Scarfo "keylogger", PGP

[John R. Levine]

Of course, but the difference is that Windows users routinely install
programs that update libraries in random ways, Unix users don't.  By
and large, Unix applications only install libraries unique to the
application, and the general stuff only changes when you upgrade the
operating system.  If you're moderately clueful (a big assumption, I
know) the applications aren't installed as root so they can't whomp
the system libraries.  Most Windows applications, on the other hand,
come with copies vendor C libraries, graphics libraries, and who knows
what else, and just install them in \Windows\System.

It's a very common problem on Windows systems to have programs
mysteriously stop working because the user installed an unrelated
application that happened to use the same DLL, but the newly installed
version is older than the previous one and is missing features or bug
fixes.  The current generation of install software tries to check
version numbers and warn you if it's about to downgrade a library, but
it's entirely a convention in the installation software, not enforced
by anything.



>The same is true of, say, libX11.so, or worse, libpam.so, on Unix
>systems.

>> One of my continual gripes about Windows security has to do with the GUI
>> DLLs. An attacker could silently replace a component with one which has
>> the old version number and the same API as the normal one, but which 
>> does something extra -

-- 
John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869
johnl at iecc.com, Village Trustee and Sewer Commissioner, http://iecc.com/johnl, 
Member, Provisional board, Coalition Against Unsolicited Commercial E-mail



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com