Cold: New Remote Root Exploit for Windows - PATCH YOUR BOX!! [Sticky plz]

[straubs]

Originally posted by: AUGrad

Originally posted by: Lestan

Originally posted by: mechsiah

Windows has come a long way and does some amazing stuff, but I think that a company with as much money and manpower as Microsoft has could be a little more careful with its code.

I couldn't disagree with this more. Coding has never been an exact science. Unix itself has been hardened over the last 30 years, and that is why it is now more secure. Windows is now the mainstream NOS, and we are witnessing the hardening process in action. It has only had 10 years or so of being heavily exposed to the Internet, so I'm betting that in 20 years (probably less) Windows will be the most secure piece of software on the planet. You can't just write secure code, it has to be a trial by fire.

Here is a fascinating article that compares computer viruses to biological ones, and it is so true: http://www.zone-h.org/en/news/read/id=3287/

And I couldn't disagree with this more. Coding is based on scientific principles. While there is a creative/artistic element to it, the basic science and methodologies behind it should not be ignored. Compare programming to building a house. Each house may be different in very artistic ways, but the basic principles of determining live and dead loads, pouring an adequate foundation, etc. apply in every home. If you're not following basic principles of good coding -- validating all inputs and verifying that any data is not too big for its target memory come to mind as examples -- then you're doing it wrong. If Microsoft were a big builder, they would have been sued into nonexistence by now for building substandard homes.

I'm not saying the MS is the only company with this problem, I'm just using them as a good example of why the "coding is art" bunch need to rethink their argument. Ultimately, form should follow function, and code that breaks in not functional.

Well said, AUGrad. Anyone who has studied Computer Science will probably agree with this statement. I like the comparison to an architect. You build things SAFE no matter what. Everything else follows that. Otherwise your career is over.

 

[Quixotic]

bump

 

[VirtualLarry]

Originally posted by: straubs
Well said, AUGrad. Anyone who has studied Computer Science will probably agree with this statement. I like the comparison to an architect. You build things SAFE no matter what. Everything else follows that. Otherwise your career is over.

The sad part is, that *should* be true, but it isn't. The only place that employs programmers, that allowed them to take the time needed to write "safe code", is probably NASA. If you take the time to write "safe" code in commercial software development environment, you will be out of a job because your company has folded, because some other software companies has usurped the entire market segment because they shipped first, with sub-standard-quality code. It's the "network affect" of the market.

I prefer the "Safe code" approach myself, and I pride myself in the quality of code produced. It goes without saying that I'm not working in commercial software development any more...

PS. There seems to be some evidence, that the recent Midwest/East-coast power failure, may have been caused by issues with the control computers, apparently running Windows, that got affected by some virus/worm. This also happened to some computers in a nuclear power-plant control facility earlier in Ohio, and that was in fact confirmed, when the company in question told the NRC.