[Coco] Re: OS Vulnerabilities (Was: Paypal )

[Dennis Bathory-Kitsz]

At 11:28 PM 2/27/04 -0600, James Ross wrote:
>I still blame the OS.  If and when a modern OS is devised, it should
>be practically indestructible and give control to the PC owner and not
>the programmer / engineer of the software. 
>It is easy to render your OS useless 
  why is this possible?  Bad
>design. 

Isn't all OSes vulnerable because they are complex, multi-purpose systems
written by many people under varying testing conditions and, most
importantly, systems intended to handle massive quantities of unpredictable
external activity?

There have been Unix and Mac exploits, but these get little publicity
(although a recent Linux exploit was severe; Linux runs our cable modem
system in our town, and my stepson -- the system designer -- was doing some
fast patching).

The difference is desirability. Why waste your time creating a virus for an
OS few people actually use or, more importantly, will get little publicity?
Windows is everywhere, and if you want to propagate something and get some
backslapping from your fellow haxorz, you choose the most popular (unless
you're showing off to a specialized geek crowd somewhere).

The key to compromising an OS is discovering what hasn't been predicted in
combination with being a digital con artist or impostor. More isn't
predicted than is, so it's only a matter of time, effort, interest, digital
smooth-talking, and clever grooming.

I think that anybody with tech smarts, tools and experience who can't
exploit an OS isn't really trying. Either that or it's not a true,
multi-purpose OS.

Dennis