Mark & Juanita wrote:
I don't think I said anything differently, although I'm not sure
what the
boys from Ft Meade have to do with malicious viruses floating around
on the
internet. The point is, that when you have different implementations
floating around, then the exploits that take advantage of a specific
vulnerability (unless it is a shortcoming in the standard itself)
will not
work on all implementations. Thus, instead of the homogeneous system
we
have now in which all windows machines are vulnerable, for example,
to the
blaster worm because of a specific buffer overflow, in a diverse
market
place with different implementations of the same standard, it is
likely
that only one of the implementations would be vulnerable to that
particular
exploit. Doesn't mean other exploits wouldn't work on a different
implementation -- what it means is that not *all* systems would be
vulnerable to the "virus de jour". Seems much more robust to me.
Of course a system that uses Code-Data-Separation will be immune
to ALL buffer overflow exploits. Microsoft's disdain for common
sense practices is largely why their software is vulnerable to
_so many_ security problems.
--
FF
|