Re: Working Within the System

From: Martin Ling (martin@nodezero.org.uk)
Date: Sun Apr 30 2000 - 20:02:39 MDT

Next message: Matt Gingell: "Re: Working Within the System"
Previous message: Ruthanna R Gordon: "Re: GENE/SOC: Playing Devil's Advocate"
In reply to: Michael S. Lorrey: "Re: Working Within the System"
Next in thread: Michael S. Lorrey: "Re: Working Within the System"
Reply: Michael S. Lorrey: "Re: Working Within the System"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Apr 30, 2000 at 08:30:43PM -0400, Michael S. Lorrey wrote:
> Matt Gingell wrote:
> >
> > On Sun, 30 Apr 2000, Michael S. Lorrey wrote:
> >
> > >Additionally, there is no problem with making a runtime that disallows
> > >(or allows the user to disallow) certain types of system functions, just
> > >as Java does. So the only security hole is due to the release of an
> > >unready implementation. That is a typical Microsoft fault, premature
> > >releasing things. I'm sure that many of those suffering from Bill-envy
> > >will extend that failure to his personal life.
> >
> > It's quite a bit deeper than that. The ActiveX security philosophy is based on
> > authentication certificates - you trust the program because you know who the
> > author was. In Java, you trust the program because it runs in an emulated sand
> > box and can not possibly do things the vm won't let it do.
> >
> > What an ActiveX program can do isn't a function of the ActiveX runtime, it's a
> > function of what the operating system does when an executable program accesses
> > one of the kernel interfaces. So far as I know, there's no system in Win95
> > for running programs with some particular set of privileges. Making ActiveX
> > programs as safe and flexible as Java programs would require a substantial
> > amount of operating system support, and it's a bit misleading to suggest 'the
> > only security hole is due to the release of an unready implementation.'
> >
>
> Windows is not incapable of priviledge levels or access restrictions. It
> is merely installed by the typical user without any. That is a matter of
> laziness rather than lack of capability.

No, Matt referred to Windows 95, which has *no* system of file
permissions whatsoever. Using a Win95/98 system is comparable to having
a Unix system in which everybody logs in as root.

Martin

-- 
+--------------------------------------------------------+
| Martin J. Ling              Tel: +44 (0)20 8863 2948   |
| martin@nodezero.org.uk      Fax: +44 (0)20 8248 4025   |
| http://www.nodezero.org.uk  Mobile: +44 (0)7940 482675 |
+--------------------------------------------------------+

Next message: Matt Gingell: "Re: Working Within the System"
Previous message: Ruthanna R Gordon: "Re: GENE/SOC: Playing Devil's Advocate"
In reply to: Michael S. Lorrey: "Re: Working Within the System"
Next in thread: Michael S. Lorrey: "Re: Working Within the System"
Reply: Michael S. Lorrey: "Re: Working Within the System"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Jul 27 2000 - 14:10:02 MDT