18 Aug
2006
18 Aug
'06
10:58 a.m.
On 8/18/2006 at 5:59 PM Jules Richardson wrote:
As an aside: I've never quite understood these OS
image vunerabilities.
Doesn't any modern OS provide sufficient protection such that a process
can't just stomp all over memory at random? Unless the problem is just a
Windows
thing...
Sloppy programming (really, there's no excuse for not including
bounds-checking when decoding)is a big part of the picture. In Windows'
case, a lot of the vulnerabilities seem to be a combination of sloppy
coding and including "features" that have vulnerabilities inherent. (e.g.
OLE in browser applets, executables in email attachments...) Of course, if
a set of object libraries with inherent vulnerabilities in them is used,
bugs get re-used too.
Cheers,
Chuck
(Looking at something like 13 "security" patches to Win2K this month)