« Data complexity | Main | OpenOffice exporting RDF »

Quote of the week: Ross Judson

Ross Judson: Spiral Dive


Let's look at the simple equation:

C + Unrestricted Access + Buffer Overflow = You Will Never Be Secure.

Windows machines are fundamentally flawed, at the core. It can never be fixed. You either need a VM (which provides a relatively secure environment), or an operating system that uses a variety of techniques to prevent a process from doing anything it's not supposed to do.

I wonder this is will always be true. It's no secret that Microsoft are working like mad men to lock down Windows - though I'm not sure whether they're taking a stategic approach or simply firefighting at the moment. Of course though ripping out the heart of your OS is a great incentive to push for an upgrade, I wonder if Redmond have the stomach to start over. It'll be interesting to see how it plays out.


September 12, 2003 11:18 AM

Comments

Robert Blum
(September 12, 2003 02:42 PM #)

Hm. I wonder what language the VM is written in. And if it's C, how will it be secure, according to the above statement?

It's just harder to write secure code in C/C++, that's all. And I'm fairly convinced that one of the main reasons MS has such a hard time fixing it is that they're backwards compatible to the beginning of time...

- Robert

Mike Kozlowski
(September 12, 2003 05:17 PM #)

From what it's possible to glean about Microsoft's future intentions, it seems that they're moving as fast as possible to move everything into the CLR. Of course, when you're dealing with a legacy code base of decades which needs to run software written decades ago, that's going to take an awfully long time...

Trackback Pings

TrackBack URL for this entry:
http://www.dehora.net/mt/mt-tb.cgi/1081