trust? - win2k source code tools
Results 1 to 6 of 6

Thread: trust? - win2k source code tools

  1. #1
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325

    trust? - win2k source code tools

    I've been following along with the discussions on the FD list and looks like along with the source that leaked... the tools that make programs "trusted" were included with it...

    NOW EVERY EXECUTABLE IS TRUSTED AND DIGITALY SIGNED

    found this interesting... \win2k\private\inet\mshtml\build\scripts\tools\x86

    iexpress.exe
    signcode.exe
    makecert.exe ( DigSig.dll )

    ( in fast food voice ) and who would you like your package to be certified from today sir? \win2k\private\ispu\pkitrust\initpki\certs\

    looks like the viri / trojan kiddies will have some fun with this. yikes to PE format executables.

    alas... i could be wrong,

    m.wood
    Now, I thought that the source being released was going to be bad...

    Looks like these files were already available?

    Certificate Creation Tool (Makecert.exe)

    http://msdn.microsoft.com/library/de...akecertexe.asp

    http://msdn.microsoft.com/library/de...eworkTools.asp

    signcode.exe

    http://longhorn.msdn.microsoft.com/l...gncodeexe.aspx
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Well, wouldn't it make sense that this be available if a DC could be used as a CA? I would think that the machine has to have a way of making certificates and such? IIRC, a post in that thread pointed out this was out with the IEAK and AFAIK, any browser, including IE, has certs for various root level CAs. I suspect that MS put that in so that applications could take advantage of MS' products being CAs when needed.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Yes, it would make sense...

    So, if these tools are already available... then m.wood's point was "wrong"...

    Didn't see that last post in the thread... about the SDK and IEAK.

    Please excuse this pointless thread... or delete it if you choose.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Possibly.

    But I think it also leads to the question of how much of an option is left to the user to make a decision as to what to trust. If the OS trusts everything, then it's not really secure (trusts based entirely on a single method can be exploited). It may not be as big of an issue in exploitability but could be a question of how secure that particular section of code (and we do need to remember we have a small snippet of what is in all of Win2K) and how security oriented that code is. (if that makes sense?)
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    Junior Member
    Join Date
    Feb 2004
    Posts
    1
    In my opinion, since Microsoft wants to remain a propriatory software vendor, and not opt for becoming open-source, then releasing the source code to anyone was not a good idea for business.

    what I don't understand, is why Microsoft would wish to remain closed source, looking at the successes of companys such as RedHat and MandrakeSoft. Taking a company which already has a large market share, and adding to their customer base by making their software open source (and i'm not even talking about GPL here, simply open source) would have been in the best interests for business.

    Then that avoids all the problems they're having now with parts of the NT and 2000 source code being leaked.

  6. #6
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    what I don't understand, is why Microsoft would wish to remain closed source, looking at the successes of companys such as RedHat and MandrakeSoft. Taking a company which already has a large market share, and adding to their customer base by making their software open source (and i'm not even talking about GPL here, simply open source) would have been in the best interests for business.
    Not necessarily. Look at Oracle. By far, it has the single largest share of the database market and will probably remain so even with contenders like MySQL (which has some things to do before it's truly a serious contender). MS still has a strong base of paying customers with a closed environment. Why would they open themselves up to be copied?

    As for the code being leaked, there's a link I put in another thread (which I will put at the bottom of this one) that suggests the leak may not be as bad as people think, especially given the amount of code (only about 100MB versus 40GB worth.. heck, it was only 30,000+ files... given that NT was what.. 16 million lines of code it's not a big part) and the area of code taken, the risk is there but it's not as big as people think. Humourous now but probably not as bad as some might think.

    http://www.kuro5hin.org/story/2004/2/15/71552/7795
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •