Slashdot Mirror
Microsoft Says Other OSes Should Imitate UAC
COA writes "Many Vista adopters find User Account Control irritating, but Microsoft thinks it's an approach other OSes should emulate. Microsoft Australia's Chief Security Adviser Peter Watson calls UAC a great idea and 'strategically a direction that all operating systems and all technologies should be heading down.' He also believes Microsoft is charting new territory with UAC. 'The most controversial aspect of Watson's comments all center around the idea that Microsoft is a leader with UAC, and that other OSes should follow suit. UAC is a cousin of myriad "superuser" process elevation strategies, of which Mac OS X and all flavors of Linux already enjoy. The fact is that Microsoft is late to the party with their Microsoftized version of sudo. That's really what UAC is, after all: sudo with a fancy display mechanism (to make it hard to spoof) and extra monitoring to pick up on "suspicious" behavior.'"
Microsoft would is trying to make you believe sudo was their idea. Cancel or Allow?
Life is short: void the warranty.
How about UAC starts imitating better designed privilege escalation mechanisms from Linux or OS X? Of course, that would require a sensible architecture in which software can be installed by users, for themselves, without superuser permissions. And, unfortunately, it would need secure software as a basis to avoid needing unnecessary privileges to accomplish mundane tasks in insecure applications. Sorry Microsoft, you missed the boat on this one. The majority of Vista users have UAC turned off, and the majority of those who dont will turn it off as soon as they figure out how.
From TFA: "Why should I be letting my normal user be running as system administrator?" Welcome to the 1980s
Today's lucky number is: 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
make me a sandwich.
He says cute things too sometimes.
Yeah, it is about time those OpenBSD pikers got off their collective asses and followed the World Leader in Secure Operating Systems: Microsoft.
"Every decent man is ashamed of the government he lives under." - H.L. Mencken
since when ?
Read radical news here
nearly all OSes already have something similar, but superior, to UAC.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
Other Operating Systems need to put more annoying dialogs that ask for elevation privileges every 5 minutes and don't ask for any credentials.
Hell, they should make them appear so often people completely ignore their content and just blindly click "OK" or "Allow". Yeah, that's the ticket...
For a company who is reknowned for brutalizing industry standards it's humorous to find them believing the industry would adopt their bastardized version of the existing.
MS thinks they are the greatest, fastest, bestus of all time, and everybody should validate that belief by trying to be like them. This is news how again?
"We are all geniuses when we dream"
- E.M. Cioran
I'll just stick with sudo and selinux.
Yes Francis, the world has gone crazy.
"Microsoft says other OSes should annoy the crap of its userbase more."
Eviscerati.Org: All Hail the Eviscerati
Why use UAC when a much more intuitive sudo interface has already been developed?
Microsoft should convince app developers to write software that does not need elevated privileges.
Translation: "If we can get all the other operating systems to follow our lead, we can claim some sort of patent infringment on 'em."
> The fact is that Microsoft is late to the party with their Microsoftized version of sudo. That's really what UAC is, after all: sudo with a fancy display mechanism (to make it hard to spoof) and extra monitoring to pick up on "suspicious" behavior.'"
The fact that Microsoft is late to the party is what makes it a patent trap. If it were just sudo, it wouldn't be patentable. When it's "a method for controlling process elevation, comprised of (sudo) and (a fancy display mechanism) and (extra monitoring)", it becomes patentable.
Microsoft is setting a trap for future patent lawsuits. Deny or Allow?
This "access control" thing causes me some concerns. Specifically, it looks as though my software "CoolestWebSearch Dot Pr0n!" might not have access to all the sysytem resources it needs to do all the great things that it does. Have you considered this when designing your system? How do I get the correct behavior (allow all pieces of software to run basically in kernel space) back?
My turnips listen for the soft cry of your love
NTFS use ACLs. FAT is only used by flashmemory devices nowadays.
Once again Microsoft thinks it's ahead in the race. Once the reach the finish line, they may finally realize that the others behind them were about to lap them, and then they'll wonder why they have one more lap to go.
...what to do, but keep your grubby hands off the real operating systems that don't base their security on feel-good measures, but sound design and actually fixing things.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
Maybe they should licence their uber-UAC to *nix and MacOS X; including a "defunct office-assistant-theme-pack" with just one addition: Klippy, the one-legged, one-eyed penguin that can fly 5 ft while being thrown off a cliff of 5000 ft.
Another nice take at security from Microsoft, throw a warning for everything. If it breaks anyway, you cannot claim you haven't been warned!
because Unix has a method to do this [that isn't annoying], so we should immediately switch to one that is?
what the hell is security through pop-ups anyway?
The machine unmakes the man. Now that the machine is so perfect, the engineer is nobody. -Ralph Waldo Emerson
Microsoft Says Other OSes Should Imitate UAC. It is junk, user hate it and we were not able to come up with something better. But if the honored competition please would follow our lead and implement the same crap, we then would not look so bad anymore. Thank you. :-)
I would say (and many here would agree) that UAC is a half-hearted, bad copy of sudo. sudo requires authentication and only for actions that require elevated privileges (like changing key system files). UAC annoying asks the user to verify suspicious behaviors to ensure that is what he or she really wants to do. Really UAC is an attempt at MS to shift the blame the user for their somewhat insecurity architecture. When something does go wrong, MS can blame the user saying it was the user's duty to verify their actions.
Well, there's spam egg sausage and spam, that's not got much spam in it.
...ROT13 *is* easier to manage and deploy.
I don't think it's such a bad idea to have some extra means of making sure a user REALLY wants to do a special action. Ubuntu and Fedora handle this by asking a user to authenticate whenever an action requiring elevated rights occurs. It's actually done quite well and is only required for doing things like adding or deleting software, and the rights stick around for a while so you're not constantly typing in passwords.
The problem of course is that Microsoft went crazy and decided to lock down EVERYTHING. To the point where it's just plain annoying running the OS with it on. I tried it for a couple weeks just to see if I could get used to it. There's a tendency for people to crave the old way of doing something not because it's better, but just because that's what they're used to. I did eventually decide UAC was more trouble than it's worth, and disabled it.
I guess I tend to agree with the theory that UAC wasn't really real security, but about putting the blame more on the user. Microsoft can just claim "Well, you DID disable UAC didn't you?, so it's not our problem."
AccountKiller
Looks like you're trying to allow Chinese hackers into your operating system. Would you like some help?
u-bend
Leave it to Microsoft to do a poor job at copying someone else's idea and taking credit for inventing it.
What is really sad is many people who only know Windows and are not familiar elevating permissions will believe Redmond's lies.
"Anything tastes good if you deep fry it."
Just great.
Microsoft can't figure how to make a secure OS easy to use, so they push to make more secure OS's more annoying.
