Stop Microsoft
All Things Microsoft => Microsoft Software => Topic started by: anphanax on 5 April 2005, 05:44
-
Background:
For those of you who didn't know, there's a special registry key for Windows NT based systems. The path of this key is "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Image File Execution Options". This key is particularly useful if you get a trojan on your system that refuses to shut down (you can tell windows to run another EXE in place of the EXE attempting to run here). This way, even viruses that check permissions and set them if you try and revoke read/write/execute from the trojan/malware/whatever. To do this, you simply create a subkey with the exe's name, add a string value named "Debugger", and set the value of this key to another EXE. But of course, there's a DARK SIDE TO THIS, THAT CAN MAKE YOUR LIFE A LIVING HELL. I was playing around, and decided to add WINLOGON.EXE to this list, and have it run CMD.EXE instead... and so the fun begins. Windows doesn't boot. Once it gets past the loading screen, it stays on a black screen for a few seconds, and reboots. ALAS! Recovery console to the rescue... OH WAIT, Recovery console won't let me edit the registry (it doesn't do much of anything besides suck)... Ok, so i decided to try and be clever and rename winlogon.exe to cmd.exe since that's what was trying to run. It worked, or so I thought, I tried to login at the logon screen, and it just kept bringing me back to it. So... I connected to the system from another XP box, and tried remote registry editing, which appeared to work. In reality, it seems to have just corrupted the registry. The Windows XP installation is screwed and I have no clue how to repair it. Hope I can find that site that tells you how to backup your product activation files, or else I might have a problem (not the first time i've had to pull out that bastard CD). I really hope MS puts a tighter lid on the registry with Longhorn, to prevent users from doing dumb things because they were bored -_-.
Actual Problem:
Microsoft Windows allows non-administrators to screw up their system (that's nothing new, I haven't been living in a hole, leave me alone...). Even a 13 year old kid at school could write a macro to exploit this and cause the system administrator a nasty headache. Even if you know what the problem is, it's not one you can just "fix". It's really quite sad that the system can be unbootable so easily (note: I'm aware of the NTLDR thing, but that's obvious, and easily fixable, this isn't).
All someone would have to do is write some code to add a key and value to the registry, then retrieve the SE_SHUTDOWN_PRIVILEGE via RtlAdjustPriviledge and make a call to NtShutdownSystem (Undocumented, NTDLL.DLL) with the POWEROFF constant.
Consider yourself warned :\. I know this sort of my fault, but still, this should not have been allowed to happen. Windows goes to GREAT deal to try and prevent me from doing things sometimes, but it had no problem with me shooting myself in the foot this time.
-
And for those of you who are going to make a ... "what a perfect time to install Linux" comment, this isn't my computer that I did this to. It was my brothers. I didn't expect this to happen.
My brother uses Firefox, but probably wouldn't be comfortable under Linux. If you guys can convince me Linux has enough "killer apps", and that it has a polished office suite with decent compatibility for MS Office, i might consider it.
Problem these days, is that instructors *DEMAND* the students use Microsoft Office (down to the exact edition\version). No Wordpad, No Corel Wordpefect, No OpenOffice.org, No AbiWord...
EDIT: And even if it was my computer, I still couldn't switch it to Linux. I host two servers written for Microsoft Windows. They are game servers, and in their current state, are NOT portable.
-
And what system administrator allows all users to have full access to registry?
On my windows 2003 box, HKLM was read-only BY DEFAULT. Only administrators group and SYSTEM user had full control to it. This is just a configuration issue, and it's already fixed in future versions. Can't remember defaults for older systems, but they're configurable and proper sysadmin would've touched them.
What comes to undocumented calls, I do wish those were documented, but it doesn't change the fact that you still need privileges to enable further privileges.
-
It was the default configuration on the box. HKLM wasn't read-only (they're a member of Users, not Power Users or Administrators). This is XP Pro, not Windows 2K3. Probably not setup to be as secure as a W2K3 install is by default... (from now i'm on, i'm checking that stuff though, thanks for bringing that up)
Oh, BY THE WAY, I CAN'T RE-INSTALL XP. The CD wont get passed loading the setup on the blue screen. I think it's because the NTFS file system on the HDD might have some errors. That's right... Problems on disk? Good luck installing XP without a wipe. This particular person has a TON of MP3s and would kill me if I wiped their system, so... guess i'm screwed.
