Comment Well, C++ is a very insecure "OS" then... (Score 0) 461
Obviously, I think most of us with a reasonable schooling in software would agree that applications written in C++ are the biggest security threat for PCs today. This is why you've been seeing more and more Java based applications on the PC lately. Most of the C++ vulnerability comes from a single, well known, and often exploited bug in the Windows C++ virtual machine. This bug allows C++ programmers to access protected and private data that is SUPPOSED to be secured by the C++ virtual machine. Here's a simple example of a crack that would allow a C++ programmer to access improperly secured data:
Let's say we have this class called PersonalFinances:
Class PersonalFinances
{
private:
char creditCardNumber[16];
};
To bypass the Windows C++ security manager, all we need to do is write some code like this:
Main( )
{
PersonalFinances finances; // Forge a pointer to peek inside the class
char *cardno = (char*)
printf("Stolen credit card number = %s\n", cardno);
}
Simple as that... we have stolen "secure" data. Curiously enough, this code sample came from O'Reilly's "Learning Java" book. This book was first printed in 2000, which means that this critical security bug has been known for over 3 years! I find it quite unbelievable that this lack of response (from Microsoft) is tolerated in the software community. Why haven't they responded? Simple... MONEY. Rather than maintain old code, Microsoft would rather push their new .Net framework as a new standard and make big cash off of its widespread adoption. Another way that MS will profit from this security hole is by pushing their dreaded Palladium scheme on us. Palladium, put simply, is just a hardware solution for this exact sort of security issue. Meanwhile, we consumers sacrifice our privacy through insecure software so Microsoft, Intel, and AMD can reap big profits sometime in the future.
If you are fed up with these monopolistic profit schemes, this is what you do. Start or support an open source Windows C++ virtual machine project. A port from the Linux VM should be possible.
We DEMAND better protection of our privacy!!!
Let's say we have this class called PersonalFinances:
Class PersonalFinances
{
private:
char creditCardNumber[16];
};
To bypass the Windows C++ security manager, all we need to do is write some code like this:
Main( )
{
PersonalFinances finances;
char *cardno = (char*)
printf("Stolen credit card number = %s\n", cardno);
}
Simple as that... we have stolen "secure" data. Curiously enough, this code sample came from O'Reilly's "Learning Java" book. This book was first printed in 2000, which means that this critical security bug has been known for over 3 years! I find it quite unbelievable that this lack of response (from Microsoft) is tolerated in the software community. Why haven't they responded? Simple... MONEY. Rather than maintain old code, Microsoft would rather push their new
If you are fed up with these monopolistic profit schemes, this is what you do. Start or support an open source Windows C++ virtual machine project. A port from the Linux VM should be possible.
We DEMAND better protection of our privacy!!!
