Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: [in] Re: IE is just as safe as FireFox
From: devis <devis () easynix net>
Date: Mon, 22 Nov 2004 21:53:24 +0100



True goal is making as much money and influence as possible.

Please read my previous posts on this list regarding that matter.

This is why, Firefox being independant from this OS that carries 60 of its code base as being legacy code for older system hardware and


The Mozilla Suite (and Firefox) already existed for some years.

Should we compare the new version/updates delivery frequency of the Mozilla Project with others ?

Lets not hide from ourselves whats needed from MS to reach modern world security: a complete rewrite, and a ditch of old Dos base and the 20 years old legacy code.


Microsoft Windows NT is a complete rewrite from scratch. MSDOS is being emulated in a virtual machine called NTVDM. Microsoft Windows XP is not the first NT version, mind you.

I used nt4 ws and server, i still noted at the time the default behavior of making the first user an administrator, and not inviting to create an unpriviledged user. All of the migrations NT4 -> BSD i did were in that case. The point is that relying on the solidity of ur network application / daemon / server and not restricting / reducing the impact of a crash / vulnerability / intrusion is just completely irresponsible. Jails are not "all" but they help as a preventive measure, and they instantly upgrades the knowledge level needed by the attack. They make sure for example, that the latest worms exploiting the latest vulnerability that remains unpatched by your vendor, are not taking over the box completely. Geez sounds familiar ?

Until MS manages to run a webserver / authserver / mailserver (fill in the list ... ) with the same functionnality and as non priviledged user, it will be much more unsecure out there.

And btw the "Virtual" Dos seems particulary present:
Try this on any NT OSes: new folder -> aux, lpt1, con, nul ...Should i carry on ? (Hint: MSDos Reserved devices).
As i say previously non case sensitive OSes belong to the museum.

Rafel Ivgi, The-Insider wrote:

>[ fullquote from grandparent snipped, please learn some quoting style ]

I will only if you learn to NOT reply to all [emails] of the thread but just to the list.


Stefan Schatzl.

d.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault