Firewall Wizards mailing list archives
Re: Win 2000 any better?
From: "Gene C." <czar () acm org>
Date: Sat, 6 Nov 1999 10:30:26 -0500
On Thu, 04 Nov 1999, Mikael Olsson wrote:
I'd just like to point out a couple of things regarding security here... 1. Win2000 might have more nifty security policies and editors in place, but that does not constitute security in and of itself. 2. Most attacks that we see today have NOTHING to do with setting object-based security in operating systems. 3. Most attacks today are based on BUGS in the operating systems and applications. 4. The average programmer goofs up (causes a bug) on average in 1-3 places per 1000 lines of code. 5. Win2000 introduces some 15 million (more? little less?) lines of new code.
I believe that you are underestimating the potential size of the problem. Win/NT 4.0 has about 13-15 million lines of code. From what I have heard, Win/2000 has about 40 million lines of code (or maybe more). Furthermore, according to a book I read (don't remember the title) which analyzed how Microsoft develops code, Microsoft has a "policy" of rewriting at least 20% of existing code between major releases. Given the above, I would estimate that Win/2000 has about 28 million lines of new code. Of course the functioning of the remaining 12 millon or so lines of code could dramatically change as a result of the new code. Given the size of this monster, I seriously doubt that anyone (inside or outside of Microsoft) truely understands what is going on. Additionaly, Microsoft seems to like the idea of small functions which "look under a rock" to see if a message is for this function and if it is it leaves another message under a "different rock". This further complicates the understanding of just what happens when some event occurs. Gene [snip]
Current thread:
- Re: Win 2000 any better? REID FOX (Nov 01)
- Re: Win 2000 any better? David LeBlanc (Nov 06)
- <Possible follow-ups>
- Re: Win 2000 any better? Mikael Olsson (Nov 05)
- Re: Win 2000 any better? Gene C. (Nov 06)
- RE: Win 2000 any better? Henry Sieff (Nov 07)
- RE: Win 2000 any better? Russ (Nov 07)
- Re: Win 2000 any better? REID FOX (Nov 08)