And the reason i've come to the HDD conclusion is because I had that problem last time I was installing XP on the machine (it had the Windows ME FAT on it before I upgraded it, and apparently it had problems, as when I ran the check disk utility on a MS-DOS boot disk for that drive, XP setup then magically worked).
EDIT: Don't tell me to use crap from recovery console. REMEMBER, THE CD WON'T GET THAT FAR...
EDIT 2: Yes, I know you can setup recovery console to run locally. I didn't do that though, it wasn't my system. Secondly, it might not work that well if the filesystem has a problem :\.
-
Yea, I recall XP's default configuration was still totally braindead although I don't remember any specifics on the ACLs. W2k3 had a lot more sane defaults, and didn't require quite as much work to configure properly. I've only configured one XP box in my whole life and the experience was so painful I'd rather forget it already.
Anyway, about the foofoo hdd, some choices to think about:
1) Try linux with the captive ntfs.sys hack.
2) Try putting the hdd into another box which has XP installed and working, mount it there and try to recover files.
3) Use the linux read-only ntfs implementation. It's known to suck for writing, but perhaps you can backup some data.
-
And for those of you who are going to make a ... "what a perfect time to install Linux" comment, this isn't my computer that I did this to. It was my brothers. I didn't expect this to happen.
My brother uses Firefox, but probably wouldn't be comfortable under Linux. If you guys can convince me Linux has enough "killer apps", and that it has a polished office suite with decent compatibility for MS Office, i might consider it.
Problem these days, is that instructors *DEMAND* the students use Microsoft Office (down to the exact edition\version). No Wordpad, No Corel Wordpefect, No OpenOffice.org, No AbiWord...
EDIT: And even if it was my computer, I still couldn't switch it to Linux. I host two servers written for Microsoft Windows. They are game servers, and in their current state, are NOT portable.
what a great time for your brother to install linux, or for you to install it on your brother's computer. (remembering that none of us are getting paid to "convince" you of anything, so why not have a go at convincing yourself?)
and what a great time for you to learn how to code your game servers natively from scratch under linux! :-D
-
Instructors demand microsoft office? Are they also providing you the software licenses? If not, demand that you're allowed to return papers as PDF. How the heck can the instructors demand you to give money to some specific company? That's sick, and should be made illegal if it isn't already. "As a part of this course, you have to pay $100 extra fee to Muzzy Software Fund. No, you won't get any value for the money, you just have to do it. Pay or fail the class, Suckers!"
-
They're not my servers. I'm hosting them for someone else. They're written in Visual Basic 6.0.
As for the "me convincing myself" thing, that's not going to happen. Even with crap like this, i've simply gotten too used to Windows and spent too much time learning to code for it. Time investment is important to people. I have nothing against Linux, and know that it can be used in many places where using Windows wouldn't be a good idea, but for the desktop, it's still a hard sell and will remain so, at least for me. Hell, i'm not even convinced anymore that open source is all that great (I will probably be flamed to death on this). Open source programs crash for no apparent reason, just like closed sourced ones do (xchat, firefox, and openoffice.org are examples of this). I HATE program crashes. I know there's a bigger picture involved here, but still. If FOSS developers are so "talented" and "smart" and "innovative" and "perfect", this shouldn't happen in the first place. I've seen lots of arrogant people bash others for their coding mistakes, then watch them get flooded with bug reports, so... The people with the "FOSS programmers are better an all other programmers" attitude can go to hell. The Open Source model works best when you have the most people looking at projects (more people = more good programmers), so I would think you would WANT to try and convince people to move over to open source.
Note: Telling me to look at the code and try and fix these "no apparent reason" crashes is stupid. Do I look like a linux programmer? Didn't think so... I don't have as much free time as I used to either, nor do I want to spend it learning a platform that I don't use very often because I have one that already works ok. Plus, my linux system doesn't have a keyboard, mouse, or monitor, so... not a big fan of using it at the moment.
Sorry if I seem angry, but this is very stressful. I've never really run into a Windows problem before where I wasn't sure how to fix it.
-
"no apparent reason" crashes can indeed be complex issues, and more often that people realize, it's because of hardware issues. Some people just keep experiencing strange crashes, and instead of testing their system they blame it on all the different software. Faulty memory can do the most mysterious things and might go undetected for months at a time until something strange happens. Faulty PSU can cause mystery freezes, sometimes even repeatable ones. Faulty/overclocked CPU too, it might work just great for hours and hours straight of intense calculation, and then just do something wrong. A lot of people think that faulty hardware would result into the system not booting at all, or not seeming to work at all... not quite true!
