+Bob+ said:
Third, this global file protection scheme and UAC is a cheap,
band-aid, solution trying to cover up major architectural and physical
structure flaws in windows. Instead of fixing the problem, they
treated the symptom by massively prohibited access to anything except
C:\users. It's a nightmare for users and MS should be pistol whipped
for even thinking of it, let along shipping it.
Do you want to talk to me about how inferior Vista is suppose to be?
<
http://www.securitypronews.com/news/securitynews/spn-45-20060601ASLRJoinsVistasBagOfTricks.html>
I am going to say it again to you. I don't see Vista users posting about
malware issues that much anymore as compared to the previous version on
the NT based O/S(s) where malware is hammering those O/S(s).
<
http://technet.microsoft.com/en-us/magazine/cc162458.aspx>
Address Space Load Randomization
Despite measures like Data Execution Prevention and enhanced compiler
error checking, malware authors continue to find buffer overflow
vulnerabilities that allow them to infect network-facing processes like
Internet Explorer®, Windows services, and third-party applications to
gain a foothold on a system. Once they have managed to infect a process,
however, they must use Windows APIs to accomplish their ultimate goal of
reading user data or establishing a permanent presence by modifying user
or system configuration settings.
Connecting an application with API entry points exported by DLLs is
something usually handled by the operating system loader, but these
types of malware infection don't get the benefit of the loader's
services. This hasn't posed a problem for malware on previous versions
of Windows because for any given Windows release, system executable
images and DLLs always load at the same location, allowing malware to
assume that APIs reside at fixed addresses.
The Windows Vista Address Space Load Randomization (ASLR) feature makes
it impossible for malware to know where APIs are located by loading
system DLLs and executables at a different location every time the
system boots. Early in the boot process, the Memory Manager picks a
random DLL image-load bias from one of 256 64KB-aligned addresses in the
16MB region at the top of the user-mode address space. As DLLs that have
the new dynamic-relocation flag in their image header load into a
process, the Memory Manager packs them into memory starting at the
image-load bias address and working its way down.
----------------
You want to talk to me about how inferior Win 2k3 is and it's not a
solid and secure Web server platform with IIS, when Linux and Apache are
being hammered. Things started to change security wise on the Windows
platform.
http://www.zone-h.com/
Yes, I am going to continue to keep UAC enabled. I want folder
Virtulization doing its thing, because UAC is enabled. I want WRP doing
its thing. I want ASLR doing its thing. I want 3rd party security
vendors using WPF. I want MS to continue heading in the direction it is
headed with the security of its Windows O/S platforms.
Things are not as gloom and doom as you make it out to be with Vista,
and I want every last bit of what Vista has to offer in the form of
security enabled to better protect the machine.
Yes, it is doom and gloom on XP and Win 2k workstations in the home
user's hands, and XP is being HAMMERED by malware.
