2secs reading and trying to get what arstechnica is saying instead of masturbating with words, you would understand that MS fscked design, so they can either fix this or try something else.
As ASLR is not new (or the only way to protect system), they (MS) can take peak on better implementation (same way as they do it usually).
MS also can leave it as is and ignore the problem.