"You are coming to a sad realization, Confirm or Deny?" Indeed.
Learn from the mistakes of others. You won't live long enough to make them all yourself.
The submitter wants to compare UAC to sudo? Come on, genius. The "fancy display mechanism" is the entire point! One's a command-line utility for uber-nerds, the other is a prompt which just works. Man, if you're smart enough to run sudo, you should be smart enough to think like a casual person, and understand why one might easily benefit from UAC.
If I sound like a fanboy, I'm not. I'm just trying to stay objective, which is more than the submitter is doing. Use your head.
after 4 months of living with vista, i decided to go back to XP today. there's just not enough there to be worth the hassles. UAC was the least of my issues. once you get things set up, it doesn't intrude often.
The bigger issue was that i couldn't get any game but Half-Life 2 to run properly, and it still had issues. Since gaming is half my PC usage, i couldn't take it anymore. Old games, new games, whatever. funky graphical artifacts, weird crashes or inability to launch. and yes, my pc is well over the min. specs, i have the latest, greatest VISTA drivers for all my hardware, all the games in question were patched, and i tried adjusting compatibility mode for each game. no luck, and honestly, it's just not worth the effort. except for the 3 new games i've gotten since i took the vista plunge, all my others ran great on the same pc under XP.
anyway, i gave up more than i gained. so long vista, i'm sure we'll reunite someday.
What do you expect him to say - "we're late to the party and we botched the implementation". It took them five years to create Vista. They pulled out every major feature except 'security' and DRM and they got security wrong. And now they wonder why customers aren't clamoring to upgrade to Vista.
[Insert pithy quote here]
"Wait for us, we're the leader!"
- Microsoft
Ah, no, the biggest issue is NOT the filesystem. Vista uses NTFS, not FAT. NTFS uses ACLs, the brilliant part of VMS that Cutler rewrote for NT. Much easier to customize/detail permissions in than the typical UNIX owner/group/world.
...my browser keeps asking me to allow or deny arstechnica...
The Kai's Semi-Updated Website Thingy
Barring the debate over whether UAC is well implemented, what's somewhat new is that it's the default behavior. Ubuntu has been doing this since the beginning of that distro, but I don't know of other Linux distros that--by default--don't let you log in as root, granting sudo priviliges to the first user created. I can't say whether Apple does this. I know for sure that Slackware, Fedora, and RHEL don't. FreeBSD didn't last time I checked, but that was a *long* time ago. I think the debate ought to be less about whether UAC is well implemented or innovative, and more about whether other OS's ought to have the default behavior that Ubuntu, and now Microsoft have... whether by sudo, UAC, or whatever the mechanism is. To me, that's the point of the whole thing.
If it is so much easier I wonder why so many developers get it wrong.
You are coming to a sad realization. Confirm or Deny? :)
no haha tag?
Browse at -1 to keep an eye out for abuses.
mod me funny
Ballmer is on a mission. Trash the iPhone. Claim that UAC is theirs and unique (they're actually the last to come to the table with it, see SELinux, and various other Linux, MacOS, and BSD implementations).
You guys fall for this stuff. It's a red flag in front of you. The problem really is: there's no one competent standing up for non-Microsoft architectures to the public. So old Monkey-Dance gets in front of gullible 'jounalists', spews disinformation, and you guys snort and charge.
There's nothing to see here. Really. Those that are informed are already past this current deluge of PR crap. Oh yeah, Mikey likes Ubuntu. Suckas.
---- Teach Peace. It's Cheaper Than War.
I'm a bit surprised by this, as I just installed the Longhorn Beta 3 and all this silly UAC stuff seems to be gone (or at least turned off by default). Anyway it doesn't bother me with all those annoying prompts. Is this a pre-cursor to it being removed in SP1 of Vista? Also the default color scheme goes back to something sensible like in Windows 2000. Generally a very pleasant retro sort of OS.
We implemented a special switch which allows these functions. It's located inside the computer's power supply, near the big thing marked "1000uF 250V".
In order for the setting to take effect, you have to make sure to press the switch while the computer is running. We've found that using a steel coat-hanger wire (be sure to sand the paint off, first, you don't want it getting into your computer!) passed in through the vent holes in back works well.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
....and the last horse crosses the finishing line... too bad the other horses finished years ago and the race track no longer exists... *Coming soon from Microsoft* More working ideas that where implemented years ago in other operating systems that we'll claim we invented
"Stallman says add to this code and you are one of us. Gates says use this code and you belong to us."
The fact is that Microsoft is late to the party with their Microsoftized version of sudo. That's really what UAC is, after all: sudo with a fancy display mechanism (to make it hard to spoof) and extra monitoring to pick up on "suspicious" behavior.'"
o soft-uac-not-a-security.html
No it's not! Not at all. First of all, let's define what sudo should do: Act as a barrier that data and application execution must pass. UAC does not fit the definition.
"Vista features such as UAC or Protected Mode Internet Explorer that are dependent on limited user privileges -- which Microsoft calls Integrity Levels (IL) -- are designed to allow some IL breaches.
Because the boundaries defined by UAC and Protected Mode IE are designed to be porous, they can't really be considered security barriers, he said. "Neither UAC elevations nor Protected Mode IE define new Windows security boundaries,"
Thank you Mark Russinovich for stating what's been clear for quite some time. http://www.networkworld.com/news/2007/021407-micr
I wish, for once, everyone and their grandmother would stop assuming Microsoft's security proclamations are reliable information.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Single user Linux boxes are not more secure due to non-root users being default! After all, when was the last time your user account was owned?
UAC was a bad idea. So is sudo which it copies. So is running a single-user Windows XP box as anything but an Administrative user.
Root security privileges are just fine for a multi-user box. But they don't make sense on most home desktops. (I'm not talking about Slashdot readers who make their girlfriends change their password every 3 weeks, I'm talking about normal Joes.)
The most important data on a multi-user machine is the system data. It's far more important than any single user's data. Once system data integrity is breeched, all user's data is at risk. I'm a sysadmin, and I've seen Unix user accounts owned for various stupid reasons, but system security kept tight despite that.
The most important data on a single user machine is the user data. The system data can be restored from the factory install CDs. In the single user environment, you don't need sudo or root or to run as a non-Administrator. What you need is: 1) To be warned when you are doing something that might break the system. 2) To have programs run only with the privileges they need -- NOT with your full user privileges. Sudo is massive overkill for one -- anything more than a warning box is a dreadful UI decision. No, before you say it, the stupid users don't pay any more attention to "Enter your password:" than any other sort of warning box.
its easy to manipulate ACLs from a user perspective. no one ever said the pragmatic approach was easy.
