dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1199
share rss forum feed


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to NOYB

Re: Is Microsoft liable for security flaws in Windows?

said by NOYB:

When Microsoft and other consumer software is used as intended it is unlikely to the extreme that anyone would be physically harmed.

I'm not so sure about that
--
Don't feed trolls--it only makes them grow!


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3
reply to lorennerol

said by lorennerol:

said by TheMG:

In terms of the sheer amount of code and complexity of the code, it is more than likely far less complex and much smaller amount of code.

My observation was not specific to lines of code. As we've recently found out, Windows is riddled with code that goes back to pre-3.1 days. MS lazily leaving code scattered about in their OS doesn't earn them extra credit in my book.

But my point was that the 787 is more complicated, including physical, electronic, code, etc. systems/assemblies, than Windows, and yet it is built to a far more exacting standard and Boeing is not exempted from liability simply because it's "too hard" to get it right.

Before fast Internet connections and re-flashable firmware, code was created to a higher standard because the option to ship crap and patch it later wasn't there.

No OS is written from the ground up anymore (or at least consumer OS's) and is based the on previous versions. Often the parts of Windows that are 'old' because the feature they supported is old, ie that backwards compatibility thing.

There are more lines of code in an OS then there are parts in a 787 and just like OS's have their problems the 787 hasn't been without its problems (its been grounded how many times now)?

Like I've said before visiting »www.us-cert.gov/ncas/bulletins is a humbling thing for geeks and certainly a source of motivation not to have their product listed there.

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool

BlitzenZeus
Burnt Out Cynic
Premium
join:2000-01-13
kudos:3

To it's benefit, and detriment so many devices run linux now that it is a major player in the market. To Android phones, Apple's osx, and many servers. At least to it's benefit somewhat there are so many distros of linux that one exploit doesn't fit all unlike the years of Windows built on NT.
--
I distrust those people who know so well what god wants them to do because I notice it always coincides with their own desires- Susan B. Anthony
Yesterday we obeyed kings, and bent our necks before emperors. But today we kneel only to the truth- Kahlil G.



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..
reply to dave

said by dave:

Before one can have 'product liability', I'd guess there are two things needed:
1. A regulatory framework stating the minimum standards to which such products must comply.
2. A clear understanding of what the product is being sold to do, with use outside that not being subject to any guarantees.
From a security point of view, I think the two of these would result in no change at all. No-one's going to guarantee a system against threats which won't be invented until next week, and there are no tests for those threats.

I'm not so sure. If I rent a cherry-picker and it subsequently encounters a normal gust of wind whereupon one of several seals fails and drops the basket, there's probably a lawyer out there who can get a judgement against the rental company and the manufacturer over the failing seal.

If Microsoft writes and rents code that contains an exploitable buffer overflow that leads to damage to me, even if Microsoft has successfully patched 1,000 other buffer overflows in the past, there is probably a lawyer out there who could get a judgement against the rental company and the manufacturer (who, in this case, are one and the same).

Never underestimate the persuasive power of a lawyer dependent on a share of the judgement.
--
The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money. -- A. de Tocqueville

TheMG
Premium
join:2007-09-04
Canada
kudos:3
Reviews:
·NorthWest Tel

1 recommendation

reply to BlitzenZeus

said by BlitzenZeus:

To it's benefit, and detriment so many devices run linux now that it is a major player in the market. To Android phones, Apple's osx, and many servers. At least to it's benefit somewhat there are so many distros of linux that one exploit doesn't fit all unlike the years of Windows built on NT.

Sorry if I'm nit-picking here but....

1) OS X is based on BSD, not Linux.

2) While the Android kernel is based on the Linux kernel, it has quite a few modifications. The whole OS itself is also very different from Linux. You can't take an application that runs on a real Linux distro, and easily run it on Android. In fact, Android apps run in some sort of Java environment within Android.

Kearnstd
Space Elf
Premium
join:2002-01-22
Mullica Hill, NJ
kudos:1
reply to Maven

The main issue here is you are stating if a hacker gets into a system. Even though the hack happened due to an MS security flaw the hacker is still the one at fault. Same as if someone cuts the brake lines on a car causing it to roll and hit a kid, GM is not at fault because a malicious act is what caused the actual system failure.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports


BlitzenZeus
Burnt Out Cynic
Premium
join:2000-01-13
kudos:3

1 edit

I don't think you realize how many possible bugs are swept under the rug under the guise of the nda, and they do share their bugs with the nsa. I've been clearly told "working as intended" by microsoft under nda to only have it actually have to be fixed later as it was exploited publicly, they didn't want to, or couldn't fix it without a major overhaul of the software.

