Ok, I’m still finishing the review that I promised to finish on the weekend but never got around to it. Btw, thank you Brett for the feedback, I’ll be bundling in a reply to the story regarding the Microsoft vs. Apple presentation since it all kind of goes together.
There has been quite a lot of controversy about the fact that Google released details relating to a vulnerability found in Windows after having only just notified Microsoft about it 10 days prior but of course the fan boys jumped on that like flies on shit as an example Google and their ‘double standards’. What these fanboys completely ignore is the fact that the vulnerability has been known with the darknet hacking community for quite some time so the fact that Google has just announced it won’t make a lick of difference. At the end of the day, this vulnerability was already known to those who want to do harm and the documentation of the vulnerability by Google will allow third parties to steer clear of those API’s in favour of looking for safer alternatives (which Chrome already uses).
The question I want to know is why there is no outrage as to why the likes of NtSetWindowLongPtr() was even in the kernel in the first place – jamming any old thing into the kernel for shaving a few milliseconds off in much the same way that Microsoft ramming the font handling into the kernel yet the media is worried about the vulnerability instead of asking the most important question: “why the fuck is it in there in the first place and why hasn’t Microsoft done anything about getting it out of the kernel as to avoid this clusterfuck in future?”.
Once again with Windows 10 they could have broken with the past and provided backwards compatibility inside of a virtualised environment but decided to half-ass it resulting in something that could have been avoided still being there.