| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Oracle plans to patch peck of flaws | |
|
||
| Time: 02:02 EST/07:02 GMT | News Source: CNET | Posted By: Robert Stein | ||
|
Litchfield said that Oracle may want to take a page from Microsoft's book in terms of improving the company's overall approach to patching holes in its software. "Microsoft has traditionally been a big target, and they've suffered publicly because of that," he said. "But Microsoft has adopted better internal processes to address the problem, and they've now advanced past the rest of the market in terms of their ability to respond to new issues." | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 306 Last | Next |
The time now is
2:39:43 PM
ET.
Any comment problems? E-mail us |
| #1 By 2332 (65.221.182.2) at 8/4/2004 9:50:55 AM |
|
Speaking of patching flaws, I was talking with some of my "contacts" from Microsoft and they were telling me about the upcoming updates infrastructure in Longhorn.
Basically, instead of having to patch entire DLLs, Longhorn (And Longhorn server) can patch a subset of bytes within the files. This means instead of downloading a 2MB DLL, you might only have to download a 2k DLL patch. Imagine XP SP2 being 100k istead of 100MB! :-) He told me lots of other cool stuff coming down the pike too... we'll just have to wait and see. |
| #2 By 2332 (66.228.91.12) at 8/4/2004 8:37:19 PM |
|
#6 - it's a lot more complex than a simple diff. And no, I've never heard of IPS patches before.
From what my contact told me, Microsoft is working on the ability to even partially patch files. So if there are 5 sections of bytes that need to be updated, the patching infrastructure will know what sections rely on what other sections and make sure to roll back dependant sections. In addition, there is a bunch of encryption built into updating system. One of the easiest ways for hackers to figure out how to take advantage of vulnerabilities is by looking at what the patches fix. By encrypting the patching process this is made more difficult. Microsoft's goal here is to be able to queue up lots of bug fixes and patch them all at once, making it nearly impossible for hackers to sort things out. This scheme would be impossible if a 200MB service pack was needed every couple of months. But if that same service pack is 200k, it's a whole new ball game. |
| #3 By 2332 (65.221.182.2) at 8/5/2004 2:52:11 AM |
|
#8 - They now cannot do away with DLL hell unless they dump an entire legacy of compatibility. So they have no choice but to break compatibility or keep different kludges for "it's not a bug it's a feature" programs.
The majority of security and bug fixes are with the implementation, not the public interface. This really isn't an issue to begin with, and it certainly isn't a new issue with the patching system I'm talking about. They can't store different versions of DLLs (as XP is capable of doing) Huh? XP is capable of keeping backups of older versions, but only one version be run at a time. Unless you're talking about .NET and the GAC, but that has nothing to do with XP. By obfuscating their APIs in the first place they have created an environment where applications depend on specific DLL behaviour, and if this is changed it breaks compatibility. How have they obfuscated their APIs? Can you give a specific example? What type of encryption? If there is encryption built into the updating system, what good will this do when hackers can just compare the normal unencrypted file to the finished product after the patch is applied? I don't know the exact kind of encryption. It does a lot of good because instead of being able to see each set of bytes along with their associated meta data, the only thing they can see is the final result. The greater the number of patches applied to the DLL, the harder it is for bad guys to figure out what's going on. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 306 Last | Next |
The time now is
2:39:43 PM
ET.
Any comment problems? E-mail us |
