| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun Jul 16 21:36:43 2006 From: degeneracypressure at gmail.com (Eliah Kagan) Subject: 70 million computers are using Windows 98rightnow On 7/12/06, Dude VanWinkle wrote: > and for the record, win9x doesnt have the option for security. no > ACL's, file system doesnt support them, doesnt that make the idea of > securing it moot? Win9x OSes (including Windows ME) are not true multi-user operating systems. They do not implement separation of priviledge (and they don't, in any real sense, implement protected memory either, because the system memory space is open to maintain compatibility with the Win3.1 way of doing system calls). That does not mean that they are *insecure*. It means that they are insecure if you allow untrusted users or execute untrusted code. It also means they carry little protection against programs that contain vulnerabilities, compared to operating systems like NT and *nix which do implement those design features. It makes sense to patch your Win9x system against vulnerabilities. It makes sense to lock your house to keep people from stealing your Win9x system. It is an error to confuse the existence of separation of priviledge and protected memory with securty. Security is a property not of an application alone, but of the application and how it is used. On the other hand, no company should be expected to support a product forever (unless they say they're going to). But the suggested solution--upgrading to Windows XP--is certainly no more than a poor joke for most boxes that shipped with Windows 98. -Eliah
Powered by blists - more mailing lists