Also, open source isn't about software quality. Regarding that, a lot of OSS apps suck as you noted. The important difference is freedom, and that's an ideological difference. I'd like them software freedoms, but nothing's going to happen by just using OSS at current rate. Software patents are coming to ruin everyone's day, and a lot of OSS apps are becoming illegal. IMO, the development model of open source software only reflects the freedom of the software, which might or might not lead to quality stuff.
-
Also, open source isn't about software quality. Regarding that, a lot of OSS apps suck as you noted.
Maybe you'd like to tell Sean Egan that one. Or, for that matter, see how well you can sell that line to Sourceforge.
The important difference is freedom, and that's an ideological difference.
True - free software is free software is free software. Don't be so quick to write it off. ;)
I'd like them software freedoms, but nothing's going to happen by just using OSS at current rate.
Hear that, folks? Muzzy says we need to up FOSS usage by getting decent developers involved! Yay Muzzy! :D
Software patents are coming to ruin everyone's day, and a lot of OSS apps are becoming illegal.
Yes, and God knows people don't download MP3s, either. I'll continue to use FOSS in absentia of a lawful government, and if you don't care to do the same you know where to stick that EULA. :p
IMO, the development model of open source software only reflects the freedom of the software, which might or might not lead to quality stuff.
This is - unfortunately - true. Fortunately, FOSS has coders that can distinguish crap and code it out. Windows? Yeah, it has people that can attempt to recreate the code. Too bad current disassemblers are such amazing horseshit. :p
-
I was a bit out of line in my previous post. I thought I saw the big picture, but was forgetting about the "freedom" thing. It's easy to forget seemlingly obvious stuff when you're stressed out over something else.
In this case, I don't think this is a hardware issue. If it is, it would be one hell of a coincidence. I'm planning on hooking up the harddrive from that computer to this one (it's an IDE one, so I should have no problem), copying all their stuff, then deleting some files (The SYSTEM registry hive in particular, since a corrupted hive has caused setup hangs for other people. I'm pretty sure this is because the SYSTEM hive happens to contain information needed by the recovery console). I wish Microsoft would have designed it where it didn't need to read any registry keys... it could have just been an NTFS shell, but no... :P (if people really want system security, they should encrypt their files)
This is unrelated to the topic, but why is it that there aren't *FREE* NTFS read/write utilities and drivers out there. That would make things a hell of a lot easier.
Thanks for not flaming me to death :)
-
This is unrelated to the topic, but why is it that there aren't *FREE* NTFS read/write utilities and drivers out there. That would make things a hell of a lot easier.
You mean, outside of Captive (http://www.jankratochvil.net/project/captive/)? ...what, you thought Microsoft would allow someone else to design an NTFS driver for their OS? I need to tell my lawyer that one. He'd die. :D
-
ReactOS!
I completly forgot about that project. It even has a LIVE CD. Thanks for mentioning that. Maybe I wont have to screw with hardware afterall.
you thought Microsoft would allow someone else to design an NTFS driver for their OS?
If they can sue you for that, that's ridiculous. You should be able to design an alternative implentation to do something without having to worry about being sued. Writing an alternative implementation of an idea isn't stealing an idea, it's implementing it.
e.g. Drug company A makes drug to cure disease 'x'. Another company B makes a drug that uses different ingredients, but also cures disease 'x'. Drug company A should not be pulling out their lawyers on drug company B.
Blocking people from implementing an idea a different way stifles innovation.
-
Software patents are coming to ruin everyone's day, and a lot of OSS apps are becoming illegal. IMO, the development model of open source software only reflects the freedom of the software, which might or might not lead to quality stuff.
This doesn't have to be, at least not in Europe!
Didn't you hear that if the Parliament votes against the bill, the commision will not pursue it further?
Get lobbying now ;)
-
This doesn't have to be, at least not in Europe!
Didn't you hear that if the Parliament votes against the bill, the commision will not pursue it further?
Get lobbying now ;)
Yea, after the council presidency accepted the fscking thing without majority vote, breaking the council's rules in the process. The bill in EU has constantly been smuggled into "agriculture & fisheries" council sessions, to be decided by people who don't know anything about it, without discussion allowed. When the states required it be changed to discussion item, Luxembourg made up crap on the spot saying it wouldn't be possible for procedural reasons.
