Viewfinity CEO Says Many Computer Users Are Overprivileged (Video)

← Back to Stories (view on slashdot.org)

Viewfinity CEO Says Many Computer Users Are Overprivileged (Video)

Posted by Roblimo on Wednesday April 4, 2012 @05:45AM from the striking-a-balance-between-extremes dept.

This isn't about your place in society, but about user privileges on your computers and computer networks. The more privileges, the more risk of getting hacked and having Bad People do Bad Things to your company's computers, right? So Leonid Shtilman's company, Viewfinity, offers SaaS that helps you grant system privileges in a more granular manner than just allowing "root" and "user" accounts with nothing in between.

24 of 95 comments (clear)

Min score:

Reason:

Sort:

Slashvertisment by Hatta · 2012-04-04 05:49 · Score: 5, Insightful

Another useless slashvertisement. People don't use the granular permissions that exist already (e.g. ACLs), no one's going to bother with even finer grained control. The problem isn't granularity, it's a completely understandable dislike of spending time managing permissions.

--
Give me Classic Slashdot or give me death!
1. Re:Slashvertisment by Anonymous Coward · 2012-04-04 06:07 · Score: 3, Insightful
  
  Not just dislike, but cost (in terms of time spent managing it, and time spent with people twiddling their thumbs waiting for someone to give them permission to something they need to do their job). Granularity always comes down to a balance between practicality and security. Lock down the super secret stuff.. apply reasonable rules to the less critical stuff.. throw the office lottery pool list on the wiki.
2. Re:Slashvertisment by lgw · 2012-04-04 06:19 · Score: 4, Insightful
  
  Plus, this company has just missed the ongoing paradigm shift (hate that phrase - someone have a better one?). End users should have full control over their (untrusted) endpoints, becuase we won't be storing anything important there, and any incoming files will be handled with appropriate suspicion.
  End user endpoints simply need to be outside the "zone of trust" in the modern world, partly because anything a user touches should be assumed to be infected, and partly because it's time to stop caring what device the user likes - traditional PC, thin client, iPad, phone, whatever they like as long as it has a browser for the web-based software and a desktop virtualization client for all the rest.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
3. Re:Slashvertisment by TheRaven64 · 2012-04-04 06:22 · Score: 5, Funny
  
  There seems to be a bug. I have the 'Ads Disabled' checkbox ticked, but I still see this big ad right in the top-centre of the front page.
  
  --
  I am TheRaven on Soylent News
4. Re:Slashvertisment by Anonymous Coward · 2012-04-04 06:24 · Score: 2, Interesting
  
  And still... every security model you've seen in SaaS exists on your LAN, too.
  It's not as though we haven't had group membership, directories, user objects, service-level security, and every other imaginable sort of permissions control since... well... forever.
  The only advantage of SaaS is that it's on someone else's infrastructure, which is probably better funded and maintained than your own.
5. Re:Slashvertisment by Anonymous Coward · 2012-04-04 06:28 · Score: 2, Interesting
  
  Which also just means that you'll be twiddling your thumbs that much longer when you don't have the appropriate permissions to do your job. I find SaaS in general to be a lot like an Apple product. When everything is working right, it's 100x better than any of the alternatives. When something goes wrong, you curse the day you bought it.
6. Re:Slashvertisment by Microlith · 2012-04-04 07:01 · Score: 2
  
  They're already working on it. Apple accomplished it on all iOS devices, and Microsoft looks to do so with ARM devices. Hell many Android devices do as well.
  The user is the enemy, just like the MPAA/RIAA have always said. Now the tech industry is in on the conspiracy as well.
7. Re:Slashvertisment by Zeromous · 2012-04-04 08:27 · Score: 2
  
  Just because a manager or someone uses it wrongly does not mean it is a bad term.
  >paradigm shift (hate that phrase - someone have a better one?)
  No. It's a real paradigm shift in how we think about client-server relationships. Sometimes I refer to it as a pendulum, swinging back and forth between client and server lockdown. The same could be said of virtualization being the pendulum swinging back toward centralization after the decentralization party of the 90s.
  Either way, you can still use paradigm shift and not sound like a moron. Just, you know, be careful to not overstate :D
  
  --
  ---Up Up Down Down Left Right Left Right B A START
8. Re:Slashvertisment by Culture20 · 2012-04-04 10:05 · Score: 2
  
  Plus, this company has just missed the ongoing paradigm shift (hate that phrase - someone have a better one?). End users should have full control over their (untrusted) endpoints, becuase we won't be storing anything important there, and any incoming files will be handled with appropriate suspicion.
  
  End user endpoints simply need to be outside the "zone of trust" in the modern world, partly because anything a user touches should be assumed to be infected, and partly because it's time to stop caring what device the user likes - traditional PC, thin client, iPad, phone, whatever they like as long as it has a browser for the web-based software and a desktop virtualization client for all the rest.
  End users should not have full control over their desktops, just like they aren't allowed to bring a cameraphone into the secure-information areas (that's not just a paranoid military rule, lots of companies follow it). If hackers own the end user's workstation because he/she was running a vulnerable browser as admin/root, then they can keylog the user's passwords to get to the data in the "zone of trust". If they've got sensible authentication and are using two-factor, then the bad guys could still watch the screen in real time or take screen shots.
  
