Bitdefender 2010 1 year free license

[thefool]

The purebasic team has the source to the purebasic compilers, so why do they keep fixing bugs when they could just read the source code and find them?

Unlike PB, MS can afford to pay 100 experienced programmers to spend a year or two sifting through the Windows source looking for exploits.

I'm sure they have a large experienced team looking for bugs and exploits. But some things are just too hard to see in the source code. Have you ever done some serious programming in C?

[Kuron]

Have you ever done some serious programming in C?

Yes, have you?

MS would not have to find the exploits if they wouldn't have put them in there in the first place. What is continually being exploited is MS's F-ups. This is a company who has habitually handled security as an afterthought and MS's users are the ones who pay the price. Thankfully, MS has started getting more serious about security.

[thefool]

Have you ever done some serious programming in C?

Yes, have you?

Semi-serious, at least. I've programmed a compiler(from scratch, no parser generators etc.) for a functional programming language(with pattern matching, higher order functions, dynamic type checking at compile time etc.) in C for a 6-month project(fulltime+) at the university together with a few others, that is probably the largest thing I've written in C. Besides a few other things, mostly practices for courses, like a character device driver for Linux(nothing fancy, though) and some smaller projects for work and hobby. But the compiler was a rather tough one

Point is, many of the bugs we met was not really catchable by looking at the source code(even by a very experienced programmer i was working with) and only to be found when using external tools like GDB(and often it would involve massive time spent on stepping and breaking through various functions because the faults happened at a completely other place than when the debugger was triggered). They only happened runtime, and only under certain circumstances. Memory leaks are an extremely good example (and how many times do Mozilla close a memory leak problem in firefox? Its open source - why does it have bugs at all?)

Sure you can use tools like Valgrind to spot many leaks(and spot some using your eyes and brain), but certainly you'll miss some.

MS would not have to find the exploits if they wouldn't have put them in there in the first place

It is impossible not to leave open holes in such massive systems. Especially when they are due to design flaws. They have been re-designing a LOT of the problematic parts lately, which is why security is getting better. Not as much due to people finding bugs and microsoft fixing them.

[IdeasVacuum]

....a major part of the early exploits were actually C functions that could have a buffer over-run. All applications written in C were vulnerable, and that was not the fault of MS at all. However, MS has made a significant contribution to the efforts made to make C safer. These days, if I were to criticize MS about their security measures, I'd say they are becoming a nuisance to the Windows User.

More policing and more draconian penalties for the creators of viruses etc would be good. In the good old days, if you were suspected of being a witch, you would be dragged across a river underwater. If you survived that, then you certainly were a witch and so were burned at the stake

[thefool]

....a major part of the early exploits were actually C functions that could have a buffer over-run. All applications written in C were vulnerable, and that was not the fault of MS at all. However, MS has made a significant contribution to the efforts made to make C safer. These days, if I were to criticize MS about their security measures, I'd say they are becoming a nuisance to the Windows User.

So you basically agree with me
The new virtualization is a good idea but its a PAIN IN THE *** when you have older software that the customers use, written in an older language which doesn't really support manifests etc. to make it easy to elevate code heh. Its just too much work to write it from scratch in C# or Purebasic for me right now. So i'm using some "emergency"-solution that i'm not too happy about but well, it works. Its not a problem when you are aware of it when you program the software, though.

In the good old days, if you were suspected of being a witch, you would be dragged across a river underwater. If you survived that, then you certainly were a witch and so were burned at the stake

If you would get into politics maybe I'd vote for you heheh