[Novalug] Vista Killer (fwd)
William Warren
hescominsoon at emmanuelcomputerconsulting.com
Fri Aug 8 21:19:50 EDT 2008
Tux Subscriber Dave Aronson wrote:
> Beartooth <karhunhammas at lserv.com> wrote:
>
>
>> If these guys are correct, Vista is dead and M$ is
>> looking at a financial disaster. They claim to have found a fatal
>> security hole that can't be fixed except by a total re-write of
>> the OS.
>>
>> http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1324395,00.html
>>
>
> Doesn't sound *quite* that bad to me. They say:
>
> > by using Java, ActiveX controls and .NET objects to load arbitrary
> content into Web browsers.
>
> Thus, if one turns off ActiveX, and doesn't install (or possibly turn
> on, not sure if that's needed) the .NET runtime libraries, one is
> safe. IIRC, FireFox still won't run ActiveX. This is just yet
> another drawback to IE-only sites. ;-)
>
>
>> By taking advantage of the way that browsers, specifically Internet Explorer,
>> handle active scripting and .NET objects,
>>
>
> Sounds to me like they may be able to do something within IE (and, if
> needed, other browsers). It's not at all clear to me, from this
> article alone, whether this is a problem when using other browsers,
> even if ActiveX is, uh, active. ;-)
>
> On the plus side: more "jeez, we keep TELLING you not to trust
> Mickeyshaft!" fodder. On the minus side: just like all the prior
> times we told them, they're not going to listen.
>
> -Dave
>
>
Vista has >net tightly integrated witht he core os..there's no way to
turn it off.
More information about the Novalug
mailing list