November 01, 2003
Microsoft Bits

A couple of things about MS and their tech that I found this morning:
  • Windows XP SP2 is a look at what to expect in the as-yet-unreleased SP2 for Windows XP.
  • The version of Longhorn that was released at the Microsoft PDC show did not include the littlebit touted "Avalon" interface which utilizes hardware graphics rendering like OS/X and can (apparently) do wonderful and amazing things. Anyway, the interface is kept under tight wraps, but there are some digicam shots of it that were found over at betanews.




Posted by Arcterex at November 01, 2003 12:51 PM
Comments

Interesting note: Though they are shipping XP SP2 with ICF turned on by default, they give APPLICATIONS the rights to turn on/turn off ports:
For this scenario, ICF can automatically open and close ports as needed by the application. When an application that needs to listen on a port or ports is being installed by an administrator, it will need to ask the user if he/she wants to allow the application to open ports in the firewall. If the user consents to this, then the application should use the INetFwV4AuthorizedApplication API to add itself to the AuthorizedApplications collection as enabled. If the user does not consent, then the application should use the INetFwV4AuthorizedApplication API to add itself to the AuthorizedApplications collection as disabled.

So, basically, it's the responsibility of the application to say whether it's authorized by the user to open the firewall or not? What's to stop a malicious programmer from writing a trojan that just adds itself to the AuthorizedApplications collection as enabled?


Posted by: Darren on November 5, 2003 11:30 AM
Post a comment
Name:


Email Address:


URL:


Comments:


Remember info?