Threats from Longhorn

Discussion in 'Spyware' started by Kyle Thomas Pope, Oct 29, 2003.

  1. With Microsoft pushing its next iteration of Windows, codenamed
    Longhorn, is there any information as to what security and privacy
    problems this new OS will pose? I realize that any facts regarding
    Longhorn are pretty thin at the moment given the secrecy surrounding
    the project but I have to worry given MS's previous track record in
    these areas combined with the whole TCPA/Palladium dust-up of not too
    long ago. Windows XP was a major step towards usurping control of PCs
    from their users and I have to imagine Longhorn is going to continue
    the trend.

    So are there any Microsoft moles out there who can address this
    question?

    -----
    Kyle Pope

    "I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered!" - No. 6

    Keeper of the Edit List -

    (http://www.animenewsnetwork.com/columns/edit-list.php)


    ----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
    http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
    ---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---
     
    Kyle Thomas Pope, Oct 29, 2003
    #1
    1. Advertisements

  2. Kyle Thomas Pope

    Jim Byrd Guest

    Hi Kyle - The following is courtesy of Larry Samuels, MVP
    :

    "The details of WinFS security are here:
    http://longhorn.msdn.microsoft.com/lhsdk/winfs/conWinFSSecurity.aspx

    In the PDC release, the security model is not implemented. The proposed
    security model uses ACLs on items in the store and when a user attempts to
    access an item the system will perform a check against the user's Windows
    access token. Thus, if you have permission (explicitly for your account, or
    through a groups that you are a member of) then you'll get access to the
    item. As to the idea of a virus harvesting contacts - this assumes that the
    virus can run under an account that has the permission to access contact
    items. Thus the emphasis is to prevent rogue code from running on a system
    under a priviledge account, and this is where .NET code access security
    comes in - downloaded code should not have the permission to access the
    store.


    Larry Samuels MS-MVP (Windows-Shell/User)
    Associate Expert
    Unofficial FAQ for Windows Server 2003 at
    http://home.earthlink.net/~larrysamuels/WS2003FAQ.htm
    Expert Zone - www.microsoft.com/windowsxp/expertzone"


    Also, you can find additional Longhorn-related info/links here:
    http://aumha.org/win5/a/longhorn.htm


    --
    Please respond in the same thread.
    Regards, Jim Byrd, MS-MVP



    In
    =---
     
    Jim Byrd, Oct 29, 2003
    #2
    1. Advertisements

  3. I think what the below says is that there is no privacy and you
    can forget security.
     
    Larry Ludwick, Oct 29, 2003
    #3
  4. Kyle Thomas Pope

    Jim Byrd Guest

    Hi Larry - I think that's mostly true for the PDC preview release. However,
    if you read thoroughly at the link Larry Samuels provided, you'll find that
    a reasonably strong security model is discussed for the final. I can assure
    you that this is a "hot" topic in MVP and Developer circles, FWIW. :)

    --
    Please respond in the same thread.
    Regards, Jim Byrd, MS-MVP



    In
     
    Jim Byrd, Oct 29, 2003
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.