I'm coming around one of my (and probably your) favorite subjects, Windows and Their Evil Nature. Talking about this OS and how it is so insecure is one hot topic. It's just I've never sat down to write a few pointers on the subject. And guess what! Tom Yager in InfoWorld
has done it for me. Oh boy!! Anyway :P
Just a few quotes from the article...
- All Windows background processes/daemons are spawned from a single hyper-privileged process and referred to as services.
- By default, Windows launches all services with SYSTEM-level privileges.
What this means is that if an attacker finds a flaw in a Windows process and manages to inject code, it will be executed with SYSTEM privileges. Bad bad thing! Btw, do you know the average number of flaws/bugs per line of code? Google it and you'll be surprised with the answer.
Another thing I'd like to add is that all these high-priviledged services are running by default in any system. What this means? That all of us have more that a dozen running services which we will never need but at the same time pose a great security risk because of a potential exploit in them!
- Windows requires that users log in with administrative privileges to install software, which causes many to use privileged accounts for day-to-day usage.
I could talk about these things for days but I guess it's a good time to stop now, just for today. If you find these interesting go on and read the article.
Oh, Slackware >> Windows :P
Post a Comment