Basically, the EU Council Presidency conned the rest of the council, with a malicious intent. I'd like to believe this is just mere incompetence, but why would they repeatedly try to push the software patent issue to be decided by agriculture guys, and other crap like that? I'm suspecting some guys there have been bribed. We should do the same. Spread this url: http://mjr.iki.fi/texts/patentfund
-
Yes, and God knows people don't download MP3s, either. I'll continue to use FOSS in absentia of a lawful government, and if you don't care to do the same you know where to stick that EULA. :p
I'll skip the previous points made by you and stick to this. I know people are still going to use the software that's out there even if it becomes illegal. However, development will more than likely halt. Are you going to risk your life by writing rogue software? We'll see what you say about that when you get those two million fines. This will basically destroy a lot of free software, maybe the whole free software movement. You'll no longer be free to write any software you want to, which means the core point, freedom, has been eliminated. There's no free software without freedom.
Too bad current disassemblers are such amazing horseshit. :p
I don't know where you've gotten this idea about disassemblers, but current disassemblers are amazing stuff. They totally kick ass, and by saying otherwise I can only suspect you've never used one. Or perhaps, you lack the skills to use one, and would rather blame it on the tools.
-
I don't see how they're going to be able to force a ban on a piece of free software that infringes patents. If they did in say Europe and the United States couldn't they just move development to Asia, Africa, or Australia or New Zealand?
-
Yes, you could move development elsewhere until software patent laws get there as well. However, you'd still lose your freedoms here, and couldn't participate into the development. Let's see how you feel when you can't get your favourite linux software from your package management system anymore.
-
That would be shit.
But how could they prove where the software is actually being developed?
It will never be illegal everywhere, and someone from the UK could easily send some software to someone else in India in encrypted form then it can be made available for download from the Indian site.
They're having a hard enough time policing pirate software not to mention child pornography. I can't see the law enforcement agencies putting the same resources in to banned software as they do to paedophiles or even pirate software. Not to mention both of these activities are illegal in most countries, I somehow can't see software patents taking over the world. I feel that enforcing software patents would be a nightmare.
Well on second thoughts software patents would make Windows illegal since everything implemented in Windows has already been done before so all Microsoft's patents are void anyway. I'm not worrying about silly software patents anyway I don't think anyone else should be.
-
I've never seen anything quite like this.
I prayed the machine would somehow magically be fixed, tried something different that just occurred to me at that moment, and VIOLA! Got into SAFE MODE! Did a system restore and everything is working great again.
What I did:
Tried running Safe Mode /w Command Prompt, and held down arrow keys while the drivers were loading. Safe mode wouldn't boot (kept hanging on mups.sys) earlier, so no clue... And @ those interested, yeah, earlier I let the system sit FOREVER. CTRL+ALT+DEL wouldn't work after the mups.sys thing, so it WAS HUNG.
Let this be a lesson to others. If you're going to do something that might be "dangerous" to the system, make sure you have a BACKUP FIRST. Also, re-installing windows isn't always the best solution. If you keep trying, you're bound to get somewhere eventually :).
-
Yea, after the council presidency accepted the fscking thing without majority vote, breaking the council's rules in the process. The bill in EU has constantly been smuggled into "agriculture & fisheries" council sessions, to be decided by people who don't know anything about it, without discussion allowed. When the states required it be changed to discussion item, Luxembourg made up crap on the spot saying it wouldn't be possible for procedural reasons.
Basically, the EU Council Presidency conned the rest of the council, with a malicious intent. I'd like to believe this is just mere incompetence, but why would they repeatedly try to push the software patent issue to be decided by agriculture guys, and other crap like that? I'm suspecting some guys there have been bribed. We should do the same. Spread this url: http://mjr.iki.fi/texts/patentfund
:( :( :( :(
-
I'll skip the previous points made by you and stick to this. I know people are still going to use the software that's out there even if it becomes illegal. However, development will more than likely halt. Are you going to risk your life by writing rogue software? We'll see what you say about that when you get those two million fines. This will basically destroy a lot of free software, maybe the whole free software movement. You'll no longer be free to write any software you want to, which means the core point, freedom, has been eliminated. There's no free software without freedom.
If programming is outlawed, only outlaws will program. :p
They can have my comppiler when they pry it from my cold, dead fingers. :p :p
But seriously, should this happen, then, all progress stops and the whole technology will stagnate. Of course, not everyone will go along with this, and probably the Chinese, Indians, and/or Pakistanis will have been handed technology leadership that won't be coming back to either the US or EU, should either/or be stupid enough to pull a stunt like that.
