[Novalug] Vista Killer (fwd)
hescominsoon at emmanuelcomputerconsulting.com
Fri Aug 8 21:19:50 EDT 2008
Tux Subscriber Dave Aronson wrote:
> Beartooth <karhunhammas at lserv.com> wrote:
>> If these guys are correct, Vista is dead and M$ is
>> looking at a financial disaster. They claim to have found a fatal
>> security hole that can't be fixed except by a total re-write of
>> the OS.
> Doesn't sound *quite* that bad to me. They say:
> > by using Java, ActiveX controls and .NET objects to load arbitrary
> content into Web browsers.
> Thus, if one turns off ActiveX, and doesn't install (or possibly turn
> on, not sure if that's needed) the .NET runtime libraries, one is
> safe. IIRC, FireFox still won't run ActiveX. This is just yet
> another drawback to IE-only sites. ;-)
>> By taking advantage of the way that browsers, specifically Internet Explorer,
>> handle active scripting and .NET objects,
> Sounds to me like they may be able to do something within IE (and, if
> needed, other browsers). It's not at all clear to me, from this
> article alone, whether this is a problem when using other browsers,
> even if ActiveX is, uh, active. ;-)
> On the plus side: more "jeez, we keep TELLING you not to trust
> Mickeyshaft!" fodder. On the minus side: just like all the prior
> times we told them, they're not going to listen.
Vista has >net tightly integrated witht he core os..there's no way to
turn it off.
More information about the Novalug