Just how bad is the first Vista security flaw?
Summary: Microsoft has publicly acknowledged the discovery of the first Windows Vista security flaw. But just how serious is it? Opinions seem to vary widely.
Microsoft has publicly acknowledged the discovery of the first Windows Vista security flaw. But just how serious is it? Opinions seem to vary widely.
The New York Times claims the flaw is serious enough to result in Microsoft "facing an early crisis of confidence in the quality of its Windows Vista operating system."
Not surprisingly, Microsoft isn't portraying things as being quite so dire. Stephen Toulouse, a senior product manager in Microsoft's security group, said he's not seeing any wringing of hands in his circles:
"No one will ever get the software right 100% out of the gate. What we've done as a company is build in defense in depth capabilities in the products themselves, as well as create good processes internally that prioritize reported vulnerabilities and get them into the update cycle, while also taking the root cause information and changing the way we create the software so we can learn from these situations," Toulouse blogged.
BetaNews, which conducted its own tests on the vulnerability, is siding more with Microsoft's characterization than that of the New York Times.
"(T)ests of the flaw conducted by BetaNews suggest that, while the (message box) bug can crash Windows XP, its roots in the Win32 API dating back to Windows 3.1, coupled with the fact that the source code for the proof-of-concept appears to be straight ANSI C, directly contradict the Times' implication that the bug somehow afflicts Internet Explorer 7.0," BetaNews reported.
While all Windows flaws deserve serious attention, it seems like Vista Flaw No. 1 may not be as horrendous as some headlines and stories may be suggesting.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
What a cop-out!
So, Vista is just a bunch of re-compiled old code? Why does it cost four times more than Win95 did? Oh, and Win32 was not in Win 3.1 - It was in Win98 (this was the API that ensured users would not buy the superior IBM OS2 Warp since this Win32 API 'broke' Windows compatibility in OS2 Warp).
What a useless rant.
Ummm, not by a long shot. Yes there is SOME code for compatibility, but it sure isn't a big part of Vista. (A knowledgable IT person understands the difference. I guess that explains your confusion.)
As far as compatibility with a dead OS (OS/2) who cares? No one I know.
Do everybody a favor this years resolution
If there someone who make worthless rant and stuff its you ....
He Never Leaves His Basement
Good Idea
Keep your 'knowledge' No_AX
win32s
Also I believe that Windows 95 included this as well.
Other than that little misapprehension, you're spot on!
win32
And you are right, 95 did reuse it as a subset because this flaw wouldn't exist if it didn't. Microsoft embraced and pushed object oriented programming before the release of Visual Studio to impress upon people the time saved by recycling code and using it as a subset. Well, what they didn't say was it amounted to bloated code it created doubling the size of each revision, and the same flaws were carried over in consecutive revisions unless specifically delt with.
The next version of Windows will probably have to be distributed on a Blue Ray disk and it'll require 4 GB of memory, a quad core 4 GHz CPU and have a 20 GB hard drive footprint. And updates will require us to download gigabytes to patch Windows.
And somewhere deep within all of that code will be another Windows 3.1 flaw which will rear it's ugly little head.
The Borg 'eh?
Actually, you'd be assimilated into the MS culture if they were the Borg. You wouldn't be corrupted. If you were corrupted, they'd just get rid of you.
"like lying that Win32 exists in Win3.1 (not until 98) and C.R.A.P. like 'Vista is the most secure OS ever'"
Ahh yes. I wonder where it was said that Vista is the most secure OS ever... The reference I found in the security section of MS hype for Vista says this "Windows Vista is engineered to be the most secure version of Windows yet."
Hmm, saying it's the most secure version of Windows yet is alot different than saying that they said 'Vista is the most secure OS ever'. You wouldn't be mis-representing a quote would you?
When will they learn, indeed.
It's the kinda
Think Apple have been feeding you what too much bulls**t..
Huh?
I'm sorry. I only speak english. If you could please rephrase whatever your point was into english and a coherent sentence, then I can fully defend my tripe.
Sorry, what I meant to say was
re: sorry what I meant
What part of my statement "Ahh yes. I wonder where it was said that Vista is the most secure OS ever... The reference I found in the security section of MS hype for Vista says this 'Windows Vista is engineered to be the most secure version of Windows yet.'"
Was "full of it"? I can provide you the link if you prefer. Or would you just like to sling insults all day?
Way off
Win32 had very little to do with IBM or the OS2 development. NT was the primary descendant of the OS2 program. Warp was just as much of a "breaking away" from the proposed standards of OS2 as anything Microsoft did with NT. By the time Warp came out Microsoft and IBM were not at all on the same page.
As far as superiority? OS2 had its pluses, but its lack of hardware support was a huge detriment during its early days. Warp was just the dying gasp.
Wrong. Win32 was born in Win95
Stubborn, aren't we.
http://en.wikipedia.org/wiki/Win32s
Yes, it wasn't "mature" until Win98 (of course, one could argue it never did "mature"), but as you just said it was at least the basis for Window 95.
Thunking works both ways. http://searchwinit.techtarget.com/sDefinition/0,290660,sid1_gci860582,00.html
Have you even used Windows 3.11 or 95? How about programmed for both of them at the same time? If you have, fine. But you're writing like a new millennium graduate that has no concept of what things were like circa 1995, and just spouting information based on your prof's "fond memories".
Hmmm...don't know that Wikipedia is the best source for proof.
Oh, and yes, I can be stuborn. Especially about propaganda issues.
Also Wrong
Win32s was a subset of the Win32 APIs which had been developed for use in NT.
Win95 had the "thunking" to enhance performance of legacy 16-bit code; since the OS was half-and-half, both types of code were similarly inefficent, meeting half-way, rather than having one side efficient and the other less efficient, or duplicating everything on both modes so that both would have been efficient (well, would be if it all fit into memory together...)
NT was already "pure" 32-bit, so that the 32-bit code ran more efficiently under NT than under 95...
Not only "thunk" but think win32s
Yes...but I think he missed my point.