Buffer overflows are a function of the language/Compiler (C or C++), not the operating system. Buffer overflows happen in all OSs; see the recent BIND overflow discovered in Linux (http://linux.oreillynet.com/pub/a/linux/2001/02/06/insecurities.html). I have a SuSE 8.2 Linux box, so I keep track of issues on that platform as well. Don't confuse the number of discovered vulnerabilities out there with how buggy a program is; Microsoft is the 800 pound gorilla that everyone wants a piece of.
There is a lot of legacy code in Windows (and any OS). As a C/C++ programmer, I can tell you that these languages are very verbose. It is quite a chore to look at and trace down literally millions of lines of legacy code (a job usually given to junior programmers at a lot of companies). However, Microsoft is not sitting still; their latest compiler has a new switch that looks for buffer overflows, and they are increasingly becoming agressive on that front; they issue a lot of patches well before the vulnerability becomes known. Considering the size of the OS, and the number of features built in, they are doing a pretty good (but not excellent) job of finding and fixing security issues. Keep in mind, there is still a lot of legacy code in Windows. BTW, it's Microsoft or MS, NOT M$. I make my living as a Windows programmer. Robert M. Teague Kaneohe, HI ----- Original Message ----- From: "Ross Clutterbuck" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 11, 2003 12:35 PM Subject: [wdvltalk] Re: Seriously OT (sorry): Automatic shutdown issue with Windows XP > > BTW, it's not necessary a flaw in wintel; RPC is common to all modern > > operating systems. Rather, than placing the blame on a company, Microsoft > in > > this case, there needs to be more effort in teaching programmers how to > > avoid these things. I am a C++ programmer, and I know how difficult it can > > be to avoid buffer overflows if you are not paying attention to the code > you > > are writing. > > A good point Robert, but let's be honest here. If M$ took a bit of time with > their coding and debugging before release 99% of their problems wouldn't > exist. And how many RPC vulnerabilities do we see on Mac/Linux platforms? > > Cheers for the URL... > > MOU > > > ____ . The WDVL Discussion List from WDVL.COM . ____ > To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] > Send Your Posts To: [EMAIL PROTECTED] > To set a personal password send an email to [EMAIL PROTECTED] with the words: "set WDVLTALK pw=yourpassword" in the body of the email. > To change subscription settings to the wdvltalk digest version: > http://wdvl.internet.com/WDVL/Forum/#sub > > ________________ http://www.wdvl.com _______________________ > > You are currently subscribed to wdvltalk as: [EMAIL PROTECTED] > To unsubscribe send a blank email to %%email.unsub%% > ____ � The WDVL Discussion List from WDVL.COM � ____ To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] Send Your Posts To: [EMAIL PROTECTED] To set a personal password send an email to [EMAIL PROTECTED] with the words: "set WDVLTALK pw=yourpassword" in the body of the email. To change subscription settings to the wdvltalk digest version: http://wdvl.internet.com/WDVL/Forum/#sub ________________ http://www.wdvl.com _______________________ You are currently subscribed to wdvltalk as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED]
