Slashdot Mirror
Microsoft Employees May Lose Admin Rights
daria42 writes "As Microsoft moves its internal desktop systems to Windows Vista, the company is contemplating whether to change a long running tradition and take away admin rights from its employees in order to improve security." From the article: "'We haven't made that final determination yet. We would like to absolutely look at scenarios where we can look at elements of User Access Control -- that is the feature in Vista -- so that we can start moving in that direction ... It is a tough balance and every company has to decide what is right for them,' said Estberg. However, Estberg said that for the moment, the company will continue to leave the responsibility of installing software with its employees."
There's so many poorly designed apps out there that demand admin rights to run, even though they don't actually need that level of access,
Unless you have actually tried to configure a ton of apps, you have no authority to make this claim. This was true with NT because is was a fundamentally new OS, but with Windows 2000 and beyond, only the lamest of developers (ie not serving the enterprise space) would distribute an app that requires admin rights to *run*. Installs need admin rights, because of where they write files and keys, but not to run.
Probably hardware costs and software base, just shooting from the hip.
m ac+os+x+vulnerabilities+jump+228+percent+three+yea rs/
Corporation decisions are made by bean counters, not technology folks.
Besides, if all the corporations started using OS X and their marketshare went up significantly, so would their vulnerabilities. Apple really enjoys a reputation as a "more secure" base OS - apparently everyone seems to conveniently forget a couple facts -
"According to McAfee Avert Labs, Mac platform vulnerability discovery rates have increased by 228 percent in the past three years alone, from 45 in 2003 to 143 last year.
By comparison, Microsoft's products saw a 73-percent increase in vulnerabilities over the same time period."
http://www.scmagazine.com/uk/news/article/557590/
"But this one goes to 11!"
"But it doesn't change the fact that you are almost completely guaranteed that your OS X machine will not get pwnd, even if your practices are relatively lax."
This is exactly the kind of reputation I am talking about in my earlier post. The fact that is hasn't happened to you (yet) does not necessarily mean it is unlikely that it ever will. And it most certainly isn't a guarantee.
Market share up 50% over last 3 years, vulnerabilities up 228%. What do you think is going to happen if the marketshare gets bigger?
If that is your attitude about security then it is only a matter of time before someone "pwns" your Mac.
On a side note, my work PC (Windows XP) has never been "pnwd", nor had any serious Malware. The only things I use security wise are the Automatic Windows Updates, MS AntiSpyware, and the built-in firewall. (I also have Symantec Anti-Virus, but haven't actaully seen a virus in years, and see maybe 1-2 trojan/worms a year). I think the fact you or I have never been "pwnd" has very little to do with what OS we are using; often times it is third-party software that causes the biggest holes.
"But this one goes to 11!"