Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Discussions

AndyC AndyC
  • Microsoft Planning 'Lower Rights' IE 7.0

    W3bbo wrote:
    Odd...

    Firefox runs with the default account rights and I haven't had any problems with its security


    By "default" do you mean, Administrative?

    If not, then haven't you noticed that the auto-update is broken for LUAs?

  • Intel + Apple = Good or Bad for Microsoft

    keeron wrote:

    Among all this fun and crazy stuff, as a windows user and a fan, what I'd like to know and learn is how Microsoft is going to go about using the PowerPC platform?



    I believe it's called X-Box 360.

    Now that Apple are ditching PowerPC there aren't going to be any mainstream PowerPC boxes on sale (aside from consoles) so, if anything, it would make even less sense to start selling Windows for PowerPC now than ever before.

  • Apple on Intel, Who wins?

    W3bbo wrote:

    Since Itanium2 (IA-64) is VLIW, it's supposidly "better" than RISC, so this might just work...


    Contrary to what they like to teach students there isn't an obvious VLIW > RISC > CISC type progression. Indeed as memory becomes significantly slower than CPUs there is an argument that CISC > RISC.

    Unfortunately the ADC site appears to have gone down so I can't get any more details from there (and I'm not sure I remember my Apple login anyway...)

  • Apple on Intel, Who wins?

    W3bbo wrote:

    PPC is RISC, and as we all know, RISC > CISC

    "the simplest solution is the best"


    Intel seem to have proven otherwise.

  • "Per Mile" tax on cars in the U.K.

    Cairo wrote:

    Every vehicle would have a black box to allow a satellite system to track their journey,


    Time to post Alistair Darling a copy of 1984 then?

  • Who are your fave MS bloggers

    Raymond Chen, Larry Osterman and Rico Mariani. Oh, and the IE team, too. Smiley

  • Windows Security window

    CAD generates a non-maskable interrupt which tells the CPU to "drop everything and do this instead", where "do this" is show the Security window. When you then click task manager, the system launches it normally and so you have to wait.

    If you're using the Welcome screen, CAD gives you instant access to Task Manager instead. Which is nice. Shame there is no way of getting that response in a domain environment though...

  • Browser security comparison

    W3bbo wrote:


    Explorer is the shell for Trident. Any issues with "IE" are inherently issues with Explorer (or Trident)


    If you read the linked advisory you'd note that the actual flaw is in the Client for Microsoft Networks (i.e. NetBIOS)

    To describe that as a Critical IE flaw is pushing things a bit.

    XPSP2 systems wouldn't be vulnerable in the default configuration anyway (File and Print Sharing is blocked by the firewall), pretty much every broadband router will be blocking those ports out of the box, even in the unlikely event the ISPs aren't already and corporate networks that allow NetBIOS traffic from the web deserve everything they get!

    W3bbo wrote:


    As for third-party add-ons, wouldn't that be a vunerability in IE's plugin architecture?

    There were a lot of flaws in ActiveX, do holes in that count at holes in IE?


    If you take that argument to it's logical conclusion then all software vulnerabilities are the responsibility of the Windows team. After all, Firefox is just a third party plug-in for Windows right?

    If it were just IE's handling of ActiveX at fault (which has been the case in the past) then fair enough. If the flaw is internal to the plugin and is exploitable via any web browser hosting it, as is the case there with Netscape and Opera, then it hardly constitutes an IE issue.

    W3bbo wrote:


    I think it should be done on a "per browsing platform" basis, which includes the rendering engine (Trident/Gecko), container application (Explorer, Firefox), and any loaded plugins and extensions (Flash/HappySmilyToolbar). It makes more sense that way.



    Well yes, when Secunia start rating things like that the statistics might be a bit more meaningful.

    Until then, always assume all browsers are vulnerable to something - because sooner or later you'll find out they are. That's the only way to really be safe...

  • Browser security comparison

    Secunia have a funny habit of classifying Explorer vulnerabilities as IE ones (see here for example) or including vulnerabilities in a third party add-on, such as Flash, in their statistics.

    You could also note (if you were so inclined) that:

    Firefox - 88% of vulnerabilities rated higher than Not Critical

    IE 6 - only 77% of vulnerabilities rated higher than Not Critical


    Once again, there are lies, damn lies and statistics...

  • Anyone been receiving "anti gay" phone calls?

    heh heh,

    I love the way he gets the guy to agree that it's okay to record the call and broadcast it on the internet. Truly classic.