Microsoft's UAC approach does not fix the problem. Windows is like a rickety bridge. We know its dangerous but Microsoft's "fix" is to place signs every 5 steps warning you could slip. How about instead we build a better bridge instead of build a better sign? Maybe we need Microsoft to build a better Windows instead of build a better system to warn us about Windows? That must be crazy talk because Microsoft year after year continues to choose to seek how to build better signs instead of better bridges.
Lets get Microsoft to design a software platform that doesn't require the user to think about whether or not the user is about to break something? Is that really so hard for one of the largest software companies in the world? UAC from my view is the wrong way to solve a problem which was born of questionable engineering. One of the reasons why UAC is so dubious is that the user may not know any better either which is a "blind leading the blind" across that rickety bridge. In summary, a better Windows wouldn't have a need for UAC so why tout this technology?
If security checks pop up too often people will grow tired to them and will stop reading the messages and just click next without bothering what the dialog is about. Vista definately crossed this line so the joe average PC isn't much safer from spy/malware than a XP box in admin user mode.
Dude, if you think only "uber-nerds" are capable of typing commands, you should keep your hands off the computer. If you're not smart enough to run sudo, you aren't smart enough to perform administrative tasks in a computer.
If only you windows people kept off the internet, I would have nothing against microsoft fanboys. But the minute you start allowing zombies to install spambots in your machines you are creating a problem for all of us. So, please, if you really believe that "a fancy display mechanism is the entire point" could you, pretty please, disconnect that little cable with the square transparent plug from the back of your computer?
What if some malware attacks in this while? That, I believe, is precisely why Microsoft didn't implement it this way.
Hmm. Apart from installing/uninstalling software, controlling system settings, and for certain software that hasn't got its act together yet and needs admin permissions, exactly where does UAC pop up?
OK. I'll answer my own question. UAC pops up when you create a folder in a system directory, and you have to get past 4 prompts. It's VERY annoying there. That's about the only place I can think of.
... and then they will sue them for patent infringement.
You can't win.
I'll probably be modded down for this...
OpenBSD's systrace when set up properly probably does everything UAC can and more.
Microsoft Australia's Chief Security Adviser Peter Watson calls UAC a great idea (and wishes everyone had it)
In other news, the Notre Dame football coach thinks his team can win. Local Ford salesman hates Toyotas. Linus Torvalds thinks Linux is great. Christians report having favorable rating for Jesus this year.
MS's Chief Security Adviser is paid to evangelize MS security. This is news?
-- Political fascism requires a Fuhrer.
When did Micro$oft buy the Union Aerospace Corp? Does Id know about this?
What if some malware attacks in this while? That, I believe, is precisely why Microsoft didn't implement it this way.
There's a tendency for IT people to believe that ALL solutions have to be perfect solutions. Yes, there's some level of increased risk for a few minutes after a use authenticates. But if you have a short period of time where the extra rights stick around, you'll likely get people to actually USE the damn thing rather than running as root (or turning off UAC).
Security in particular is often a balance between usability and security. If the product isn't usable because of the security, the users will MAKE it usable by going around the security (thereby defeating the security).
Hmm. Apart from installing/uninstalling software, controlling system settings, and for certain software that hasn't got its act together yet and needs admin permissions, exactly where does UAC pop up?
I couldn't tell you specifically, as I disabled it in Vista months ago. All I know is the damn thing came up waaay too often, so I killed it.
AccountKiller
well said sid0 ... like I tell my coworkers ... UAC annoyance can and will only go down in frequency once app developers get their act together
I know a big issue too! The issue of Slashdotters who have not used windows since 1998 making comments about it as if they had any idea about how it works nowadays!
I'm a developer and I turned UAC off after just ten minutes. It was so far beyond merely 'annoying' as to make the Apple "I'm a PC/Mac" commercial spoofing it seem like a quaint and naive interpretation.
Look, if I JUST clicked on a button to say "do this", AND I'm logged in as an administrator, what is the point of even asking me "are you sure"? Why can't the knowledge that I physically clicked on the button just now from the console as an administrator be preserved somehow, and made distinct from just some application trying to call some privileged API from a non-privileged state?
The whole design of UAC is just so poor. It completely ignores human psychology. The typical individual is just going to start clicking "allow" to make the damn box go away as soon as possible.
Is it just me, or is windows getting more "irritating" over time? A few years ago, I don't recall bitching at my computer to just let me do my job, and to stop bothering me with things I dont' care about. When I tell it to shut down, it should just shut down, not prompt me endlessly about updates or get hung up because some aspect is asking "are you sure?" when it receives the close notice. Ugh. And don't get me started on Norton or McAffee constantly popping up notifications. I don't CARE that you just updated crap. I don't CARE that the hardware is safe to remove now (I mean, I KNOW that, I just said "safely remove hardware"!).
Why all these pointless and useless notifications? UAC is just the worst of these. It's really driving me insane.
- Spryguy
There are three kinds of people in this world: those that can count and those that can't
Imitation is the highest form of flattery, and Microsoft is simply not getting any flattery so it wants to flatter itself. Really, Microsoft has had no trouble getting others to imitate the actual good things it has done, and of course has no compunction in imitating others. But no one is going to imitate this and it's quite sad that they are suggesting this. It's like Pontiac saying "other companies should copy the Aztek's style." (the Aztek is one of the ugliest cars in history - http://en.wikipedia.org/wiki/Pontiac_Aztek)
So MSFT is `chown -R unpriv_user *.exe` and making all pgms SUID unpriv_user! This brings problems:
Are all necessary files world-readable? What about other users.
Are all necessary files/dirs world-writable? c:\windows\system32?
How will the OS know if a pgm can access certain ports?
What if a hostile doesn't access ports directly but fork()s legit pgms?.
if other pgms are writeable, can't an attacker assume their priviliges by corrupting them?
Priv isolation by user is far clearer than by pgm.
UAC has far too many false positives to be meaningful. You can't freaking open the Control Panel without a UAC prompt.
As such, users see the prompts as an unimportant nuisance, but soon realize that things don't work unless you click "Allow." Thus, you're training users in Pavlovian fashion to click "Allow" to any damn box that comes up.
Now think about this for a second: when 99% of the prompts you get are harmless, and "Allow" is always the right answer, just how many users will actually read it and apply critical thought when they see the 1% of UAC prompts that warns of actual danger? Almost none of them, even the smart ones. Once you get trained to just click allow, you're going to click it just before your realize "Oops! I didn't want to allow THAT one!"
So if you ask me, UAC is a huge step backwards in terms of security. Microsoft appears to have put almost no thought into it and it's little more than a way of blame-shifting. After all, the USER is the one who didn't click "Deny" the one time in one hundred it would've prevented something bad, so it's *all* their fault. Even though they only did what UAC trained them to do.
Disable UAC now. It's not security; it's blame-shifting.
