Why is Microsoft run by morons?

When I install a program or an update and the idiot popup appears why doesn't it say...

"Do you want to allow the following program to make changes to files in the following directories? program name, company name, directory1, directory2, directory3..."

Instead you have to grant permission allowing total access to the entire file system.

Also, are you kidding? Why would USB have no security?

http://money.msn.com/business-news/a...31&id=17821156

On Thu, 31 Jul 2014 06:53:33 -0700 (PDT), Davej
wrote:

Instead you have to grant permission allowing total access to the entire file system.

Also, are you kidding? Why would USB have no security?


It's a computer, hence within such means. Remote communications. Not
a problem for another computer located halfway across the world to
take control of yours - provided you provide permission, in the case
of a big INET provider with support offices in Pakistan or the
Philippines.

Some are just being polite in that regard. Others do whatever the
hell the want with or without stating intent or qualification.

A bit like driving a car. Leaving byways and highways, trailblazing
across open country with the wind in your hair, designer sunglasses, a
glass of wine, and all of that. Run what and from where you will.

Except it's really a rocket ship, and not merely a car, some need mind
when obviously directing computer programming to specific ends.

On Thu, 31 Jul 2014 13:43:44 -0400, Flasherly
wrote:

Except it's really a rocket ship, and not merely a car, some need mind
when obviously directing computer programming to specific ends.


Relax and take a pill.

Proactive Watchdog BigBrother's team is on this.

It's called: Back Off!

Catchy. Might be serialized for another hit, sedentary-series law
enforcement television pilot.

(USB constitutes well within a stipulated lawful inclusion, in a
bullitin of means of retail distribution centres for illegally [POS]
infested activities.)

http://www.globalpost.com/dispatch/n...ealing-malware

Davej wrote:
When I install a program or an update and the idiot popup appears why doesn't it say...

"Do you want to allow the following program to make changes to files in the following directories? program name, company name, directory1, directory2, directory3..."

Instead you have to grant permission allowing total access to the entire file system.

Also, are you kidding? Why would USB have no security?

http://money.msn.com/business-news/a...31&id=17821156


A rethink of the PC architecture, could fix this.

The PC architecture was never designed for this level
of sophistication and "intelligent" hardware. It needs
to be redesigned. Virtually every piece of hardware
you use now, has a processor in it. For example, the
$5 USB to PS/2 adapter with the Chesen chip inside, that
one has an 8085 running at 12MHz inside the chip. Lots
of things have that style of microcontroller in them.
Having a microcontroller, makes it easier to patch the
behavior of hardware after the design is finished. Nobody
wants to do fixed-function hardware any more. Even your CPU
has microcode patching capability, and CPUs are routinely
released with 100 bugs inside them, all patched out by
microcode.

Even FPGAs have a PowerPC core inside each one, so you
can write PPC code and make your FPGA "intelligent".

Even some CPU designs are getting a wart on the side.
AMD talked of adding an ARM security processor to
the x86 set of cores. The ARM security processor
would be for adding certain security features.

Intel chipsets have a microcontroller in them, and
the tinfoil hat crowd were pointing at that
as an attack point.

I think the takeaway from all of this, is that
hardware capabilities have outpaced our ability
to properly control and vet them. Even black hats
with modest resources, can do stuff they shouldn't
be able to. And the PC architecture could do with
an update, in response. Of course, the user would
get screwed in the process (hardware box would
feel "restrictive"), but that's the price you'd pay.

As for secure implementations, hardware guys have
a pretty poor track record. Lots of things
were initially touted as being secure, only to
have someone tip them over. It can take several
hardware iterations, before a claim of security
is actually true. So even if we invented a new
PC architecture, with every device signed and
equipped with certificates, it would take
several generations to sew them up.

Paul

In the last episode of
, Davej
said:

When I install a program or an update and the idiot popup appears
why doesn't it say...

"Do you want to allow the following program to make changes to files
in the following directories? program name, company name, directory1,
directory2, directory3..."

Instead you have to grant permission allowing total access to the
entire file system.

You actually don't have to grant access to entire file systems, but by
tradition, permissions are at the user level and not application level,
so per-folder permissions cannot be offered at the moment.

Changing this would be a massive overhaul to the security model and
would break compatibility with legacy applications in a way that would
have users screaming and whining in a way that would make UAC look like
a feature that was generally accepted. It wouldn't be impossible, but
the holes you'd have to poke in the system to maintain backward
compatibility would likely negate the usefulness of the whole system.

--
1832-Curling is introduced to the U.S., giving Americans
a sport combining the surface of hockey with the thrill
of watching paint dry.

On Thu, 31 Jul 2014 15:40:29 -0700, DevilsPGD
wrote:

Changing this would be a massive overhaul to the security model and
would break compatibility with legacy applications in a way that would
have users screaming and whining in a way that would make UAC look like
a feature that was generally accepted. It wouldn't be impossible, but
the holes you'd have to poke in the system to maintain backward
compatibility would likely negate the usefulness of the whole system.

Just actually read the article - related to a conference limelighted
upon those TOR, rather US Univ. types (Carnegie Mellon) for attempts
to exploit it, then mysteriously pulling their slot upon the
conference's agenda after making claims they'd "cracked" TOR (in
something of no doubt a nice touch of scripting for further
dramatization).

This is also a "value system" issue, as to what constitutes assumed
rights people and their elective/representative body in turn
inalienably, in some manner, are to ensure they are protected.

Except it's not people by peoples of all nations, among presiding
multinational corporate interests, not wholly given within such formal
inclusion of rights of generally advertised/advocated freedom.

And it's not [even nearly] as blithe a tone of implications as have to
suggest in [portions of] the article. Notably - the NSA as a
[pro]active role player among "darker sides" of activities engaged
over a field of multinational operatives. The NSA has been designing
-- is directly instrumental in securing products/services built and
sold for purposes unknown to purchasing purveyors -- inasmuch for said
products to knowingly and wilfully violate security concerns, any
inalienable rights in spirit most certainly might qualify.

The article alludes to such value(s) as if danger presented to a body
politic, professionals if not upstanding in character, (might be)
reduced to spoiled little children greedily drawn into a circle
surrounding a candy jar. The party tow line. The candy, nonetheless,
is by and large within established and revealed, privately mundane
matters - such as who is or might be, to the best of my knowledge,
****ing whom - which the NSA, nonetheless, holds or displays neither
any particular immunity in better manners of discrete self control.

Than the rest of us, that is, what poor *******s we may be, such that
the NSA must tax us, so they'll be adequately paid and compensated in
government contracted wages, before spying the people.