Comments on: Negligence at Microsoft, Not ‘Market Share’, Causes Major Technical Problems http://techrights.org/2011/05/15/distractors-in-market-share/ Free Software Sentry – watching and reporting maneuvers of those threatened by software freedom Fri, 25 Nov 2016 09:41:40 +0000 hourly 1 http://wordpress.org/?v=3.9.14 By: TemporalBeing http://techrights.org/2011/05/15/distractors-in-market-share/comment-page-1/#comment-117112 Thu, 19 May 2011 17:15:38 +0000 http://techrights.org/?p=48471#comment-117112 Microsoft has several problems on the security front:

1. They don’t have a very good patch management system, likely due to their source code management practices. The big problems result in one patch fixing an issue, and another unfixing it; this then goes round and round over years.

2. Win32 by design is insecure and cannot be fixed. The basic interface for applications with the Windows API is a system that utilizes and object called a HANDLE. Applications are suppose to use the HANDLE to do something, and then clean it up when they’re done. However, there is not protection against one application getting a HANDLE for an object of another application. Furthermore, a HANDLE is merely a _pointer_ into one of several different tables (which one depends on the use of the HANDLE) inside kernel space, and by the way there is no method to authenticate the validity of a HANDLE – at least from the application layer.

What this means is that Win32 by design allows other applications to put bugs into your application. here’s one very valid example:

Your application creates a text box that is suppose to only be 256 characters long. You specify this on the creation of the text box. You properly use the text box to get the 256 characters.

However, your friend BillB writes another application that accesses your text box and changes it to be 64536 bytes long, and inserts a lot of extra text into it to use up the entire space. Windows updates your text box to be the size BillB’s application said it is, but its YOUR text box, not BillB’s. Your application is now subject to a buffer overflow attack through no fault of your own. (Your application properly used the text box.)

That is just one attack vector – and it applies to any use of a HANDLE to do something – whether it is a text box or a lock; yes, Locks use HANDLES – so BillB’s application could access one of your locks and cause your application to go into a Deadlock situation -or worse, unlock something at the wrong time. There are simply no protections and no method of protecting against those kinds of attacks – it’s the design of the Win32 API.

]]> By: Needs Sunlight http://techrights.org/2011/05/15/distractors-in-market-share/comment-page-1/#comment-117041 Mon, 16 May 2011 07:51:36 +0000 http://techrights.org/?p=48471#comment-117041 Incompetence as much as negligence is likely to blame.

]]>