You know, I like the method adopted by Directory Opus (file manager) where you press a button on a window, allow the elevation, and let the window run as elevated until you close it. This could easily be put it as a registry setting for Explorer.
As for UAC, I disabled it in order to set my computer up with programs, and enabled it afterward. In normal usage you really won't see UAC.
Microsoft: Click ONCE Cancel or Allow Linux: Type how many ever keys your password is, then click or enter. Hmmm, which is easier???
Because what is easy for developers and what is easy for users are two entirely different things. Nice try at a troll though.
All you have to do is yank the drive, put it in another computer and read them all as Admin there. ...and how is this different from ext3?
Actually I don't think UAC is about security at all. It is just about marketing. You simply cannot make a system secure for a home user. On the one hand you have very well IT savvy criminals with lots of resources, bot nets are about business, on the other hand you have you have a security callous and IT uneducated home user. So something like UAC is security wise nothing more than a smoke grenade. I never created a trojan, but if I wanted to, I am sure I could find a dozen ways to make sure the average Joe Sixpack clicks and enters his credentials wherever I want. So if M$ is lying about security with some flashy feature, this would be ok with me. But they should make sure that it is not annoying.
Btw. I really hate M$, but I never blame them for exploits, which require user interaction. To be secure against uneducated users with a root/admin password you'd need an AI, which is even more intelligent than the malware developer.
Fortunately there are enough other reasons to hate M$.
Actually he said the quality of the code in Vista (especially the new code), with regard to security vulnerabilities, is better in Vista than in OS X 10.4, in his opinion. That is not even close to the same thing as saying that Vista is more secure than Mac OS X, for traditional definitions of security.
As for the relative security of the systems, I have no doubt that if OS X was instantly catapulted into the same market share position that MS now has, OS X security would be insufficient to the task, the same as the way Vista security is. Anyone with that large of market share is a huge target and the security mechanisms implemented in OS X, or the common Linux desktop systems, like Ubuntu are all insufficient to the task.
The real difference in my opinion is that the security of those other desktops is sufficient for the current security needs of the users. Ubuntu and OS X are not regularly attacked by self-propagating worms and widespread Web exploits. Users on those platforms are normally not inconvenienced by the state of security on those platforms. Further, I'd argue that regardless of Linux's market share and if OS X market share were to grow up to about 50% of the market, there is every reason to believe that those OS's would rapidly adapt to increasing security threats and bring their security up to the level required by users. Without real competition, MS will not innovate.
I am of the opinion that MS has not implemented advanced security techniques to make users happy, simply because they don't really care about making users happy. If a WinXP or Vista user's machine is compromised, in general they don't know there are any other options so they end up buying another Windows machine anyway. As such, MS has no real financial incentive to invest in security that is appropriate for their level of risk so they don't. If you want to fix the security problems that plague users, bringing security measures almost up to the level of Ubuntu is not good enough. The problem needs to be solved at a higher level either by breaking up MS or by weakening their monopoly enough so that they have to take their user's security problems seriously.
A modern OS should be having something that's much better than sudo.
Modern desktop class OSes should have sandbox _templates_, with apps being allowed to "suggest" a template.
Then if an app claims to be a "plain old screen saver", it only gets "plain old screen saver" rights - which means no network access, no access to the user's files etc.
If it claimed to be a "standard network game" then it gets different sort of access - file system access to its own "app specific data folder" in the user's home directory, access to full-screen graphics, sound _playback_ (not recording[1]), limited network access (as per requested).
If some flash applet "game" somehow requires "full administrative system privileges", go figure...
[1] Only a few apps should be allowed to record sound - stuff like skype, voice chat app for games. Your word processor should not be recording sound. The O/S should handle the voice control stuff if you like that sort of crap. And by default you may not wish to allow an app to record sound while backgrounded or just sitting in the "systray".
When you lose something irreplaceable, you don't mourn for the thing you lost, you mourn for yourself. - Harpo Marx
I've not used vista that much, but I have had the misfortune to try to install hardware under vista. I have to say that "Tinyfirewall" does a better job alterting you that program a is accessing program b. It doesn't make the distinction between something that requires administrator privilages, nor was it decent for average users that don't know what "cryptic-filename" is or does, or if it should access the net, but it was a good stop gap piece of software which took into account the fact that windows wasn't geared for security served as a useful watchdog, esp for windows it self and software which phones home and auto updates.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
Gee, so much for humor.....
StarTrekPhase2 - The Five Year Mission Continues!
The obvious example is in most 'single-user' home boxes, there are in reality multiple users. If each person uses their own account, things are better contained and compartmentalized. If your offspring screws up, your stuff is in order still. An account manages to install malware that effectively cripples the account? You can wipe the account and start over with less impact than wiping the sysstem.
I agree that for a large number of users in the home environment, the data owned by their 'user' is at least as important as the data owned by the system (although you downplay the importance of the system data, for us it's easy to blow away and start over from scratch, for many home users, they may as well buy a new system and start over from there based on what they are comfortable doing themselves and how much a third party would charge to do it for them). However, some people in a typical household are more responsible than others, and making people more accountable for their own stuff is a good thing.
Sudo is important above and beyond UAC because the password dialog means a user irresponsibly leaving their session open in a public place doesn't allow random person to screw with info above and beyond. There are some scenarios beyond a lab computer that can occur. It's also less likely that someone can automatically defeat the system. I dunno how UAC handles things like synergy and vnc, but if not careful, an application could know it was going to trigger UAC, and exploit some facility like vnc or synergy to insert a mouse button event in the right place at the right time. That's trickier if the prompt will require keyboard activity to be injected of unknown content to the hijacking program.
Anyway, there are ways to improve on the model. Some things that may be useful:
-Ability to right click on a folder/file with an option to surrender write or all permission. This wouldn't hard to do, and users frequently are aware of what their most precious data is. They may download a bunch of pictures, then immediately mark it protected data if it was an obvious, easy thing to do. By far working with people fear of losing pictures and such is huge, but surrendering delete/modify privilege would be enough for that, fear of the wrong people reading any financial data would evoke the 'surrender all privilege' behavior. It's very much like a safe, you put it in knowing it will be a pain to get at again, but it's totally worth it given the risk. Common people understand safes and the consequences, so it isn't a stretch to believe they would cope with and effectively use an analogous computer facility if represented well.
-A logical extension of the above is to have folders that the user can mark as 'without privilege, I want to be able to read everything in this directory, and be able to create new files, but once created, I don't want to modify without having to sudo (or whatever)'. Like a safe with a convenient slot to insert documents into.