However, given the dumbasses we have in gov't, I wouldn't exactly bet against it.
-
I don't quite like idea of a world where programmers have to distribute their patch submissions on private encrypted rings, and have to post under pseudonyms through a chain of remailers to protect their identities. Interesting enough, this will most likely happen, and free programmers will be in the same boat than child pornographers and the bunch. It'll get really interesting since free programmers will have the capability to design and implement very very interesting networks for anonymous communication and data sharing. Will this kind of movement affect other uses for such communication, too, specifically warez and child pornography?
I'll have a great damn laugh at the world if in a bizarre turn of events the software patent issue leads into bloom of projects like Freenet and such, that are also used to distribute child pornography. Once it gets serious, the only method to stop it for good is to ban all remailers and proxies. Let's see THAT happen!
-
That's the spirit I knew you had. ;)
That being said, I'm a tad more serious about them "prying my compiler from my cold, dead fingers." Come on now, government goons committing felonious acts to subdue a "dangerous emerging technology"? How many simps do you think we have over here? Wouldn't be long before a bloody revolution, I'll tell you that. Oh, and anyone wanting to get in contact with me should already know how by now. If not, there are handy little buttons at the bottom of the message window. :D
-
They're not my servers. I'm hosting them for someone else. They're written in Visual Basic 6.0.
As for the "me convincing myself" thing, that's not going to happen. Even with crap like this, i've simply gotten too used to Windows and spent too much time learning to code for it. Time investment is important to people. I have nothing against Linux, and know that it can be used in many places where using Windows wouldn't be a good idea, but for the desktop, it's still a hard sell and will remain so, at least for me. Hell, i'm not even convinced anymore that open source is all that great (I will probably be flamed to death on this). Open source programs crash for no apparent reason, just like closed sourced ones do (xchat, firefox, and openoffice.org are examples of this). I HATE program crashes. I know there's a bigger picture involved here, but still. If FOSS developers are so "talented" and "smart" and "innovative" and "perfect", this shouldn't happen in the first place. I've seen lots of arrogant people bash others for their coding mistakes, then watch them get flooded with bug reports, so... The people with the "FOSS programmers are better an all other programmers" attitude can go to hell. The Open Source model works best when you have the most people looking at projects (more people = more good programmers), so I would think you would WANT to try and convince people to move over to open source.
Note: Telling me to look at the code and try and fix these "no apparent reason" crashes is stupid. Do I look like a linux programmer? Didn't think so... I don't have as much free time as I used to either, nor do I want to spend it learning a platform that I don't use very often because I have one that already works ok. Plus, my linux system doesn't have a keyboard, mouse, or monitor, so... not a big fan of using it at the moment.
Sorry if I seem angry, but this is very stressful. I've never really run into a Windows problem before where I wasn't sure how to fix it.
How do just jump into linux (my way (i really did it like this))
1. install fedora
2. just run it and if i have a problem figure it out
i had learned lots of code and been using winblows for over 5 years, i think if a 12 year old with a mental problem can figure linux out u can <_< so go 4 it :P :thumbup::tux:
-
The reason why most programs crash is because they're written in C or maybe even some parts assembly. With C it is possible to overdrive code with data and assembly is even worse. This is why I hat C and assembly, the only reason a program should crash is because it ends up in a continuous loop of a stack overflow. Not because the language allows a buffer overrun or pointer error to allow overwriting of code with date and eventual execution of data.
In my opinion a decent programming language should prevent this and to my knowledge Pascal, Basic, Python and Java all do. Hopefully the new 64-bit processors with their new hardware will prevent some of this buffer overun and data execution shit.
-
Well really, if you can't figure out how to configure the compiler to treat overrides as errors rather than warnings ("forbid overrides" or whatever it may be), you don't belong anywhere near C. :p
-
To be honest I've never got that far I learned to program in Qbasic as many people did then moved on to assembly, and I tried pascal and it's ok, but I've nevcer fully got C. SO I suppose you're right. But there again what about all these buffer overrun exploits and why do most C programs crash if it isn't because of data bieng executed?
-
Pascal doesn't protect from buffer overruns, it's just more uncommon since people don't use pointers so commonly in pascal due to strong typing, builtin strings and range checking and stuff.
