lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: mvp at joeware.net (joe)
Subject: IE Web Browser: "Sitting Duck"

Actually MS does support the use of alternative shells. However you couldn't
and shouldn't expect that if you have a say Thunderbird shell that MS would
support that shell, just the pinnings under it. Just like they don't support
say, Lotus, but they do support the underlying OS API calls. 

As for breaking things, it goes back to the same DLL point. If an app is
built on the concept that that shell would be there and has dependencies on
it, yes it will break. The only thing I can say to that is yeah, of course.
Most of the GUI admin tools from MS depend on those shell dependencies,
again, to that I say... Of course. However if you want to write your own,
you can. The Windows API core pieces are still there and fully exposed and
you don't have to use the Shell API calls and avoid the Shell DLLs. It will
take you a bit longer to write anything though I would expect unless you
have already built up your own lib.

There are many embedded and POS and other machines running Windows and not
using the Explorer shell. They are still called Windows machines. 

  joe

 

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Barry
Fitzgerald
Sent: Wednesday, July 07, 2004 9:56 AM
To: joe
Cc: FULL-DISCLOSURE@...ts.netsys.com
Subject: Re: [Full-Disclosure] IE Web Browser: "Sitting Duck"

joe wrote:

>It is a core component of the current Windows UI, this is not the same 
>as being a core component of Windows. Explorer is simply a UI shell 
>that sits on the operating system known as Windows. The entire shell is 
>replaceable and has been for a long time, since at least Win3.1.
>
>  
>

I appreciate the technical explanation even though I knew, well, all and
more of it.

You probably could have saved some time if you had read my relatively short
message fully and seen that I did acknowledge that IE is not part of the
kernel (which is really what you're trying to say) and that it's a part of
MS Windows as a software distribution.  I'm fully aware that you can replace
the shell in windows.

However, IE and the windows UI is a part of MS Windows as a software
distribution and it's an essential part.  I dare say that if you remove the
UI and DLLs of MS Windows, all you have left is a relatively crappy kernel
with a lot of software that won't work. 

The MS Windows UI and Internet Explorer are a core part of the MS Windows
operating system.  When you remove them, you break compatibility with many
of the available programs and I'd venture to say that Microsoft would not
support a highly modified system like the ones that you're describing. 

One can remove the Glibc from any GNU/Linux distribution.  I wish them luck
trying to run programs that are dynamically linked. 

Is the Glibc a core part of Linux the kernel?  Of course not.

Is the Glibc a core part of the GNU/Linux OS distribution?  Yes, it is.

I think that for all of the technical explanations that you've given, you're
losing the argument on one simple phrase: software distribution.

                -Barry

p.s. Come on people.  We went through the "what does an OS really
constitute?" argument back in like 1996.  This isn't bloody kindergarten.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