-Finally, extend multi-user to a finer granularity or at least leverage it as if it were finer grained. A practical application under an X situation, for example, would be every user having multiple accounts they can let run on their display (X allows the users group access). In practice, you'd have 'DMZ' applications (firefox, email client) that are generally characterized as dealing with complex data from sources not well trusted, with access to a very specific set of local resources (i.e. one download directory, etc). Data on a per-incident basis is promoted to a space untouchable by the browser before general usage.
XML is like violence. If it doesn't solve the problem, use more.
I return the troll back to you. I simply don't care for whom something is easier or more difficult. I care for results. And it seems when it comes to security the results for the oh so more flexible Windoze ACLs are not so good compared with the ancient unix ugo system.
Btw. when we talk here about the shortcomings of the UAC we talk here about home users, because in environments where ACLs are necessary (or beneficial) you usually find more or less educated administrators. For the normal home user ugo is easy to understand, totally sufficient and for developers it is very easy to take into account.
But this is something M$ will never ever understand:
http://en.wikipedia.org/wiki/KISS_principle
Im sorry but does this really need to be front page news? Some idiot makes a public blunder. This has been the bigest nonissue (in tech) since the Tubes incident. Seriously, i think Ars Technica has better things to write about.
from article:
right, so a fancy display mechanism for sudo, hard to spoof, and extra monitoring to pick up on suspicious behaviour is somehow bad because Microsoft did it?
I think other OS's should have all this. I always thought the Synaptic/package management password entries were a bit fakeable in Ubuntu last time I tried. I wonder if there's any room for progress in getting distros to sign and encrypt executables running on the system. A signed and encrypted (or explicitly trusted) executable could run whenever the user clicked it or it was automated from certain accounts. If it is not signed (self-compiled for instance) then this can flag up a warning that this application may cause trouble. However, of course, users could self-sign their applications to work around the warnings. The signing application itself would be obviously signed and checked against a public key copy (say, Ubuntu servers) so that it cannot be tampered with. Everything else would be arbitrarily local.
Is it such a bad idea to code-sign the stuff that runs on your machine, rather than just the packages they came in?
Check here they have a blurb that PC sales look to be down 12% year/year.
Also, part of the profit kick was that MS could finally register the Upgrade fees from all the big corperations, that paid 3 years ago for a garanteed upgrade, as earned income.
I can't wait to add this to my next version of my hobby OS, AwesomeOS! I'll put it in right after I figure out what a NASM is.
-m
Your Assholinesses. We hear and obey! (immediate heel-clicking, extended-right-arm, fascist-type salute)
Remember the future...
Errr... wouldn't it be really really great if sudo had a "fancy display mechanism" and "extra monitoring"? ...and yet, because this is Microsoft's idea, everyone's pulling out the torches and pitchforks.
I'd be very freakin' happy if sudo offered to pop itstelf up to help me run commands when I needed it instead of having to manually call it.
Yup.
Ls (Cygwin build) shows UGO permissions (but I don't think it conveys all of the info). They're so limited though. I'd go as far as calling them obsolete, or obsolescent at best. NTFS also supports denied access, which overrides all access grants. How do you give access to multiple groups under Linux - hack around in /etc/group and it's unscalable syntax and create a group-of-groups and chown the file (been a few years since I tried this)? Gotta say I've come to prefer NTFS's ACLs to fighting old school UGO permissions. I think there's also finer-grained control of particular permissions (edit but not delete, instead of just write) under NTFS, but don't quote me. Also, when I see an s in a UGO file listing... how can I tell from looking at that what exactly's going on? I seem to recall it can mean more than suid root.
I for one welcome our UAC overlords.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
The one and only UAC that I like in Vista is a disabled one. After a couple of days of "Allow?/Deny?" annoyance I had to choose between Xanax and disabling UAC. I am a long time Linux user and I would say that sudo UAC, at least in terms on nerve-wracking potential.
return the troll back to you. I simply don't care for whom something is easier or more difficult. I care for results. And it seems when it comes to security the results for the oh so more flexible Windoze ACLs are not so good compared with the ancient unix ugo system.
And security results for UNIX systems are still less than that of VMS, which is where ACLs came from.
Btw. when we talk here about the shortcomings of the UAC we talk here about home users,
You mean when YOU talk about the shortcomings of UAC. 'We' in this thread, were talking talking ACLS vs UNIX permissions in regards to the file system, and not any specifics of home vs power user.
UAC is like putting those loud beep-beep backing up alarms on every vehicle, from truck to skateboard. Eventually everybody learns to ignore the beep-beeping and the feature becomes worse than useless.
No prob :-)
Definitely not an anything zealot (except coffee perhaps)... Each OS has it's place, it's fan/user base (same thing sometimes), and it's purpose...
StarTrekPhase2 - The Five Year Mission Continues!
I meant to add that the ACL stuff in NTFS is consistent across all objects in the system. As a UNIX user where everything is a file, you should appreciate that. The UI in regedit is very similar to Explorer for managing permissions. A simplified (more limited) version exists for SMB shares. As a programmer, I've dealt with the same concepts with process handles, thread handles, mutexes, etc. Yes, I've run threads inside a process with different and elevated permissions to the process, but it's the same model everywhere, and I like it.
Microsoft telling others how to do security is like a chicken telling Colonel Sanders how to cook.
If you need help understanding the SE Linux audit messages, you should install SE Troubleshoot
[root@branch ~]# which setroubleshootd /usr/sbin/setroubleshootd
[root@branch ~]# rpm -qf /usr/sbin/setroubleshootd
setroubleshoot-1.7.1-1.fc6
This gives you some help with analysing the failed action. I won't say it taught me a huge amount but it is a step in the right direction.
Cheers,
Toby Haynes
Anything I post is strictly my own thoughts and doesn't necessarily have anything to do with the opinions of IBM.
Vista has the silliest bugs that has taken 4 months to fix. It goes withouth saying the kind of design thatgoes in http://cacheyourcash.blogspot.com/2007/04/refresh- or-io-problem-with-vista.html
This is true -- I was writing only about "sudo" specifically which is a one-shot, logged, superuser escalation.
You are correct that "su" is much older, according to the (BSD) manpage, "A su command appeared in Version 7 AT&T UNIX." According to Wikipedia, V7 came out in 1979.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
If this is true: "That's really what UAC is, after all: sudo with a fancy display mechanism (to make it hard to spoof) and extra monitoring to pick up on "suspicious" behavior." (and it is) then what the f***?!?! is Apple doing? Why isn't anyone calling Apple on their bullshit hypocrisy? I've got a mac book - I've got a PC running Vista. The UAC/sudo shit is just as annoying in either case - but I can turn UAC off pretty easily - without having to research how to do it (the windows that popup TELL YOU HOW). So, which one is superior ya Whiny lying Mac/Linux hypocrites? :)
Err, ok - whatever. I guess they want to share with others as they are so proud of their own?
