Quote:
Originally posted by Tobiasly
You're misinterpreting my reply, Maggie. Headsplice asked "why not plug holes along the way"
|
Sorry...but my first post opening the thread was "This is a pretty big hole." Thought you were replying to me. :-)
Quote:
|
So yes, it's a friggin' big security hole, but it's not a hole in the sense of a bug..."
|
Well, there are two major kinds of software defects: failures to implement the design as intended, and failures *of* the design to meet requirements. This is one of the latter.
One could argue (pointlessly) about whether that's a "bug" or not. Certainly MSFT's public response to the report is "working as designed". Of course their private response was "Shit, I hope nobody notices what a nasty vuln this is, because it will be incredibly difficult to do anything about it".
And ultimately, it will serve as one more excuse to tighten the restrictions on what code is allowed to run on Windows. Ultimately I expect to see nothing permitted to run that isn't signed by MSFT....and that only if they think your licence is current.
How long before you start paying by-the-drink to use Windows?