On Saturday 14 January 2006 20:20, Chris Croughton wrote: > On Sat, Jan 14, 2006 at 04:09:07PM +0000, Kevin Donnelly wrote: > > Steve Gibson is speculating that the recent Microsoft Windows WMF bug was > > intentionally put in the code by someone at Microsoft as a back-door: > > http://www.grc.com/sn/SN-022.htm > > I have no idea how well-founded his speculation is, > > Not at all from what I've heard, it was put in as a way to close down > printing in the middle of a job because MSDOS (and Windows on top of it) > weren't intelligent enough. Yes, it was a "back door" of a sort, but so > was almost everything in those days.
Hmm. His take is that there is simply no reason for that printabort to be included in a WMF, and the odd behaviour is only triggered when you send a *specific* unexpected value to it. I > > but it has him saying that an operating system whose source is open > > would allow users to check that there is nothing untoward in the code > > .... > > Users? No chance at all. Users wouldn't know a back door if it shut in > their face. Other programmers? Possibly, if they bothered to search it > that far, but you only have to look at how many vunerabilities are still > slipping through open software to see that merely being open doesn't > mean that programmers will find the holes. Programmers are users too, of course. I think his point is that it is easier to identify the vulnerabilities, rather than suggesting that there will be none. > Yes, being open has some advantages, and more people /can/ look at it, > but who has the time? How many Linux users have looked at any of the > kernel source code at all, let alone the applications? Very few, I'd have thought. But it's nice to know I could do if the mood were ever to take me ... -- Pob hwyl / Best wishes Kevin Donnelly www.kyfieithu.co.uk - KDE yn Gymraeg www.rhedadur.org.uk - Rhedeg berfau Cymraeg www.cymrux.org.uk - Linux Cymraeg ar un CD _______________________________________________ Fsfe-uk mailing list [email protected] http://lists.gnu.org/mailman/listinfo/fsfe-uk