When you lose something irreplaceable, you don't mourn for the thing you lost, you mourn for yourself. - Harpo Marx
why DON'T we have a plaintext list of magic operations and file stuff that an installer wants to do before we have to click or log into higher permissions?
seems there used to be such a thing, even in windows OS install.
instead, what we have is Freakin' Registry Magic and 99 screens of an EULA from Hell, only the last lines of which mean anything.
way back before the dawn of time, because until we got this there were no on-screen clocks, back around Windows 3.1 way, you had config files in which mostly, the Magic Options were close enough to some native human language so you could Edit The Config Files. something still reputed to exist in the -IX world, although not necessarily clearer than the dreadful Registry. Installers often told you what they were doing.
we need to go back to 1990 with our interfaces and commons areas, and back to some sort of license statement on the order of "We own it, you rent it for one machine, don't go poking about under the covers or we'll bite you."
it can't be that hard....
if this is supposed to be a new economy, how come they still want my old fashioned money?
I can't believe ANYONE will put up with the CRAP that MS put out as Vista, especially this UAC crap! We have every intention of TURNING IT OFF on ALL of our systems, or sticking with XP for AS LONG AS POSSIBLE!!!! It really DOES work like the Mac commercials suggest!
Re: modify & write
Yep, it's not obvious what the difference is - I think write is a subset of modify. In fact you're only looking at a summary page there, which can used for quickly setting a whole bunch of security attributes. I suspect somebody thought modify as opposed to write was something that would be wanted enough that they created this item in this dialog. KB article 308419 tabulates the differences.
In Soviet Russia, other OSes copy Windows!
Except that you become conditioned to WHEN the prompts arise. (Which don't happen when opening the Control Panel btw)
A lot of programs you install in Vista don't give you the prompt, others do. Some things you do in Vista give you the prompt, others don't. Those installs that are silently passed are signed or don't request to do anything dramatic to the system, and average user doesn't care why or how, he just knows it's trusted. He or she usually got that software from the site of the publisher or physical media (likely too, a publisher who is huge) and he or she knows it's safe. The prompts arise when you get into Control Panel and other aspects of the Windows system where changes could bring failure, but not when copying your personal files around. I notice I get it on my laptop when another program calls a program that isn't signed (Firefox calls an old version of Winrar, because I don't want to buy the new one, and each time it asks me if I'd like to open the file. Not only do I LIKE this, but respect it. Sygate personal firewall conditioned me to this when Firefox was opened by another program - not only does it save the time of loading some advert page, on a DVD maybe, but it kept a few pieces of malware from phoning home. Users can understand this behavior.)
The number one item that can protect the average user is if a prompt arises out of no where. If you are browsing the web and suddenly you are asked for permission to modify your system - when you've done nothing to drive the event - you aren't going to allow it. Sure, when you download and install software you may fly through that prompt, but to the new user, the normal user, you will learn right away that installing software is dangerous. In my corporate IT environment installing any software is forbidden, running software not supplied by IT is forbidden - for a reason. After clicking through a few cancel or allows you may just discriminate a little more when it comes to your actions. Is it security? Not really, but do home users really need that much? Isn't it right to tell them that making or saving a change in the Control Panel can have adverse effects? (and likewise with the other actions?)
It's hard to attack UAC completely because Linux and others have Sudo, Redhat allowed you to escalate to root privileges by simply typing the password and to most new Linux users escalating to root has become a normal exercise. There is all this talk about OS security, but it's all in the hands of the users. To deny someone the ability to take control of their own machine is barbaric - I think we all agree with that statement. We can't lock users out of taking control of those center ring privileges, unless you're the head of IT and those machines are under you "watch". You say it shifts blame, but that is where it belongs, on the user. The help is there in Vista, it spells out the concept of UAC in easy to understand terms. There is no reason a normal user can't take advantage of it. I know many people who still accept cookies on a per request basis (on today's web!) - some people actually want this feature. It doesn't work for the great majority of us, but don't kid yourself and say we aren't completely familiar with idea.
My advice for the soccer moms and grandparents: Don't turn it off. Prompting is good. This is coming from someone who has had a desktop system with the same factory install of Windows XP running since January, 2004 (I un-boxed it June of 2004). I work with what I have, and that system has not only been a workhorse for my Windows desktop software, but runs a ton of GPL software and is enhanced with Cygwin. All together I run 6 machines at home with Debian, FreeBSD, XP Pro, XP Home, Vista (aforementioned laptop) and Windows 2000 Server. Only two of those require an escalation of privileges, at the machine Everything has a place and UAC has a place with those new users going to their retail store and buying a PC for the first time. Years ago people were complaining didn't Windows have a similar mechanism.
Get your Unix fortune now!
And then we sue them.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Meme of the day: I browse "Disable Sigs: Checked". So should you.
Apple could improve their security user interface by adding a Security pull-down to the Apple menu. It'd let users easily turn on/off administrator privileges, WiFi, Bluetooth, Ethernet (none, local, Internet), camera, and mike. Anything that's a security hazard should be easy to disable utterly and completely.
Make locking the door easy, and you make intrusion hard.
--Mike Perry, Untangling Tolkien
Maybe they're fishing out there trying to get someone to copy it so they can sic they're rabid blood-thirsty dogs aka patent troll lawyers on them.
I take no responsibility for what I say. Even though I'm never wrong
If you read the patent, it sounds like the access control for elevating the privileges is based on the APPLICATION that the user is trying to run.
SUDO, on the other hand, requires that the USER have the rights to even run SUDO. (The user is listed in the SUDOERS file, but the application isn't.)
This might be disparate enough for a judge.
You mean dig up wierd artifacts and let hell loose? Although, they did make the BFG.. Now that would be a nice command to have in the system. =)
Yes, I've come across that exact scenario before, and as a user it seems kinda stupid. I can open up a shared word doc, delete everything inside, and re-save it, but I can't be trusted to just delete the file outright. Brilliant.
The same type of things are in databases. Permissions are to select, insert, update, and delete. You might have permissions to modify, but not delete a value. Sure you can set it's value to zero, but you can't remove the existence of that data. That might not seem important at all to you, but it can be very very important to other people doing more complicated tasks than yourself. Just because you don't see the use, doesn't mean there isn't one for more advanced users.
Is this a result of a poor transliteration tradition?
That would, to me, not make much sense as the Chinese language is very structured, and transliterating it to a simpler structure shouldn't bring about such wide gaps (a and o? Come on!)
Dear Microsoft,
Instead of a blue screen with random text, please show me a big yellow smiley face before rebooting my computer.
Thanks.
That is correct, not that it matters and "all or nothing" is what is described in the patent as something that the patent does not cover. (Something implemented since 1999 is not prior art either).
