Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Discussions

Bas Bas It finds lightbulbs.
  • Cursor flaw throws doubt on Vista security

    SecretSoftware wrote:
    
    Bas wrote: 
    wkempf wrote: 
    SecretSoftware wrote: So let me ask for this:

    Why not design a way so that no- code would execute without my consent, even if its non-admin? I mean no code aside from code run by services that MS designs in the system.

    Basically what I am asking is how to prevent this scenario from happening again in the future with another file type? Does this mean maybe UAC should be updated to mitigate scenarios of this type?


    1.  This would drive every user nuts.  Just look at the complaints about UAC as it is, where in normal usage you never see a prompt.  I mean, really, for this reason alone I can't believe you're asking this.


    Especially if you consider this thread, in which he complains that UAC pops up confirm prompts way too often. And now every process should get confirmed? Baffling.


    If you reviewed that thread you will see a proposal to have both. Its called Rules.

    With rules life will be good. You set them once. You forget them for ever. And you live your life knowing your secure.


    If you review that thread, you will see that many, many concerns were raised for your idea of Rules, and that many people demonstrated how it would make your system less secure.

    But you chose to ignore all those comments, too.

  • Cursor flaw throws doubt on Vista security

    wkempf wrote:
    
    SecretSoftware wrote: So let me ask for this:

    Why not design a way so that no- code would execute without my consent, even if its non-admin? I mean no code aside from code run by services that MS designs in the system.

    Basically what I am asking is how to prevent this scenario from happening again in the future with another file type? Does this mean maybe UAC should be updated to mitigate scenarios of this type?


    1.  This would drive every user nuts.  Just look at the complaints about UAC as it is, where in normal usage you never see a prompt.  I mean, really, for this reason alone I can't believe you're asking this.


    Especially if you consider this thread, in which he complains that UAC pops up confirm prompts way too often. And now all code that wants to run should get confirmed? Baffling.

  • Cursor flaw throws doubt on Vista security

    SecretSoftware wrote:
    

    Cant a person raise legitimate concerns and grievances in this forum wihtout being called troll and having their intelligence insulted?

    Time does change people


    No, you can't try to start a discussion and then completely ignore anything anybody brings into the discussion.

    But I'm sure you'll ignore this too.

  • Cursor flaw throws doubt on Vista security

    SecretSoftware wrote:
    
    Bas wrote:
    You're completely ignoring everything that's being said in this thread, aren't you?


    I am just is somewhat of a state of shock. I could not get my brain around the fact that with all vista's improved security, this exploit worked the way it worked.


    So you are ignoring everything that is being said?

  • Cursor flaw throws doubt on Vista security

    SecretSoftware wrote:
    I saw that video.


    Seeing is not the same as listening to and understanding. And judging from what you think UAC does, you did not understand what was being said in that video, or you forgot.

  • Cursor flaw throws doubt on Vista security

    SecretSoftware wrote:
    I am surprised that Vista is completely defenseless even when all of its defenses are up and running.



    You're completely ignoring everything that's being said in this thread, aren't you?

  • Cursor flaw throws doubt on Vista security

    SecretSoftware wrote:
    
    AndyC wrote: 
    SecretSoftware wrote:

    2) Prevents code execution, with DEP, and to confirm if user initialized the execution of an executable. (Remember , "if you started this action then press continue, else press cancel"?).



    No. Neither UAC nor DEP is designed to prevent this.


    explain?



    DEP was designed to prevent execution of code from a non-executable memory region, which is attempted in a buffer overflow attack. It is not designed to prevent code from running until the user confirms that he/she initialised it.

    As for UAC, I recomend that you watch the UAC, what, how why video.

  • Free Software Foundation's Richard Stallman: 'Live Cheaply'

  • Windows Home Server SDK available

    http://blogs.technet.com/homeserver/archive/2007/04/03/developers-developers-developers.aspx

    More news on actually using the thing is apparently to follow, but, it looks good so far. I can't wait to be able to turn on my teapot from halfway across the globe.

  • Free Software Foundation's Richard Stallman: 'Live Cheaply'