| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Aug 2010 10:47:07 -0400
From: Valdis.Kletnieks@...edu
To: Dan Kaminsky <dan@...para.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: DLL hijacking with Autorun on a USB drive
On Fri, 27 Aug 2010 10:13:21 EDT, Dan Kaminsky said:
> Oh, come on. MS puts more effort into delivering a secure platform than
> pretty much anyone at this point. They're just not the low hanging fruit
> they once were.
Oh, I'll grant you that, they *have* done a great job in the past few years,
the biggest turn-around I've seen in 3 decades in this business.
The point is that we all know that *really* fixing some of these issues will
involve a *complete* re-architect of the system - and that's someplace they
really don't want to go. Look at how many corporations were slow to jump on
Vista - now imagine if the corporations had to wait for pretty much *every
single app* to update to the New World Order. Remember that one of the big
components of vendor lock-in is the cost of jumping ship. Now if the next
WIndows release is as disruptive as jumping ship, you lose a lot of lock-in.
(And remember what people said about the *first* release of UAC in the beta? A
*lot* of people said it sucked hard enough to make them seriously consider
moving to Linux... so it got toned down a whole lot before release.)
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists