| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 06 Feb 2009 13:14:59 -0500
From: Valdis.Kletnieks@...edu
To: Miller Grey <vigilantgregorius@...il.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Windows 7 UAC compromised
On Fri, 06 Feb 2009 12:02:56 CST, Miller Grey said:
> ...knowing all this, how does it get fixed? What is the proper way for MS
> to enforce UAC?
I'm quite frankly not convinced that there is in fact any economically feasible
way for MS to ship a "proper" UAC. Both Vista and the upcoming Windows 7 were
at first seen by outsiders as a good chance for MS to do the needed disruptive
house cleaning, and they didn't do it for either of those releases. They still
took a major beating on their cash flow with the Vista failure, and it would
have been worse if it had been the amount of changes that were needed to
actually fix things.
And since there's a good chance that the world economy will remain in the
toilet until after the follow-on for Windows 7 arrives, I'm not holding my
breath for MS to do the major clean-up there either. There's good reason to
suspect that they will *never* actually do so.
Bottom line: MS can do only one of the following:
1) Ship something that fixes UAC (and all the other related issues)
2) Ship something that fixes their profit/loss sheets.
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists