Actually, I have to disagree with the reasons for why they chose Vista to demonstrate the flaws.Charles said:Indeed. This attack spans platforms. Vista gets the honor of being targeted in the article because, well, it's Vista and we're Microsoft... There's a fundamental flaw in all general purpose operating system architectures since they are all pretty much composed in the same way (from an OS perspective, Mac, Linux, Windows are all similar, architecturally - based on a 70s era OS model...)littleguru said:*snip*
This is not about Vista being insecure. It's about a much bigger problem that spans all platforms: The Internet is a dangerous place and when you run random code from some random source in a client like a web browser, well, bad things can happen.
More interesting is how to fix this. How do we, as an industry, make browsing the Internet fundamentally safe while at the same time allowing for in-browser (in process) innovations that require system resources and access to client componentry? Apparently, we have more work to do. Nobody at Microsoft thinks that "since they are .NET objects running in the browser, they are safe", as the article suggests. Many people understand that any application that exposes a user to the Internet and also runs code from the Internet can be used as an attack vector...
This article is an eye opener for the industry. Microsoft, as always, is used as an example for obvious reasons, but, again, this issue spans platforms.
What would be the impact if they said: "Linux is vulnerable to this."? Well, I would have read over it and thought: "yeah, nice to know but doesn't really bother me." and so would have done 95%+ of all other readers.
But when they say: "Windows Vista and probably XP are vulnerable to it" then it's getting interesting. Millions of people run that operating system on a daily base. All of them have now a big problem... wow! That's something that gives them fame and glory.