Visit the Ironworks Gaming Website Email the Webmaster Graphics Library Rules and Regulations Help Support Ironworks Forum with a Donation to Keep us Online - We rely totally on Donations from members Donation goal Meter

Ironworks Gaming Radio

Ironworks Gaming Forum

Go Back   Ironworks Gaming Forum > Ironworks Gaming Forums > General Discussion > General Conversation Archives (11/2000 - 01/2005)

 
 
Thread Tools Search this Thread
Old 12-17-2004, 05:18 PM   #21
LennonCook
Jack Burton
 

Join Date: November 10, 2001
Location: Bathurst & Orange, in constant flux
Age: 37
Posts: 5,452
Quote:
Originally posted by Thoran:
I've said it before but IMO if other OS's and Apps were the subject of as concerted and intense an attack as M$ faces from it's many opponents... they'd fare no better. Open Source, by virtue of its inherent openness (it's greatest strength imo)... would be PARTICULARLY susceptable.
No, no, and no
This article uses Apache and IIS to disprove both points. Apache is open source, and more popular than IIS (70% market share and rising, I believe), and yet it is historically the more secure of the two. The number of attacks is a factor, yes, but hardly the only one.

Quote:
The risk I see here for M$ opponenets is if M$ can actually put together a secure system... its competitors won't have an adequate response. It's like drug immunity... the more and harder a bug is attacked by a drug, the quicker it builds up immunity and if it survives it emerges stronger than the competition. It's survival of the fittest, and the community is currently assisting M$ in debugging their goliath, seems like fun but possibly not so smart in the long run.
Security isn't the only benifit. Try making a web page sometime that will work across all browsers... you can't. You basically have two choices: have it work in IE, and have it work in everything else. And do not say "you should design specifically for the one with the greatest user base": the number of websites designed specifically for it is one of the only reasons IE still has a high market share (in the tech-savvy crowd at the very least).

Quote:
I think more people should be working to uncover the weaknesses of the apps they're loyal to (Linux, Firefox, whatever) in order to prevent M$ from getting an insurmountable lead. I'm sure you've all seen the previews of longhorn (and NGSCB)... it's a significant change in security model, and if effective (and it looks like it may be) it will be something that will need to be addressed by the competition.
Longhorn, from what I've seen, will if anything be worse. Microsoft do not plan to uncouple IE from the Windows core, infact they want to integrate it further, so that there is no difference between IE and Windows. This also applies for other programs that are nested deeply into Windows in a completely unremovable way, not just IE. In other words, yes it will be a "significant change in the security model", but I'm sure you will find it will be a change for the worse.


EDIT: The patch I mentioned before for the Tabbrowsing Vulnerabilities has been granted review+ . It is now only waiting for superreview and approval-1.7.6 , and it will be checked in to the mozilla.org CVS .

[ 12-17-2004, 08:24 PM: Message edited by: LennonCook ]
LennonCook is offline  
Old 12-18-2004, 07:58 PM   #22
Thoran
Galvatron
 

Join Date: January 10, 2002
Location: Upstate NY
Age: 56
Posts: 2,109
Quote:
Originally posted by LennonCook:
No, no, and no
This article uses Apache and IIS to disprove both points. Apache is open source, and more popular than IIS (70% market share and rising, I believe), and yet it is historically the more secure of the two. The number of attacks is a factor, yes, but hardly the only one.
I did not say that a lower installed base of Alternative apps and OS's explained the lower security hazard rates... I said that the large number of Microsoft enemies has made M$ the prime target for hackers, and if those hackers redirected their energies to other manufacturers, you would see more problems being discovered in those software packages. That article doesn't even address that issue, not very thorough on their part. I'd give the article more credence if they hadn't tried to pull that straw man, it's hate of microsoft that drives attacks against it, not the straw man of "installed base".

Quote:
Security isn't the only benifit. Try making a web page sometime that will work across all browsers... you can't. You basically have two choices: have it work in IE, and have it work in everything else. And do not say "you should design specifically for the one with the greatest user base": the number of websites designed specifically for it is one of the only reasons IE still has a high market share (in the tech-savvy crowd at the very least).
I disagree, IE has the largest installed base because it ships preinstalled on the most popular OS (hence all the lawsuits... bundling was a blatantly anti-competitive practice... which also explains why M$ has so many enemies), and also because until recently (Firefox) there wasn't a lot of competition (I used to be a Netscape guy, switched to IE because it's better).

These days there's no excuse for 'IE only' web sites, I use Coldfusion for my App. Server and have no trouble accomodating any browser you want to use.

