More mud sticking to Microsoft...
Published: 9 August 2002 08:20 GMT
By Matthew Broersma
A security expert has sparked fresh controversy regarding the security of Microsoft's Windows operating system.
Chris Paget, a freelance security researcher, has claimed a flaw in the design of the Windows architecture has led to vulnerabilities in an unknown number of Windows applications.
Paget published a whitepaper demonstrating what he calls a 'Shatter Attack', which allows a user to elevate his or her privileges and gain control of a system. The attack makes use of a flaw that Paget says may be found in many Windows applications, due to the way the Windows application programming interface (API), Win32, is designed.
The security of Windows APIs has come under the spotlight recently because of Microsoft's antitrust case. Under the terms of a proposed settlement, Microsoft would be required to disclose the workings of previously secret APIs - a process the company has already begun.
However, Microsoft would reserve the right not to disclose APIs which are important for Windows security, in keeping with what the company's critics say is a strategy of "security through obscurity".
Paget argues that his research shows that far from obscurity providing the best security, the reverse strategy is more effective. "If people know about these problems, they can work around them," he said. "If they don't, they've got no choice but being vulnerable to them. It comes back to whether you think full disclosure is a good thing."
Click here to read more about the 'Shatter Attack': http://www.silicon.com/a55026
What do you think about this story. Does it highlight the need for more openness in the security field? Should Microsoft be more of a sharing, caring company. Register a reader comment below.
Matthew Broersma writes for ZDNet UK
Key Responsibility Areas Development for ultra-low latency, high frequency trading engine Client connectivity and Core Matching Engine development ...
Key accountabilities To manage the provision of Linux operating system to support the Business System community To provide technical support to the ...
A thorough understanding of network attack methodology is assumed as is the attendance of a relevant IDS course. SOC ANALYST, Security Cleared (SC). ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Is Your Enterprise Architected for Tomorrow's Growth?
Improving IT service delivery through an integrated approach to software asset management...
TechRepublic Resource Guide: Software as a Service (SaaS) for Small and Midsize Businesses...
Download a Free Trial of SmartDraw: Learn why SmartDraw is the ideal alternative...
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy