On Mon, 2006-06-05 at 07:51 -0400, James Knott wrote:
However, bad software engineering practices certainly don't help. Read up on how MS embedded IE into the operating system, just so they could claim it couldn't be removed, without killing the OS.
It's even worse than that! They put it at the _core_ of every major DLL in Visual Studio. You couldn't even build software with Visual Studio 5 + without tapping some MS IE. So even earlier Windows OSes _required_ MS IE to be installed to run newer Windows software. Even in Visual Studio .NET today, some of those DLLs assume "Chicago" security (i.e., none) and not Win32/NT.
This tactic opened up Windows to vulnerabilities, in that problems with IE have now become OS problems.
And virtually every Windows app since Visual Studio 5.
That has to be among the stupidest decisions MS ever made.
Yep. And they still haven't addressed it -- much less that the first year Microsoft said they "addressed security," most code auditors were shut out of MS application meetings. Why? Same reason as always ... "will push back release date" and they used to get overrides from management. I understand the Vista security engineering leads are extremely frustrated with this -- especially with the .NET being _completely_ignored_ by the tool and application developers. -- Bryan J. Smith Professional, technical annoyance mailto:b.j.smith@ieee.org http://thebs413.blogspot.com ------------------------------------------------------- Illegal Immigration = "Representation Without Taxation" -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com