lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 6 Feb 2009 16:22:21 -0600
From: Michael Krymson <krymson@...il.com>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Windows 7 UAC compromised

I'm with Valdis on this one. You have to understand that Windows is probably
as popular as it is now very largely *because* of the freedom the OS offered
people *and* software makers to do what they want with it. This is not
entirely different from DRM vs Unrestricted media...

In order for Microsoft to do anything proper about it, they would have to
splinter their market and either piss off software makers that depend upon
the ease of use, or piss of users who want freedom to put whatever app they
want on their system or make whatever changes without aggravation. And any
major off-putting change would give many people and businesses a reason to
explore alternatives...

One thing in our (and Microsoft's) favor towards securing the end user
experience is the growing number of people who realize two things. It's
their own fault when their system gets stupidly slow because Windows lets
them be stupid. And as people "grow up" into computers they reealize they
only really do 10 things on them and only really need 10 different apps.

On Fri, Feb 6, 2009 at 12:14 PM, <Valdis.Kletnieks@...edu> wrote:

> On Fri, 06 Feb 2009 12:02:56 CST, Miller Grey said:
>
> > ...knowing all this, how does it get fixed?  What is the proper way for
> MS
> > to enforce UAC?
>
> I'm quite frankly not convinced that there is in fact any economically
> feasible
> way for MS to ship a "proper" UAC.

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