Also, Orethrius isn't apparently a programmer, or doesn't know what he's talking about. "forbid overrides" my ass, practically no C compilers have designs that prevent buffer overflows because it'd totally fscking kill all performance. Override isn't proper terminology in this context as well, and further suggests ignorance. Go ahead and prove me wrong, name even one compiler and a compiler flag for it that actually prevents buffer overflows.
-
Sorry about the above reply, I'm a little irritated, but the point remains. Neither of you seem to truly understand the issue.
Typically, buffer overflows don't overwrite code, they overwrite some important data. Program flow control is managed on the stack, in form of return addresses to points where functions were called. Local variables are also stored on stack, and a buffer that gets overflown on stack gets to overwrite the return addresses on stack. There you go, execution jumps to address of your choice. The traditional attack is to send code in the buffer, and then set execution to jump on stack one way or another. Usually there are bytes somewhere in the application that form a jump to stack, so such a position makes great return address. After that, the execution practically goes to the buffer you just sent, and data gets executed. HOWEVER, it's not necessary to jump there! Buffer overflow can still be extremely dangerous even without data execution. Imagine your application has a code that kills some files, databases, or any cleanup that prompts user if he's really sure. Place the return address right after the prompt has been checked, to where actual work gets done, and the buffer overflow will result is serious damage that NX-flags and such can't prevent. Yay!
The above mentioned stack buffer overflow isn't the only form of buffer overflow, a lot of variations exist. Basically, when attacker gets to overwrite some critical data in unexpected way, there is risk of program flow getting fucked up. Now, memory corruption bugs aren't limited to mere buffer overflows, and C has plenty of them. The very way pointers are defined in C invites compiler writers to implement them in a rather vulnerable fashion. Together with the CPUs being such wimps and raw devices, there's a serious problem. The problem can be solved on language level, but it could also be solved on compiler level, and definitely on CPU level. Designing better languages is the most practical way to approach the problem since you can't really change the CPU.
Microsoft's .NET takes approach at this by defining a virtual execution platform, in a form of bytecode, that things get compiled to. On this level, you can have a VM (kinda virtual cpu) level protection, compiler level protection, and language level protection. All of them, and they're all fscking implemented as well. How's that for security?
-
Let's not get buffer overflows and variable overloads confused here. You really can't stop an overflow in poorly written code, that's what's at issue here. It's doubtful that C# is going to do much to cure this, as it's still JUST C at the base level. Don't kid yourself by trying to tell us how .NET isn't C#. Now, what I was taking issue with on MY behalf was the confusion with overloading variables (override [sic] in this case), which can indeed be blocked (at least it could in Borland 6, I don't know about Visual Crapcaster 6.6.6). Like you so eloquently say in so many words, an overflow is a function of poor coding and can only be stopped by not allowing the possibility in the first place. Too bad .NET isn't as strict as you seem to think it is.
-
Well, obviously aloone was talking about overflows (since he mentioned program crashes), despite improper use of terminology. What comes to overloading, there's no such thing in C. There is in C++, but it cannot overload variables, it only applies to operators and function names. So, that's that and hopefully we're through that confusion now.
Also, C# indeed solves the problem, as does the common language runtime of the .NET framework. I'm not kidding anyone when I say .NET isn't C#, it's a framework and runtime environment, and C# happens to be just one language specifically designed for it. However, .NET defines a concept called "verifiable code", which is a set of restrictions that the code must meet to be verifiable. Any code which meets these requirements can be verified to not breach the execution flow, and thus can be verified to not contain buffer overflows and such. Unsafe sections of the code must then be marked as such, and can remain vulnerable, but this allows for greater isolation of such code. Under these restrictions, the language and runtime environment can guarantee that any program errors happen above the logic level, and as of such are isolated to the execution path and are easier to trace.
The typical problem with C and C++ is that a memory error anywhere in the program can cause problems in any other part of the program, so the program might only crash hours or days after the effects of the bug took place. Verifiable code solves this issue, and thus it will simply become impossible to make such bugs. Obviously, this feature doesn't have to be used, which means .NET isn't a magic salt which solves all problems merely by sprinkling it around. It however provides the means for writing such secure code, that isn't suspectible to traditional problems of traditional software development.
-
Ohyea, I totally missed this: "it's still JUST C"
WRONG! It's nothing like C. I'd like to hear why you think it has anything to do with C. The language is so totally different it boggles the mind that you'd say it's "still just C at the base level". Do you mean that the VM implementation is written in C or C++? That has nothing to do with the language design, how it's compiled, or how it's executed. So where do you get this idea?