Comments on: Worm Hole in Win2k, and Windows Protection as a Business Model http://www.theinternetpatrol.com/worm-hole-in-win2k-and-windows-protection-as-a-business-model Internet Safety, Windows Updates, Internet News, and More Sat, 30 Aug 2008 05:48:23 +0000 http://wordpress.org/?v=2.5 By: chris http://www.theinternetpatrol.com/worm-hole-in-win2k-and-windows-protection-as-a-business-model#comment-2326 chris Tue, 09 Aug 2005 16:22:00 +0000 /?p=930#comment-2326 eEye has made some pretty strong claims, but the article seems to say that they only go so far. I am using OSsurance Desktop, which protects against all buffer overflow vulnerabilities by detecting overflows and refusing to run the code. OS Security also combined in the program refusal to run any program that the user does not add to a white list voluntarily and the function of detecting and refusing substituted dll's (proxy attacks) as well as programs that self-modify on the way from the hard disk to ram. I would like to see this article rewritten with awareness of OSsurance. There is a great (and by some miracle, objective) review at http://kareldjag.over-blog.com/article-498061.html Also, the main reason I tried OSsurance and bought it, was this press release from them, which is aimed at Firefox, but if you extend the logic, is really about all of Windows. http://ca.prweb.com/releases/2005/5/prweb239525.htm Anyway, the upshot of this whole discussion is that by using OSsurance I don't feel the need to ever consider any specific vulnerability or download any "critical patch" (ooo, scary). For the last two months I have seen OSsurance stop various attacks on my system and the guy on the overblog site above seems to have thrown everything at OSD that he can. So there. eEye has made some pretty strong claims, but the article seems to say that they only go so far.

I am using OSsurance Desktop, which protects against all buffer overflow vulnerabilities by detecting overflows and refusing to run the code. OS Security also combined in the program refusal to run any program that the user does not add to a white list voluntarily and the function of detecting and refusing substituted dll’s (proxy attacks) as well as programs that self-modify on the way from the hard disk to ram.

I would like to see this article rewritten with awareness of OSsurance. There is a great (and by some miracle, objective) review at
http://kareldjag.over-blog.com/article-498061.html
Also, the main reason I tried OSsurance and bought it, was this press release from them, which is aimed at Firefox, but if you extend the logic, is really about all of Windows.
http://ca.prweb.com/releases/2005/5/prweb239525.htm

Anyway, the upshot of this whole discussion is that by using OSsurance I don’t feel the need to ever consider any specific vulnerability or download any “critical patch” (ooo, scary).
For the last two months I have seen OSsurance stop various attacks on my system and the guy on the overblog site above seems to have thrown everything at OSD that he can.

So there.

]]> By: K. Avery http://www.theinternetpatrol.com/worm-hole-in-win2k-and-windows-protection-as-a-business-model#comment-2313 K. Avery Sat, 06 Aug 2005 18:54:44 +0000 /?p=930#comment-2313 This goes along with what many of us have been saying for years- fix the code BEFORE adding any new features. Hopefully someday they'll get it... This goes along with what many of us have been saying for years- fix the code BEFORE adding any new features. Hopefully someday they’ll get it…

]]> By: Ben Oddo http://www.theinternetpatrol.com/worm-hole-in-win2k-and-windows-protection-as-a-business-model#comment-2309 Ben Oddo Fri, 05 Aug 2005 14:03:27 +0000 /?p=930#comment-2309 Having a second pair of eyes (forgive the pun) looking at code, documentation, published material, etc. is always a benefit. That's why there are editors. Perhaps Microsoft, and other software publishers would do their customers a great service if they were to hire firms like eEye BEFORE releasing their product for beta testing. Imagine that, an O/S released and no security flaws. Perhaps Microsoft can devote their time between O/S releases to develop something truly innovative rather than constantly putting out fires. Having a second pair of eyes (forgive the pun) looking at code, documentation, published material, etc. is always a benefit. That’s why there are editors. Perhaps Microsoft, and other software publishers would do their customers a great service if they were to hire firms like eEye BEFORE releasing their product for beta testing. Imagine that, an O/S released and no security flaws. Perhaps Microsoft can devote their time between O/S releases to develop something truly innovative rather than constantly putting out fires.

]]>