lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <39770.1251732387@turing-police.cc.vt.edu>
Date: Mon, 31 Aug 2009 11:26:27 -0400
From: Valdis.Kletnieks@...edu
To: stuart@...erdelix.net
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: windows future

On Sun, 30 Aug 2009 01:09:55 BST, lsi said:

> The biological metaphor does suggest that Microsoft would take some 
> kind of evasive action, and I think their only option is to license 
> unix, just as Apple did (although Apple did it for different 
> reasons).  Doing this will solve many problems, they can keep their 
> proprietary interface and their reputation, and possibly even their 
> licensing and marketing models, while under the hood, unix saves the 
> day.

Unlikely to work - there's just Too Damned Many legacy binaries that have all
sorts of dependencies on undocumented quirks of the Windows APIs.  So you end
up needing to use a Wine-like shim to provide the API the binaries need - and
if the shim is good enough for the backward-combatable binaries, it's *also*
good enough for the malware to attack.  If IE9 has a bug and some Javascript
scribbles something into the 'Documents' folder, that Javascript really doesn't
care if it's a Documents folder on a real Windows box, or one that's in a
directory being managed by a shim on a Unix/Linux box.  All it cares about is
that it *behaves* like a Documents folder.

Hint:  If a Windows user's home directory is on a remote file share, it
really doesn't care if it's a Genuine Windows(TM) or a Samba share, does it?
Heck, it doesn't even know/care if its domain controller is Windows or Samba.
All it cares is that the file share and the DC *act* like Windows.

And unfortunately, that's true for both legitimate binaries and malware.


Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