Originally Posted by Jigglypuff
you miss the point entirely.
and yes microsoft has written a number of these holes into its system on purpose. they have said so themselves. now they have called them "features" until someone with a brain shows them why its stupid. and these things include a GOOD number of things that SP2 does.
i mean what retard at microsoft thought up the "feature" where a website can install a program on your computer without your consent or knowledge?
First of all, there isn't a feature were a website can install a program on your system without your knowledge, some sites have used vulnerabilities not "features" to do that.
Maybe you would prefer that you can't install anything downloaded? because it's the only way to prevent that from happening, you are supposed to install only software with a valid certificate but there are always ways around it, the same way you can break a lock in a house.
I would like you also to enumarate what are those holes that Microsoft intentionally put there, especially in SP2. The documentation about SP 2 is quite technical and there is a large part of it that I don't understand even though I work in IT, I am only concerned with the features that affect programmers, like authentication in MST, RPC, pipes, messaging, etc.
the only way to make an OS safe (any os) is to stay away from the internet, as simple as that, if you are connected you are vulnerable, and some of the features you think are brainless are also present in the mac os.
Buffer overflow is one of the most exploited vulnerabilities and that's possible in any application or OS, and I can promise you that every application has vulnerabilities, and many of them.
BTW, I use Windows and never had a problem.
another thing, the zero hour vulnerabilities are quite rare. a vast majority of attacks occurred against known vulnerabilities that haven't been patched (the patch exists but hasn't been installed). Most of the vulnerabilities to which there is an exploit and not a patch are not in the wild and are only known in labs. The majority of the security problems are not detected by hackers but by consultants and antivirus companies, hackers take advantage of that information.
You might also find interesting that some of the worst attacks (like DDOS) targetted Cisco and not Microsoft's vulnerabilities. Maybe we should get rid of Cisco?