[cap-talk] "Immutable Law" #1 is alive and well at Microsoft
David Hopwood
david.hopwood at industrial-designers.co.uk
Fri Oct 5 13:25:44 EDT 2007
Ka-Ping Yee wrote:
> On Thu, 4 Oct 2007, Mark Miller wrote:
>> As stated, no one actually believes this "law".
>
> But then why do Microsoft security people still call it "Immutable
> Law #1"?
Because they are too careless to say what they mean.
> What do they mean when they say this?
They are talking about Windows executable files (not running under
virtualization), probably. Of course they know, and will admit if
pressed, that a "program" is not necessarily a Windows executable,
but see above: they are too careless to think that being precise about
this is important.
This degree of carelessness rarely if ever coincides with the competence
needed to design secure operating systems or applications.
Also, the agenda behind the list seems to be to dismiss as invalid
as many claims of security bugs in Windows as possible:
# Don't hold your breath waiting for a patch that will protect you from
# the issues we'll discuss below. It isn't possible for Microsoft-or any
# software vendor-to "fix" them, because they result from the way
# computers work.
--
David Hopwood <david.hopwood at industrial-designers.co.uk>
More information about the cap-talk
mailing list