Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Tuesday June 10 2014, @02:50AM   Printer-friendly
from the incomplete-updates-are-available dept.

Darren Pauli writes at the Register that researchers who scanned 900 Windows libraries have uncovered a variety of security functions that were updated in Windows 8 but not in Windows 7. Researcher Moti Joseph speculates Microsoft had not applied fixes to Win 7 to save money. "Why is it that Microsoft inserted a safe function into Windows 8 [but not] Windows 7? The answer is money. Microsoft does not want to waste development time on older operating systems ... and they want people to move to higher operating systems," Joseph said in a presentation at the Troopers14 conference.

Joseph along with Marion Marschalek developed a diffing (comparison) tool dubbed DiffRay which compares Windows 8 with 7, and logs any safe functions absent in the older platform. In a demonstration of DiffRay, the researchers found four missing safe functions in Windows 7 that were present in 8 (Youtube). Future work will extend DiffRay's capabilities to find potential vulnerabilities in Windows 8.1 (PDF), add intelligence to trace input values for functions and incorporate more intelligent signatures used to find potential holes. "If we get one zero-day from this project, it's worth it," says Joseph.

Editor's update: For those who prefer, the Presentation Slides (PDF) are also available.

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Funny) by Marand on Tuesday June 10 2014, @03:55AM

    by Marand (1081) on Tuesday June 10 2014, @03:55AM (#53569) Journal

    Hey you know what. Linux distributions have even shorter support schedules. Releases are supported for one or two years, maybe five years if you're fucking lucky. And why? Because those Linux distributors want you on that treadmill consuming the new releases, that's why. FUCK LINUX. FUCK IT HARD.

    If you feel Debian's charging you too much for each release, you can always try a rolling-release distro. You only pay $0 once and get unlimited security updates for life, unlike those assholes that expect you to pay $0 for each version.

    Starting Score:    1  point
    Moderation   +3  
       Insightful=1, Funny=2, Total=3
    Extra 'Funny' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 3, Funny) by EvilJim on Tuesday June 10 2014, @04:20AM

    by EvilJim (2501) on Tuesday June 10 2014, @04:20AM (#53579) Journal

    Even that sounds steep you know? I might settle for something completely non debian... like Mint or Ubuntu ;p

  • (Score: 0) by Anonymous Coward on Tuesday June 10 2014, @06:49PM

    by Anonymous Coward on Tuesday June 10 2014, @06:49PM (#53876)

    Debian's[...]rolling-release
    That's one way to get infinite support for your Linux install.
    (There are other bloodlines that are also available as rolling releases; Arch springs to mind.)

    $0
    If you like paying for support ("having someone to blame"), there's RedHat and its ~10 years of support for releases.

    In addition, there are gratis spins which use the RedHat codebase and get that long support.
    Scientific Linux -or- CentOS [google.com]
    Not cool enough out of the box? No problem. [dedoimedo.com]

    My big question:
    What portion of the computer-using public continues to use ONE computer (hardware) for 10 years--much less the same version of the same OS?
    Historically? Currently?
    With my -not- ditching hardware due to boredom with it (or at the first sign of trouble) and only abandoning stuff after it is completely unrepairable with easily-substitutable pieces, you'd be correct to assume that I've gone through several OSes on each of my rigs.

    In the big picture, I'm pretty sure that guys like me/us who keep their old stuff running are -not- so common.
    My impression is that most folks "update"/"upgrade" by buying something entirely new.
    With Good Enough(tm) having been achieved years ago WRT hardware, and with $0 easily-substitutable FOSS becoming more common, and with more and more people forced to watch every penny, we'll have to wait and see whether the old meme remains the standard practice.

    -- gewg_