Windows virus?

This is a discussion on Windows virus? within the A Brief History of Cprogramming.com forums, part of the Community Boards category; I'm not arguing about the whole security issue. But the Linux kernel vs Windows kernel I can be sure they're ...

  1. #76
    C++まいる!Cをこわせ! Elysia's Avatar
    Join Date
    Oct 2007
    Posts
    22,604
    I'm not arguing about the whole security issue.
    But the Linux kernel vs Windows kernel I can be sure they're about the same complexity as the Win one. But comparing a kernel to the whole source of something? Don't you think that's a bit unfair?
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  2. #77
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,183
    Well, my point is, the whole Windows codebase is security-critical, whereas in Linux, only the core is.

    That makes Microsoft's job a lot harder, and their OS more insecure (more buggy) as a result.

  3. #78
    C++まいる!Cをこわせ! Elysia's Avatar
    Join Date
    Oct 2007
    Posts
    22,604
    Ah right.
    But then again, Windows was written way ago and Microsoft hasn't dared to make such changes to the kernel since it would break pretty much all the stuff out there.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  4. #79
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,183
    True. Not saying Microsoft's job is easy .

  5. #80
    Reverse Engineer maxorator's Avatar
    Join Date
    Aug 2005
    Location
    Estonia
    Posts
    2,318
    Quote Originally Posted by cyberfish View Post
    Well, my point is, the whole Windows codebase is security-critical, whereas in Linux, only the core is.
    By codebase you mean kernel+base DLLs?

  6. #81
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,183
    I am not sure how Windows is organized, but I meant everything, including the UI frontends.

  7. #82
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Quote Originally Posted by cyberfish View Post
    Well, my point is, the whole Windows codebase is security-critical, whereas in Linux, only the core is.
    I don't agree with this in either direction. A large portion of the Windows codebase is not security critical. Sure, having the UI provide the user with information during a potentially harmful change of system settings may make more of the system security-critical. But in essence, I think that's still only a very small part of the system that has (direct) security implications, just like it is in Linux.

    Of course, all parts of the system that has access to kernel level is essentially security critical. But seeing as the Linux kernel opens up the system to the user-mode graphics subsystem [at least it ALLOWS it to be opened up, if the user-mode graphics driver "does the right things"], it also opens up a big can of worms of security in graphics drivers, made harder by the fact that the major manufacturers drivers are not part of the open source.

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  8. #83
    Reverse Engineer maxorator's Avatar
    Join Date
    Aug 2005
    Location
    Estonia
    Posts
    2,318
    Quote Originally Posted by cyberfish View Post
    I am not sure how Windows is organized, but I meant everything, including the UI frontends.
    If you don't know how it works then how can you say *everything* is security-critical?

  9. #84
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,893
    Quote Originally Posted by cyberfish View Post
    The security layers are not as strict in Windows, and UIs are allowed to do low level stuff.
    Patently untrue. UI code in Windows is allowed to do no more or less than UI code in Linux: access the OS APIs. That most programs in Windows still very often runs with administrator rights is independent of that.

    Quote Originally Posted by cyberfish View Post
    Well, my point is, the whole Windows codebase is security-critical, whereas in Linux, only the core is.
    Also untrue. Every single program that runs as root under Linux and has some interface to the non-root world (a socket, a pipe, a DBUS interface, even a configuration file that may have the wrong permissions, etc.), which means probably all daemons and then some, is security-critical. A code injection exploit in those programs leads to a privilege escalation, and once code runs as root, it can do absolutely anything - for example, it can inject code into the kernel via a module.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  10. #85
    the hat of redundancy hat nvoigt's Avatar
    Join Date
    Aug 2001
    Location
    Hannover, Germany
    Posts
    3,139
    Quote Originally Posted by cyberfish View Post
    It's not, but I meant the WHOLE Windows codebase. The security layers are not as strict in Windows, and UIs are allowed to do low level stuff. That makes bugs in the UIs potential security holes, too. In Linux, one needs to exploit the core of the OS, as UIs are more or less just wrappers, and only do low level stuff through the simple interface the OS exposes. That is to say, if one cannot break the system on the command line, one cannot break it through UI programs.
    Can you name an example of a Windows GUI that is more prone to priviledge escalation bugs than it's Linux equivalent ? Even potentially ? Or an example of being less strict ?

    You seem to know a lot of vague stuff about Windows, but none of it really hits home. Yes, I think Linux is more secure than Windows because of it's smaller user base and different priorities concerning security vs user friendliness. But if you spend a little effort that I'd expect from someone using *nix systems, Windows can be pretty secure. A well administered Windows system is probably more secure than a Linux box setup by a normal user. Because the core that both are build on is fine.
    hth
    -nv

    She was so Blonde, she spent 20 minutes looking at the orange juice can because it said "Concentrate."

    When in doubt, read the FAQ.
    Then ask a smart question.

  11. #86
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,183
    Hmm. I stand corrected then. Learned something here.

    I guess, as said above, the real problem comes from the fact that Windows practically requires running as admin, whereas it's conventional for UNIX users to use a non-root user.

  12. #87
    the hat of redundancy hat nvoigt's Avatar
    Join Date
    Aug 2001
    Location
    Hannover, Germany
    Posts
    3,139
    Let's say Windows applications (including some by Microsoft) require you to run as admin (which is bad)
    hth
    -nv

    She was so Blonde, she spent 20 minutes looking at the orange juice can because it said "Concentrate."

    When in doubt, read the FAQ.
    Then ask a smart question.

  13. #88
    Malum in se abachler's Avatar
    Join Date
    Apr 2007
    Posts
    3,189
    Most just require you to install as admin. You can run under any authorized account.
    Until you can build a working general purpose reprogrammable computer out of basic components from radio shack, you are not fit to call yourself a programmer in my presence. This is cwhizard, signing off.

  14. #89
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,183
    On Vista the situation is improved by the VirtualStore thing (if I understood correctly, it transparently redirects writes to system folders to a user folder using copy-on-write). On XP many applications require running as admin because they write user data in the program's folder in "Program Files", which requires admin access.
    Last edited by cyberfish; 07-18-2008 at 07:48 PM.

  15. #90
    Super Moderator VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,596
    On Vista the situation is improved by the VirtualStore thing ...
    Now you've finally gone and done it. Saying Vista is better.

Page 6 of 7 FirstFirst 1234567 LastLast
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Trojan horse generic
    By crvenkapa in forum Tech Board
    Replies: 8
    Last Post: 06-04-2007, 08:49 PM
  2. how to make a windows application
    By crvenkapa in forum C++ Programming
    Replies: 3
    Last Post: 03-26-2007, 09:59 AM
  3. Question..
    By pode in forum Windows Programming
    Replies: 12
    Last Post: 12-19-2004, 06:05 PM
  4. IE 6 status bar
    By DavidP in forum Tech Board
    Replies: 15
    Last Post: 10-23-2002, 05:31 PM
  5. Manipulating the Windows Clipboard
    By Johno in forum Windows Programming
    Replies: 2
    Last Post: 10-01-2002, 09:37 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21