Edmund Cramp wrote: > Dustin Puryear wrote: > >> Edmund Cramp wrote: >> >>> Dustin Puryear wrote: >>> >>>> Scott Harney wrote: >>>> >>>>> Compilers can check for this at compile time too. >>>> >>>> >>>> >>>> Yeah, but exploits that use code on the stack are runtime issues. >>> >>> >>> >>> More grist for the Microsoft vs Linux mill I think. You'd better >>> hold this meeting when I'm in town. >> >> >> >> Linux and Windows don't differ in this regard. > > > True, but as someone pointed out recently (in The Register maybe?), > Windows tends to take the attitude of "security is there to *prevent* > access to resources" while other systems (my experience is RSX/VAX but > I believe UNIX does this too) are written with the attitude that > "security is there to *grant* access to resources". This sounds like > a small point but explains why Windows tends to fail with its > underwear off, rather than on. > > Edmund Cramp > I don't think it is that attitude so much ... i think that all of the nifty features added from 95 through 2000 were programmed with an attitude of "get it working" rather than "is it secure?". They have made leaps and strides when it comes to security recently.
"Domain" networking, DCOM/RPC, ActiveX, DirectX, ASP/ASP.Net were/are light years ahead of their competitors upon their release in terms of features and productivity....but insecure as all get out. I think if the x86 architecture were not as insecure as it is, Windows wouldn't look half as bad, but the blame can certainly be evenly placed on both sides of the equation.