Let me try to make this clearer, since noone seems to understand what they've patented. Sudo, ACLs, Unix Groups, Capabilities are not what is covered in the patent. The patent does cover something like TiVo. You can be root on your machine, but you are not allowed to change the operating system. The patent does cover something like the PS3, you can install Linux and be root on your machine, but you are not allowed access to the whole system. Moreover, that is exactly the language used in the patent to describe their invention - an OEM who wishes to restrict certain privileged operations on their system from an administrating end-user.
*Sudo is specifically not covered. Sony PS3s and TiVos are.
Hope that helps.
When you lose something irreplaceable, you don't mourn for the thing you lost, you mourn for yourself. - Harpo Marx
Microsoft has been funny. laugh, confirm or deny?
UAC is a joke.
They're using their grammar skills there.
Comment removed based on user account deletion
UAC a good thing? It's the straw that will break IT's corporate back in about six months, once the down time (not the complaints, the down time!) forces a generation of in-house support geeks back onto black asphalt amphetamine sessions. UAC makes the hair on your arms stand up, when you see it in action, gives you dry heaves when you turn it off, and slits your throat when you discover that a hard freeze in Vista does a nearly unrepairable madjack on your user account profiles when you reboot.
--
Bill Gates: "Vista is the best $6 billion I ever spent."
IT guy: "Why did you stop at $6 billion?"
Bill Gates: "It was good enough."
``Tension, apprehension & dissension have begun!'' - Duffy Wyg&, in Alfred Bester's _The Demolished Man_
Hilarious! Vista's UAC, as pretty much everything MS has done to "improve security" is ridiculous. It's that good old politic of asking "You are trying to run this program as an Administrator. Are you sure?" and the possible answers: "YES, I AM THE ADMINISTRATOR BECAUSE I'M LOGGED IN AS SUCH, YOU DUMB, FOOLISH OS" or "No, I've double clicked an icon just for fun".
It's so pathetic! I wonder when MS will implement something like this "A virus is about to thrash your hard drive. Would you alike to allow it?"
Sad, just sad.
Er Galvão Abbott - IT Consultant and Developer
When I'm hunting imps in E2M2, the last thing I want to see is more UAC crates.
I see the use in databases, but not in general filesystem usage. There is a big difference between a single database value and an entire file, which could be a database itself.
A filesystem *is* a type of database. I'll let you draw the lines...
Besides, if this is an "advanced" permission, why isn't it in the "advanced" file security settings where it is less likely to be selected by accident?
By 'advanced' I meant advanced as compared to you. You don't see the need for that permission, whereas some folks need it. Many folks don't see any need at all for any type of permissions, so they would consider all of them 'advanced' and might wonder why they aren't all under the advanced tab where they don't have to look at them.
When I compare your 25+ year old approach which is strife with viruses to UNIX's 30+ years of a nice secure track record, the choice on the way to go is pretty clear.
Thanks, but no thanks.
[cancel] [allow]
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
Let's downgrade the competition so we can actually compete again..
Sorry, not now I for the first time in quite some time have found a reason to maybe recommend Dell. It most certainly is NOT going to be Sony anymore, their repair service is so bad I can hardly describe it in polite terms..
Insert
When you lose something irreplaceable, you don't mourn for the thing you lost, you mourn for yourself. - Harpo Marx
because...
a) They started programing for Windows on the 9x series, which has no security
and/or
b) They program on Windows XP while logged onto the default *admin* account, and thus, never see any securiuty issues with their programs when they test.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
I'll give you a real world example.
I run student several computer labs. Educational software is notorious for requiring access to files in places like the root of the filesystem or program files or the windows directory. To make these programs work, you can either give students admin permissions to the machines or find out what files the program needs access to and set permissions accordingly.
One particular program installs a file on a part of the drive that on administrators have access to. When the program launches, it writes to that file. Giving the students' account full control of that file means that they can delete it (and you'd be surprised at the inane things students will do when their minds go idle) and if they delete it, the program will not launch because they don't have the right to create files in that directory.
The solution is to give them the permission to modify but not delete the file.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
UAC is the biggest pain in the butt to users of any software I've ever come across. Its the first thing I disable in Vista because its continuous stream of "are you sure" dialog boxes everytime you just open a file is so freaking annoying.
Jeez I REALLY hope other OS-developers are laughing hard at this and not taking Microsoft's suggestion to implement this everywhere seriously.
"NTFS uses ACLs, the brilliant part of VMS that Cutler rewrote for NT."
Spare us the rah-rah crap and take a look at the handle fanboy.
If you need fine grained control over access it's a handy discretionary band-aid and available on many platforms including those with mandatory access controls. The fact that some implementation of ACLs are implemented in NT"FS" doesn't mean it's a filesystem or securable; no matter how hard you troll.
Spare me the 'my nick makes me a god' crap. NTFS isn't a filesystem or securable eh? Talk about trolls, you make a fine one.
Consider yourself spoken to.
The Gospel according to lolcat
Why don't you just give them permission to create files in that directory instead?
When you lose something irreplaceable, you don't mourn for the thing you lost, you mourn for yourself. - Harpo Marx
I am of the opinion that MS has not implemented advanced security techniques to make users happy, simply because they don't really care about making users happy.
Most, if not all, of the configuration-related "security problems" in Windows - the default Administrator user being a prominent one - are there expressly for the reason of keeping end users happy (eg: by not having all their badly written software refuse to work).
Your argument doesn't stand up to analysis.
In Unix, you type a command, get "permission denied", and then run the command again, prefixed with "sudo".
In Windows, you type in a command, get "permission denied", and... crap. There is no "sudo". Instead, you have to find a shortcut to a command prompt, right-click and select "Run as administrator", confirm the UAC prompt, change back to whatever directory you were in, and then run the command. It's a huge pain for people who work from the command line.
I guess I can't speak authoritatively since I don't know what all UAC involves... But I think the *INX approach of prompting for root (or appropriate) password when required works just fine. There's other stuff in the Vista kernel that probably should be incorporated into other OS kernel's though (assuming there is no equivalent). User mode drivers would be nice across the board... Why should anyone's webcam require direct access to kernel space at any level other than making protected system calls. Patch protection is a good thing too. As far as I'm conserned in the world of OS study UAC looks like a big question mark to me.
It's a counter-culture way to do things in the UNIX universe, but it's entirely possible.
Free Software: Like love, it grows best when given away.
For 99% of the uses, there are 3 options:
Read
Modify
Full
The difference between Modify and Full is that full can do everything that Modify can, but can also change ACLs.
As far as a system, its easy. You set the perms at the highest possible level you can, and then set them to inherit down to all children.
Simple, elegant, neat.
Now mind you, there are a whole ton of other options in there, should you need them (sometimes you do, but not often). But when you dont need them, you dont use them.
