Slashdot Mirror
Vista Security — Too Little Too Late
Thomas Greene of The Register has a fairly comprehensive review of Vista and IE7 user security measures. The verdict is: better but not adequate, and mostly an attempt to shift blame onto the user when things go wrong. From the review: "[Vista is] a slightly more secure version than XP SP2. There are good features, and there are good ideas, but they've been implemented badly. The old problems never go away: too many networking services enabled by default; too many owners running their boxes as admins and downloading every bit of malware they can get their hands on."
It's pretty obvious that you can't build a fort on a foundation of shit. Without a solid base to hold your fort up, it will sink into the fecal marsh and smell like high heaven.
The security of Windows has always been built upon such a foundation of shit. That's why it's had so many problems. Instead of drawing from the proven security models of systems like UNIX and VMS, the Windows developers went and rolled their own. And you know what? It was shit. It didn't have a solid theoretical underpinning like the security model of other systems have. It's been over 20 years later, and they still haven't looked to the proven models for inspiration.
With UAC on, the only difference between an admin account and a limited user account is that Windows doesn't ask for a user name and password when you need to use admin rights; it just asks you to OK it. Unless you OK admin rights to an app, you're still running with limited user rights.
If someone figures out an exploit to make that "OK" automatically, yes, running as admin will be significantly less secure. Until someone figures that out, though, running admin with UAC on is just as secure as running as a limited user.
And as far as users finding UAC "annoying", riddle me this: how is any more annoying than Linux? Linux will do the SAME DAMN THING as Vista's UAC. It'll make the SAME prompts when trying something that requires admin rights as a limited user. The only difference is that Vista gives you the prompts while running as root, too. You can't blame M$ if stupid users disable security features they find "annoying" while praising Linux for doing the same thing.
My sig can beat up your sig.
From the article:
As Billg likes to point out, Windows is the platform on which 90 per cent of the computing industry builds, and this naturally means that it's the platform on which 90 per cent of spyware, adware, virus, worm, and Trojan developers build. That translates into 90 per cent of botnet zombies, 90 per cent of spam relays, 90 per cent of spyware hosts, and 90 per cent of worm propagators.
This implies that Linux, Mac, Solaris, VMS, etc stands for 10% of the malware. This is not true. I would guess that non-Windows systems have less than 1% of the malware.
)9TSS
If everyone ran Linux they would not have to log in as root in order to install smileys, and a virus would have to convince the user to make the malware executable. Ubuntu is perfectly usable without root privileges, and the fact that every distribution is a little different would make it more difficult to write malware than just make a windows version.
Actually, if you do disable that feature (which requires a reboot), you get a security warning balloon from the system tray (sorry... notification area) saying that you are in danger because you've turned that feature off!
"Programming is the fine art of making a machine that has absolutely no intelligence act as though it does."
Linux will allow a normal user to install normal user programs without root access. It just installs them only in that user's space, so they can't potentially hurt other users. You only receive admin prompts when doing things that affect the whole system, like installing OS updates. I don't care how restricted a user you are, I don't think I've EVER seen linux prompt for permission when cutting and pasting, how asenine is that? OOH, you changed your wallpaper, better make sure your REALLY want to do that, since we all know the potential system wide implications of changing from prairie rain to a picture from digital blasphemy. I can sometimes go a week or longer without seeing a linux admin prompt and doing normal things, whereas I challenge you to work on your computer as you normally would and go an HOUR without getting a UAC prompt for something UTTERLY STUPID.
You can have a privacy-protecting, DRM-free, open source system that also has good security - these goals are not mutually exclusive. A few years ago Apple implemented a sudo workalike for OS X that lets you run a system as a normal user; the so-called 'administrative' Mac user is not really one with root privileges, but is just allowed to sudo if you provide authentication. Many UNIX flavors and and Linux distributions had this as a configurable option for years, but after OS X some common Linux distros (Ubuntu comes to mind) started implementing a nearly identical configuration and integrating it with the GUI. Microsoft would have been wise to emulate this as well, as it's extremely easy to use, and relies on existing authentication models, but prevents you from messing up your system.
This is just an industry best-practice, well implemented by everyone else but ignored by Microsoft. The 'elitist' you are referring to might seem elite to you because he thinks like a sysadmin.
Oh, that's right, because it bashes Microsoft and this is Slashdot. Never mind.
Moving documents to and creating a text document on a removable hard drive were the most *plausible* examples, and could cause a security confirmation -- if he doesn't have permissions to write on the removable hard drive. Big surprise there. In linux, a unix flavor, or OSX, he wouldn't be able to do it at all -- unless he always logs in as root.
I'd be willing to bet that he does.
"Times have not become more violent. They have just become more televised."
-Marilyn Manson
cause Linux was built in as Multi user OS, un-like Windows in which you have to be root to install un-related stuff which you can't even think of why it requires root permissions.
/without/ root access. It is just not possible. The only way to *try* to do it is to download the source code and configure it with the --prefix option in order to change the installation directory. But to do that you must have the headers and other files of for libraries that the program uses (and to install that you need to be root); in summary it is a mess.
I have always had problems trying to install RPMs or DEBs on any linux distribution
There are one or two software developers who make their RPMs or DEBs able to be installed locally (although they are just a few *counted* cases).
The idea? In Windows it is also tricky to run new software as a standard user (download installer, open it with winrar or any other zip utility, extract content and click on exe file); as with Linux it might or might not work and it might not be easy for non-techy users.
So overall it is not a problem of the Operating system but a problem of the applications. The multiuser framework is there in Windows XP for every developer to use it however do not expect your program to be multi-user friendly if you keep attempting to save files in system32...
Ubuntu is an African word meaning 'I can't configure Debian'
Its possible that the version he tried was a beta or RC in which case there were more dialogs popped and have since been fixed.
"You can now flame me, I am full of love,"
I already moderated in this thread, but I'll cancel it out to reply to this.
Windows installers can ask for the level of access they need. If an installer doesn't request an access level (as most don't) then the default is to assume it needs maximum access. This is so that Vista can install XP/2000 etc apps are still able to install.
It's a good thing that Vista shows an annoying box if no level is set in the manifest, because hopefully it will mean developers write installers that only ask for the access level they need.
That is wrong, if your setup program is authored correctly to install per-user in a location that the user has rights to then UAC should not pop up. This includes locations in the registry, you must not write to machine wide locations in the registry or you need admin rights to do this. I still blame Microsoft for the fact that few pieces of software are correctly written as its a result of the non-security in past OS versions. That said, more and more programs are coming out not to require elevation in order to install and I think that as time goes on the majority of user side programs will be able to install as non-admin.
One disadvantage of installing per-user programs in a per-user location is that if multiple users on the machine want to use the software you end up with duplicate binaries. If this really becomes an issue log in as admin and install the software per-machine.
I guess the long and short of it is that Vista doesn't ask for admin rights more often than it should but instead that apps were written with the assumption that it didn't matter if you needed admin rights because everyone had them. This causes windows to seem like it needs admin rights for more things but it really doesn't. When apps become correctly written for vista and we retire our older apps Vista should ask for admin rights about the same amount as OSX or Linux.
"You can now flame me, I am full of love,"
Safer than giving up and running as Administrator is to use Filemon and Regmon to find out what exactly the broken application is doing that it shouldn't, then changing the ACL for just those files or registry keys.
Windows non-administrator LUA/UAC advice, tips and tricks.