Feeds

MS DLLs are like ice cream and carrots – expert

So if you'd thought wet string and chewing gum, you were wrong...

  • alert
  • submit to reddit

Top three mobile application threats

MS on Trial Microsoft has given DLLs multiple functionality to make it difficult to remove browser functionality without impairing Windows performance. In discussing such tricks, the DoJ rebuttal witness Edward Felten grasped at the analogy of a DLL being composed of ice cream and carrots. His reasoning was that the component content of any single DLL had as much in common as, you've got it ... A particularly good example of unrelated functions in the same DLL was the one that Microsoft code-named Trident (mshtml.dll). Felten had seen the source code, following a court order that made Microsoft release code to him, and found that although its main function is to render HTML, it contains several other unrelated things. And who better to confirm this than Microsoft developer Christian Fortini, who emailed on 26 August 1997: "We have to stop adding non-browsing features into Trident and start taking some of the existing ones out. We should shrink the core Trident code base down to a very compact (and fast) HTML rendering and manipulation engine and hopefully limit the number of people in this code base." This was a tough one for Microsoft, because it was clear that deliberately obfuscating the DLL had resulted in its being less efficient, not more efficient, as Allchin was claiming. Another priceless example of DLL conjuring described by Felten was seen when shdocvw.dll was split into two between IE4 and IE5, with the second part being called browseui.dll. Some code from shdocvx.dll was moved at the same time, causing the thumbnail of alternative wallpaper to be in shell32.dll now: such important stuff. The conclusions that can be drawn about the DLLs is that they can be split or combined at whim - and the whim was most clearly to make life hell for Netscape. One consequence of chopping and changing DLLs was that it made it more difficult to define IE, since its functionality was in DLLs that also had other totally unrelated jobs to do. The detailed exposure of Microsoft's tricks with DLL manipulation, and the subsequent cover-up, amount to a another plank for the Microsoft coffin. ® Complete Register trial coverage

3 Big data security analytics techniques

More from The Register

next story
Sorry London, Europe's top tech city is Munich
New 'Atlas of ICT Activity' finds innovation isn't happening at Silicon Roundabout
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.