Says me: Grandma, need to change the ACLs to keep Junior out of your email directory (or whatever).
sudo su -
cd
chmod g+w .
chmod u+w .
chmod o-r .
chown . grandma
chgrp . crazy_grandmas
Last, set umask 700 in your
Got it grandma?
(yes, I know my example isnt really syntactically correct, but I think we all see the point here)
Giving regular users permissions to create files in the root of the system drive or the Windows system folders is a possible privilege escalation vulnerability.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
Any application can draw a system-modal window that looks like a UAC question, and ask for a password; UAC would have to ask for pressing the SAK (Ctrl-Alt-Del) before asking any questions to make it hard to spoof -- which would certainly be annoing.
For example, Trusted Solaris has the nice feature of a so-called "Trusted Stripe"; this is a region on the screen that can't be spoofed by applications (no application can draw onto the trusted stripe, and no window can be on top of it). The Trusted Stripe displays the sensitivity label of the process that has keyboard focus, and if it is a system-generated dialog (such as the logout confirmation), it will say "Trusted Path". There is also a Trusted Path Menu to ensure that security-critical operations can be started in a secure manner.
That is the way to go if you want to build secure operating systems.
You have given the answer yourself. Your own example (a database file) illustrates the usage perfectly. You want to grant modify access to the file so that they can modify or delete records, and even drop tables. But you do not want to allow someone to delete the entire database itself. It makes a mockery of the permission system within the database if you have the god-like powers to wipe every single thing in it.
That is a trade off where MS chose to make easier design decisions, rather than expensive but correct design decisions. In any case, MS does respond to the demands of customers to some degree, just not usually to end users. You'll note their customers are purchasing agents for OEMs and enterprise businesses, not users.
Do you truly and honestly believe that if there were two manufacturers of Windows in competition with one another, both would not be working a hell of a lot harder on bringing security to users in a usable way?
Regardless, if the best example of the use of this "feature" that anyone can come up with is to work around broken and insecurely written programs, they I remain unconvinced of its general usefulness and utility.
When you lose something irreplaceable, you don't mourn for the thing you lost, you mourn for yourself. - Harpo Marx
"Ubuntu and OS X are not regularly attacked by self-propagating worms and widespread Web exploits."
Interesting -- and I will now refute that.
My front end linux box (external access, http, ftp, mail, ntp, and some more services) is REGULARLY attacked. vsftpd is being attacked almost 24/7 these days (looking for insecure passwords). sshd also almost 24/7. We are talking about THOUSANDS of attacks per day. My incoming mail services gets hit (looking for open relaying) but not as much. My htpd get trolled (mostly for IIS vulnerabilities).
Just a rough count: 500,000 attack attempts per day.
How is this not being regularly attacked?
The security mechanisms in Linux are certainly up to the task. My network was comprimised ONCE, back in 1999, due to an SSH exploit. Never since.
Just another "Cubible(sic) Joe" 2 17 3061
The attacks you describe are almost all targeted at any service running, not on a given OS. They apply equally to all platforms. SNMP attacks account for about 4% of activity. SSH accounts for about 2%. All other non-Windows Specific attacks together account for about 3%. That leaves 91% of all internet based, automated attacks being Windows specific. The vast majority of all worms, automated attacks and Web exploits only affect Windows. You may think the attacks you're subjected to are a lot, but realistically, it is a small portion.
The security mechanisms in Linux are certainly up to the task.Yeah, the average Linux distro is up to the task of not failing to brute force attacks on SSH and FTP... but for that matter so is Windows. Hardened Linux distros are up to harder tasks of resisting some determined and directed attacks, but those are specifically what I was not talking about (I mentioned Ubuntu and OS X). If the average Linux distro for the desktop, out of the box, were subjected to as many real attacks on specific vulnerabilities in services, as Windows was, it would not currently be up to the task. I think it would quickly adapt to being up to the task, with common services and internet applications being contained by SELinux access controls or whatnot, but not as they currently exist.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
There is absolutely nothing in Windows Vista, AKA Windows Me II, that anyone should emulate.
How ya like dat?
When you lose something irreplaceable, you don't mourn for the thing you lost, you mourn for yourself. - Harpo Marx
When you lose something irreplaceable, you don't mourn for the thing you lost, you mourn for yourself. - Harpo Marx
If you think the templates are too complicated, then that's your opinion. It's my experience that any type filesystem access controls are too complicated for the average user. however I still say a program that needs to write to the root of the system drive or the Windows system folders is seriously broken, and a bad example to use to justify this feature. I agree that programs like this are seriously broken, but that's the current state of a lot of software in Windows. Hopefully UAC will cause it to improve though. As for justifying the feature, the option in question simply makes it possible to prevent users from screwing things up accidentally. Another scenario would be a document that is shared among a group of people, one of which tend to make "mistakes" with the mouse. We had a user who twice, accidentally deleted an access database on a department share. After restoring the file from our backup the second time, I removed her right to delete the file. Accidentally deleting a file is much easier than opening the file, erasing the contents, and saving it. The later would obviously be intentional, while the former has happened to almost everyone.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
That is a trade off where MS chose to make easier design decisions, rather than expensive but correct design decisions.
These are configuration, not design, decisions. *Very* different things. And I doubt they were any easier (there was a large amount of agonising about making the default user in XP an Administrator, for example).
There are very few "incorrect" design decisions in Windows. Certainly no more than any of its contemporaries.
In any case, MS does respond to the demands of customers to some degree, just not usually to end users. You'll note their customers are purchasing agents for OEMs and enterprise businesses, not users.
This separation is artificial and unrealistic.
Do you truly and honestly believe that if there were two manufacturers of Windows in competition with one another, both would not be working a hell of a lot harder on bringing security to users in a usable way?
I believe that an unmanaged, general purpose computer is - practically speaking - an unsecurable device, with our current levels of technology and knowledge. Add in the actual requirements for legacy software and hardware support, acessibility by non-professional/small-shop developers and it is _unquestionably_ an insecurable device.
There is very little technically wrong with Windows. There are parts of the UI that could have been improved (and have been in Vista - eg: privilege escalation with UAC), but the vast, vast majority of "problems" in Windows, both past and present, are the direct result of poorly-written applications and the subsequent workarounds that have been instituted to make them function transparently *so end users don't have to worry about it*.
If ever you needed evidence that Microsoft listen to their customers, then you need look no further than the (often ridiculous) lengths they go to so that existing, typically badly written software continues to run on newer versions of Windows where, by all rights, it should break horribly (and for external verification of how the rest of the industry perceives this level of support, look no further than the "outrage" when XP SP2 (quick justifiably) broke 0.0001% of the software out there). Microsoft are *acutely* aware that to most users, the OS is little more than a vehicle for the application(s) and, therefore, they need to keep the applications working.