New
#1
Let me know if I understand that read. Itunes by Apple was made also for Windows and it took Apple a little time to figure out that Windows systems use DLL.
Details...A Texas-based researcher claimed he had discovered that about 40 different Windows apps, including the Windows shell, suffer from a critical vulnerability that could open up users to attacks by hackers. The flaw was originally discovered in iTunes for Windows, and was patched by Apple four months ago with iTunes 9.1.
Let me know if I understand that read. Itunes by Apple was made also for Windows and it took Apple a little time to figure out that Windows systems use DLL.
Here is another article from Computerworld that discusses the issue in depth.
I dunno, it's almost not any different from saying that All OSes are completely insecure because they all allow people to DL and install programs.
Really, I'm serious. Even if every single other possible hole was fixed in every OS and every app, if you continue to let people individually develop, distribute and DL apps, you will have a GAPING unfixable vulnerabilities (As the mobile app market is finding out in spades right now).
This "trick" isn't really a trick at all, you still need to get the user to do something to "install" the file to start with, the difference between that and getting them to launch any random executable is pretty much nothing.
Update:
Article...On Monday, Microsoft confirmed reports of unpatched -- or zero-day -- vulnerabilities in a large number of Windows programs, then published a tool it said would block known attacks. At the same time, the company said it would not patch Windows because doing so would cripple existing applications.
Another
And another...
That's not a "fix". There is no fix. That will break tons and TONS of existing code... An app can't even look in its own folder for its own shipping DLLs?
Go ahead and look through your programs files folders and look at all the programs that ship and install DLLs in their "CWD". I bet virtually NONE of them fully qualify and hand load their DLLs at runtime. NO ONE does that. The number of exeptions you would have to put in would be enourmous and pretty much make using the global flag pretty useless :/
I am serious when I say that this "abomination" is merely one step away from some reasearcher proclaiming that Windows is hopelessy insecure becuase after you buy it you can be tricked into installing a trojan app. I.e. It's time to stop allowing people to install applications as that is a /serious/ security hole. An elephant in the room so to say. (Not even Apples vetted app store is free from problem programs)
I smell an Onion Article...
Free upgrade to Win8 for everyone. no more Dll's... no backward compatibility. ? I don't know how they will fix this issue otherwise.
I wonder if MS was already suspecting this and trying to move forward away from it in case anyone found an exploit.