Quote:

Longhorn, from what I've seen, will if anything be worse. Microsoft do not plan to uncouple IE from the Windows core, infact they want to integrate it further, so that there is no difference between IE and Windows. This also applies for other programs that are nested deeply into Windows in a completely unremovable way, not just IE. In other words, yes it will be a "significant change in the security model", but I'm sure you will find it will be a change for the worse.
Sounds like wishful thinking. From what I've seen Longhorn has some innovative approaches to system security, from encrypted hardware communications to an independant security stack. There has never been another consumer OS with this level of integrated security so it's illogical to make pronouncements regarding it's expected failure with no data to corroborate. Personally I also wish they'd decouple apps. level programs (IE, Outlook, etc...) from the OS as that whole architecture is little more than another anti-competitive market share grab (generating lawsuits and lots of M$ hate) and is the single biggest architecture flaw in the windoes OS's, but it remains to be seen if the longhorn security model will hold water. Furthermore, while there's no doubt that the current implementation of IE has some serious issues, that won't necessarily translate into the Longhorn IE (which will be a major rewrite). Personally I think at worst it will still be a damn lot better than the current "no holds barred access/thumb in the damn security model" approach M$ follows.

[ 12-18-2004, 08:00 PM: Message edited by: Thoran ]
Thoran is offline  
Old 12-18-2004, 09:14 PM   #23
Callum
Symbol of Cyric
 

Join Date: October 21, 2004
Location: Vancouver, BC
Age: 35
Posts: 1,143
I don't understand exactly why IE is integrated... It comes with the OS, so I'm not paying extra, or regaining any money by not using. Firefox is free, as is mozilla and netscape. Where does the money cme from?
__________________
[img]\"http://img11.imageshack.us/img11/4763/callumavataranimated4ff.gif\" alt=\" - \" />
Callum is offline  
Old 12-18-2004, 11:36 PM   #24
LennonCook
Jack Burton
 

Join Date: November 10, 2001
Location: Bathurst & Orange, in constant flux
Age: 37
Posts: 5,452
Quote:
Originally posted by Callum:
I don't understand exactly why IE is integrated... It comes with the OS, so I'm not paying extra, or regaining any money by not using. Firefox is free, as is mozilla and netscape. Where does the money cme from?
Microsoft are beggining to enforce "IE is Windows" - that is, IE is only upgraded when Windows is. Meaning, even though MS isn't getting money through IE directly, they are forcing you to buy a new copy of Windows (giving them money) just to get a new browser. Or, at least, they think that that's the effect it will have. I think it will make piracy of MS stuff even more widespread...
As to Firefox and Mozilla, they are free because the authors have no interest in charging for them. Their incentive comes from making a program that the community will be happy with, which will also give their customers more reason to buy larger software packages from them in future. Also, they do sell Firefox on CD, aswell as selling a guidebook, and other donationware. If you're wondering, then, why they don't charge for their products anyway, I see it like this: Ziroc doesn't charge us for using Ironworks, either (and has, on several occasions, blatantly refused to even consider it). We are here because we want to be, not because we can afford to be. It is the same with Mozilla corp and their products. Mozilla corp accept donations aswell, in the same way that Ironworks does (although, they aren't forced to live off these like Ironworks is).
As to Netscape, it isn't free. They don't charge you money admitedly, but they have plugs to other AOL products (products which often have spyware,, and hence $$$ for AOL), and Netscape can't be personalised at all: everything is locked to default.
LennonCook is offline  
Old 12-19-2004, 08:03 AM   #25
Callum
Symbol of Cyric
 

Join Date: October 21, 2004
Location: Vancouver, BC
Age: 35
Posts: 1,143
Ah ok, cos I was just wondering why they did it...

Thank you for enlightening me
__________________
[img]\"http://img11.imageshack.us/img11/4763/callumavataranimated4ff.gif\" alt=\" - \" />
Callum is offline  
 


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
If you could dig a hole.... Arvon General Discussion 14 07-23-2006 04:25 PM
WinRAR Delete File Buffer Overflow Vulnerability LennonCook General Conversation Archives (11/2000 - 01/2005) 5 12-23-2004 09:29 AM
Another M$ IE security hole discovered. RudeDawg General Conversation Archives (11/2000 - 01/2005) 4 06-05-2002 07:35 PM
The key won't go in the hole =( someone tell me why please Sanguinarius Miscellaneous Games (RPG or not) 4 03-30-2002 01:48 PM
Get me out of this hell-hole! riverman Baldurs Gate II: Shadows of Amn & Throne of Bhaal 7 03-03-2002 08:14 AM


All times are GMT -4. The time now is 02:27 PM.


Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
©2024 Ironworks Gaming & ©2024 The Great Escape Studios TM - All Rights Reserved