I don't get it... does MS really not care about security? Is it in their best interest to keep their OS unsafe?
This vulnerability was no doubt floating around "for sale" in one of those other reputable online forums... MS has billions of dollars, go buy them up!
Maybe they're already doing this and I have no idea what I'm talking about?
It is crazy that many web and computer users in the world will not even know what DOS is, and there is a security flaw that can affect most of their computers.
I used to love (well maybe too strong a word) using DOS, then came the graphical user interface to file management and that just seemed so easy to use.
Wow, a bug that's older than many users of Windows.
Windows is not insecure just because it's the most popular OS. All OS's are not created equal. Just like all cars are not created equal and you wouldn't expect a pinto to be as safe as a Volvo.
It's insecure because it was fundamentally never designed to be a 'network' OS - it was designed as a desktop OS. Compare this to Linux and, yes Mac OS X which were always designed with security and networking in mind. And clearly there's been no push to re-work the kernel of Windows to be more secure. And this is not impossible - Apple did it when they completely reworked their OS to be based on FreeBSD (an open source UNIX variant [apple.com...] [apple.com...] ).
This DOS bug is a perfect example of how a closed-source desktop-centric OS like Windows/DOS is bound to be less secure than an open-source network-focused OS like Linux or Mac OS X. Do you really think a security hole would stick around this long in an open source OS?
|Apple did it when they completely reworked their OS to be based on FreeBSD |
They didn't re-work anything, they just bought NeXT ;)
It turned out to be a shrewd move as the original Apple OS was also developed originally as a desktop OS.
MS doesn't have the experience in networking that it really needs, at it's core.
I think it would be a highly shrewd move for MS to purchase a UNIX like variant from which to base future releases.
Lot's of upfront pain, but in the long term I really believe they'll need it.
If any of you noticed this isn't talking about DOS based OS's. It actually talking about Windows NT based OS's, which was a ground up rebuild with more security in mind.
The problems being patched (at least my understanding) are in how Microsoft maintain compatibility with some older applications, thus making themselves vulnerable to attack. This older applications had bugs in them, but instead of Microsoft making them release fixes, they built a compatibility layer to work around these bugs.
They said this, and we believed it. But somehow some of the old bugs from the previous versions still appeared. (I noticed a few bugs from old, myself.)
|If any of you noticed this isn't talking about DOS based OS's. It actually talking about Windows NT based OS's, |
Good point that bears repeating.
On Win9x OS, Windows ran on top of DOS. On WinNT based OSes, Everything from WinNT4 & Win2K on DOS runs as an emulator within Windows. I don't remember which way WinNT3.51 ran, but based on this bug I'd guess DOS was emulated.
I had an adobe patch try to install today, I knew a windows patch was coming. I wonder what new monitoring techniques are incorporated into this round of patches.
Are there any details anywhere about what this bug permitted?
Presumably, it somehow allowed limited-access users to make unauthorised changes - this suggests that DOS shells run at a higher privilege than the user or some serious code hacks are required to make it work. And if those code hacks worked for DOS emulation, might they still work elsewhere?
I'm afraid this is one of those myths that every computer-magazine guru on the planet repeated. 16bit DOS merely bootstrapped 32bit Windows. DOS programs ran in emulation on Win 9x (unless running in DOS mode). Although Win9x supported use of some 16bit drivers (mainly to allow old hardware such as printers to be used) other drivers were 32bit meaning that IO calls, etc were not passed to an underlying 16bit DOS layer.
|On Win9x OS, Windows ran on top of DOS. |
|I'm afraid this is one of those myths that every computer-magazine guru on the planet repeated. 16bit DOS merely bootstrapped 32bit Windows. DOS programs ran in emulation on Win 9x (unless running in DOS mode). Although Win9x supported use of some 16bit drivers (mainly to allow old hardware such as printers to be used) other drivers were 32bit meaning that IO calls, etc were not passed to an underlying 16bit DOS layer. |
Very interesting. This just proves that a lie repeated often enough becomes a commonly known "fact".
So the big difference between the WinNT branch and the Win9x branch is that on Win9x DOS still existed but that once it initiated Windows its job was done. On WinNT Windows booted itself. Am I understanding this correctly?
That's about the gist of it, but a full implementation of DOS 7 (I think) was included with Windows 95 to allow DOS Mode to work.
Another myth, that every computer-magazine guru on the planet repeated was that CD drives had to be installed on a different IDE channel otherwise performance would be seriously compromised - I believe this started because very early IDE drives could be synchronised and would run at the speed of the slower drive!