  Bottom line is that if "anything a user touches should be assumed to be infected" then that means anything a user touches shouldn't be allowed to connect.
AD by SJHillman · 2012-04-04 05:49 · Score: 3, Insightful

Most of what I'm seeing there we already achieve through Active Directory without any third party solutions. Any company that only implements two levels of permissions (root and user) is either stuck in the 80s or else only has one user.
Sorry, did I click on one of the Slashdot ads? by tphb · 2012-04-04 05:54 · Score: 2

This seems to be an advert for some sort of sorry Windows admin tool. WTF?
slashdot editors: please read by rgbrenner · 2012-04-04 05:57 · Score: 5, Insightful

Your site.. feel free to disagree.. but I think you're making a huge mistake with these ads.
There has to be some separation between the ads and the content. No one is going to visit a site explicitly to see ads. And if the content becomes the advertising, users will leave.
I can't think of a single successful site that has advertising as the content. Nytimes, washpost, wsj, digg, ... There's always separation between the content and the ads.
1. Re:slashdot editors: please read by rgbrenner · 2012-04-04 06:00 · Score: 2
  
  One other thing: if you're doing this just so you can create a video section.. maybe try something a little different. Instead of posts by companies, try covering trade shows, etc.. the videos with timothy that were posted in the beginning I thought were great.
2. Re:slashdot editors: please read by rgbrenner · 2012-04-04 06:47 · Score: 2
  
  there are often interesting things to report on at trade shows (CES, Macworld, etc)
  interviews with people have authority on a subject would be good too (like iphone security from someone at ossec..)
Re:But then you overdo it... by DickBreath · 2012-04-04 05:59 · Score: 5, Funny

That's okay to require use of the root password. I never forget my root password because on my WiFi I make the root password also be the broadcast SSID. Problem solved.

--

I'll see your senator, and I'll raise you two judges.
Cruising way past sad.... by atriusofbricia · 2012-04-04 06:00 · Score: 3, Insightful

This is the second one of these non-stories posted in as many days. I, like many people, have been reading and posting to Slashdot for years. I'm starting to wonder exactly why I continue to do so....

--
I was raised on the command line, bitch
"Nemo me impune lacesset"
1. Re:Cruising way past sad.... by keytoe · 2012-04-04 06:33 · Score: 3, Insightful
  
  I clicked through looking for a solution to blocking these myself. There doesn't seem to be a way to block them in the user settings that I can see. Anyone had any luck?
  I don't have high hopes since these are pretty obviously revenue generators for the site. It just seems incongruous to offer users a 'block ads' option and then turn around to make these slashvertisements unblockable.
  To be honest, if there were an option to 'block all videos' I'd take that. I dislike this trend of locking information in a format I can't search, skim, read at work, use while also listening to music, etc.
  Sorry for the off topic.
  
  --
  Culture is more than commerce
2. Re:Cruising way past sad.... by aiken_d · 2012-04-04 06:37 · Score: 2
  
  Nothing wrong with a little brand destruction in the name of increasing short term revenue, especially if you're looking to make an exit.
  But yeah, I've noticed my visits to slashdot have gone from twice-daily to daily to weekly over the past few months. I'm not even sure how much to ascribe to the slimy mix of content and advertising and how much reflects the general loss of quality and tendency to be days behind CNN rather than days ahead.
  
  --
  If I wanted a sig I would have filled in that stupid box.
3. Re:Cruising way past sad.... by FunPika · 2012-04-04 08:31 · Score: 3, Insightful
  
  The biggest offender appears to be Roblimo, and I never see anything of value from him, so I exclude him in my options (I only noticed this story because I looked at the front page on a computer I wasn't logged into).
  
  --
  After years of not using a signature, I am going to make one to say the following: Fuck Beta
4. Re:Cruising way past sad.... by Flammon · 2012-04-04 11:56 · Score: 2
  
  4 Digit UID here with the same sentiment. I've been here for 15 years and boy have things changed. Some for the good but god I miss the days when Rob would post about a WindowMaker app that he wrote and you could download the source and compile it. It was pure geek stuff and the subject of monetization no where to be seen. The geek purity made it great.
  This is the stuff that we used to talk about. http://cmdrtaco.net/linux/
  I read Rob's blog because he talked about stuff that I was into. Linux, X, AfterStep, the Internet, programming and I have a feeling that Rob really wanted to keep it that way but as site ownership slipped away, he no longer had control and the direction changed.
  Maybe it's time to look for a new "Slashdot". This one has been infected by the Profit virus which has no known cures.
  
  --
  ayottesoftware.com
Re:Is he not aware of Windows? by Anonymous Coward · 2012-04-04 06:02 · Score: 2, Informative

This is very Linux-centric. There have been much more granular permissions on Windows for probably well over a decade.
Most Windows users for the last decade have run as 'root' since it's the default on XP, and there have been much more granular permissions on Unix for decades through group permissions.
Not to mention technologies like SELinux and Apparmor.
Re:Is he not aware of Windows? by sqlrob · 2012-04-04 06:07 · Score: 4, Informative

Not quite. Not even Administrator is root. LocalSystem is root.
What the hell man by atari2600a · 2012-04-04 06:13 · Score: 2

We're supposed to pay for a product that effectively replaces sudo & user/group privelages?
Re:At least once a day. by ColdWetDog · 2012-04-04 06:35 · Score: 2

Anyone got a good suggestion on how to filter this spam out?
There's likely to be an 'off' button somewhere on the device you're using. Power down!

--
Faster! Faster! Faster would be better!