__/ [ Richard Rasker ] on Wednesday 02 August 2006 18:29 \__
> Op Wed, 02 Aug 2006 06:23:19 -0700, schreef nessuno@xxxxxxxxxxxxxxxxxxx:
>> I wish I understood this better. Regarding buffer overflows, I don't
>> understand why you don't just fix the bugs. Even with Windows and
>> 50,000,000 lines of code with the resources they have MS ought to be
>> able to find all the gets() statements and just fix them. Instead some
>> time ago I heard that MS was looking to hardware solutions, putting
>> buffers in one area of memory with some kind of protection, and code
>> into another. It sounded really kludgey to me. Now this article is
>> again talking about hardware solutions. Encrypting instructions and
>> doubling the execution time sounds really horrible. Scientific
>> programmers would have a fit. BTW, although the experiments in this
>> article were carried out on Linux, I don't see why the same techniques
>> wouldn't work for any OS. As I say, they don't involve fixing *bugs*.
>> But obviously I'm not understanding something.
> Fixing things once and for all isn't in the interest of Microsoft and the
> rest of the industry. Their business would quickly collapse if they'd
> start churning out (near) flawless products. It's much more profitable to
> make people pay a mint for quickly slapped-together, sloppy software, and
> make them pay again for all kinds of half-baked measures meant to lessen
> the negative effects of the poor primary product. And if these measures
> consume huge amounts of system resources: all the better. People will go
> out and buy new computers with new Windows licenses even sooner.
A moral company would turn to the customer and say "Look, Vista will not be
secure in the long run, but we can try to help. The competition is indeed
offering more security, but we promise to catch up". In reality, however,
Microsoft (Ballmer) is conceited and any fears will worry the investors and
be adverse to the strategy. So they carry on hiding the truth...
Microsoft knows it's behind in many areas. It is scared and it is trying to
empty its pockets' reserves to hide the truth from people. I don't think
it's sustainable though. People will wake up and talk. The impact of word of
mouth is exponential.
GNU/Linux is beautiful. < http://youtube.com/watch?v=lawkc3jH3ws >
http://Schestowitz.com | GNU/Linux ¦ PGP-Key: 0x74572E8E
Mem: 514480k total, 466296k used, 48184k free, 32184k buffers
http://iuron.com - next generation of search paradigms