You can't think of this like break lines, you'll never see the real picture this way, ever. They are exploiting their software, and in some cases they already knew there was a problem, however chose not to fix it as the flaw is so deep in the design or function it would break the software initially to fix it, so they release buggy exploitable software to meet their schedule hoping nobody will find the problem.

I take no credit for the discovery, but remember gadgets? Microsoft had them in Vista, and Win 7. They advised people to stop using them, and they were in the Win 8 beta, however their runtime was removed from the Win 8 rtm. They just abandoned them, and didn't fix the problem.
--
I distrust those people who know so well what god wants them to do because I notice it always coincides with their own desires- Susan B. Anthony
Yesterday we obeyed kings, and bent our necks before emperors. But today we kneel only to the truth- Kahlil G.


dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS
reply to Link Logger

Speaking of old code: Happy 20th birthday.

»www.theregister.co.uk/2013/08/01···versary/

No OS is written from the ground up anymore (or at least consumer OS's) and is based the on previous versions.

I agree, and more so. Software is very rarely built 'from the ground up' - this used to be obvious when version numbers were used, before marketing got their filthy hands on a clean concept. No-one would think that 'version 6' somehow contained no code that wasn't previously in 'version 5'.

As for operating systems in particular: they're a huge deal. The last time Microsoft rewrote Windows was in 1993 (NT) and then it took perhaps 9 years before the new one was sufficiently capable that it could totally replace the old one (which is to say, NT 5.x in the guise of XP was the successor to DOS-based Windows in the guise of ME).

Compatibility with the installed base is all.

How's OS/2 on the desktop these days? Granted, it failed in part because it had cut-throat Microsoft opposed to it, but its main sin was incompatibility.

Kearnstd
Space Elf
Premium
join:2002-01-22
Mullica Hill, NJ
kudos:1

There are times I think a ground up restart is needed, but being compatible kinda kills that. I am guessing that is why Windows is a terrible tangle of legacy code, A fully new kernal and OS would be great but it would break everything. And in an age where one of the top questions from someone buying a new computer at bestbuy is "Will my printer from 1998 work with this?" well things can get ugly.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports



Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3

I had some hope for BeOS as a ground up OS, but they forgot developers and it faded away into the dark deeps.

Blake


BlitzenZeus
Burnt Out Cynic
Premium
join:2000-01-13
kudos:3
reply to Kearnstd

You know the next version of Windows that attempts to start at a new base will be hated due to lack of driver, and software support... People hated Vista for the wrong reasons, but it finally started getting 64-bit drivers coming from developers where xp 64-bit support was pathetic. We'll just get more of that unfortunately.

There needs to be something in the works, or legacy code exploits will be a problem for a long time.
--
I distrust those people who know so well what god wants them to do because I notice it always coincides with their own desires- Susan B. Anthony
Yesterday we obeyed kings, and bent our necks before emperors. But today we kneel only to the truth- Kahlil G.


Kearnstd
Space Elf
Premium
join:2002-01-22
Mullica Hill, NJ
kudos:1

I agree they need to eventually clean out the "code fridge" or more and more exploits will be found as newer versions derived from the previous kernel keep paving over previous holes.

In some respects it reminds me of road repairs. The state saves money by repaving every few years, But rarely steps back and says "Maybe we should fix the pothole issue once and for all by ripping up the whole thing and starting over."
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports


dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8

Sure, but since the desktop PC market is dwindling, I suppose any new desktop PC operating system would not come to maturity until after there was no need for it.



Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3

said by dave:

Sure, but since the desktop PC market is dwindling, I suppose any new desktop PC operating system would not come to maturity until after there was no need for it.

Not to say tablets, phones and other mobile devices are bullet proof, its the nature of the game in that it wildly favors hackers no matter what the platform.

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool


Maven
Premium
join:2002-03-12
Canada
reply to BlitzenZeus

said by BlitzenZeus:

There needs to be something in the works, or legacy code exploits will be a problem for a long time.

Would you say that problem exists in Linux? Or is it just a Windows thing?

BlitzenZeus
Burnt Out Cynic
Premium
join:2000-01-13
kudos:3

Why would linux be immune from this? We've just been focusing on windows where NT has been around for quite a long time, even if it has had to at least be ported, and parts rewritten as they moved to 32-bit and 64-bit. There's just so many distros of linux, but some are based on the same kernels.
--
I distrust those people who know so well what god wants them to do because I notice it always coincides with their own desires- Susan B. Anthony
Yesterday we obeyed kings, and bent our necks before emperors. But today we kneel only to the truth- Kahlil G.