I'm aware of the testing issue with deployng major updates. I work in IT and have 1100+ machines with various in-house/third party software and we tested SP2 for a good eight months before deploying it to the first machines. I was only giving the parent a hard time for not knowing of SP1's expiration until now.
True, but critical updates are the most important kind of "support" and Win2k still has em for a few more years. That's more than you can say for XPSP1,
I hope you're just trolling, though I've met many IT people like you, so I'm thinking you may be serious.
"I'm an a large site that's running XP SP1 on all of quite a few thousand machines and I'd just like to say that one week notice of termination of support is ridiculous.
Microsoft announced the cutoff date for SP1 a long, long, long time ago. In fact, I'm pretty sure it was known before SP2 was even released.
Have fun rushing out SP2. You only have yourself to blame.
Re:I have plenty of reasons to dislike Microsoft..
on
The BBC's Honeypot PC
·
· Score: 1
XP has allways had a built in firewall. It just wasn't turned on by default until SP2.
"Sorry, but I like retaining the rights to my software, and I want those rights to improve the software.
With the BSD license, you retain the rights to your software and you have the right to improve the software. Perhaps you should go read the BSD license agian?
"Call it a protection against HUMAN GREED."
So taking away certain rights away from those that use your sourcecode is not a form of greed?
"People everyday reap the benefits of GNU software licensing, and fail to make the connection that its the source code and the restrictions to force people to PLAY NICE and not be greedy little thought police wishing to control our lives and wallets because they don't want us to see what the hell the machines are doing with our data."
People every day reap the benefits of BSD software licensing, and fail to make the connection that it the source code and the lack of restrictions that allowed such widespread adoption of the things we takes for granted today.
"All in the name of some kind of "intellectual property" B.S."
Without that "Intelectualy property B.S.", the GPL would be nothing more than a plea to the people that download your source code.
"If software is ever going to improve, the leachers have to stop stealing other peoples work, incoporating that work into software and then claim its all theirs and you don't get the source code."
It's also not stealing because the license allows it. Also, the BSD license prohibits claiming that it's 'all yours'.
"AND more importantly, that labor shouldn't be able to be compromised in any way by stealing source code and incorporating it into software we now don't get the source code for, and are stuck with: ALA Micosoft's IP stack for Windows 2000."
The Windows 2000 IP stack was not based on BSD code. If it was, it probably would have performed better.
Actually I'm not a Linux user. I use Windows XP mostly, though I'm typing this from Vista RC2. I do use FreeBSD (NOT Linux) on my desktop from time to time, but mostly just for the novelty of it, as I think *nix type OS's are, for the most part, still only usefull in the data center.
BTW, why the hell would you use Ubuntu. It's linux trying to be just like Windows. I tried N00b...err...Ubuntu once, and I had a harder time getting a DVD to play on it that on FreeBSD. If you wanted a desktop OS that was secure, you need not use a piss-poor windows replacement like Linux...just follow my sig and learn all about Windows oft-ignored security abilities.
"If you're computer-savvy and know what you're doing, seperation of privileges gets in your way."
No it doesn't. It saves your ass when the program you are using gets exploited.
"Sure, I wouldn't want to run as root on a physically secure system with critical data, but I know that my term papers and random stuff is not that valuable to people."
Tell that to the people who've been hit by "ransomware" exploits.
"if you're a computer nerd (a real one and not the fake kind who thinks they know things since they can read PCMag), security just becomes an unnecessary annoyance."
That's one the most ill-informed things I've seen written here in a long time...and that's saying a lot.
"Vista still installs the user as Administrator by default."
But processes that administrators start do not start out with the administrator token. They have to give them the token via clicking the allow button on UAC. If the user is logged on as a regular user, they have to enter in credentials.
I think you're right that having to enter in a password is more secure, but IMO changing the behavior of UAC so it forces even administrators to enter a password would only drive more people to disable UAC altogether. There are already a huge number of Vista BETA testers that can't stand the simple act of having to click the allow button - even though UAC doesn't come up very often during normal computer use. Do a Google for "disable UAC" and you'll see.
There's this thing about Windows users. They're LAZY. Look at my sig. I've long been a proponent of running your Windows machine as a regular user, but no one outside of the geek crowd who already understands the privilege separation concept cares. Your average Windows user dismisses anything that requires any type of thought, or extra work, regardless of the possible benefits.
OK, I suppose the constructive thing to say is, "Best Windoze evar!" Otherwise I'm a troll:
Well, if they could, they would mod you "-1 Raving Lunatic", or "-1 Rabid Zealot", "-1 Gargantuan Asshole", but they can't so they have to settle for "-1 Troll".
Now you're just nitpicking. The purpose of post was to remark that a system extremely similar to the idea you described had allready been implimented in Windows Vista. I'll leave it at that.
The Mac way sounds awful. Does it automatically select POP for you and clear out your mailbox the first time you connect? I would be PISSED if it did that.
ctrl+alt+del can't be hit when you're intending to hit something else. The UAC "allow" button probably can. Specifically, if they allow a keystroke to do it (which they should -- makes it much faster), this keystroke may be hit accidently. The number of mis-sent IMs should be an indication here -- UAC box pops up while I'm IM-ing, keyboard focus switches, I accidently hit "allow" instead of "send IM".
You are correct that it would be possible to accidentally approve something, but you would have to hit the left arrow key (to move the focus to the allow button) followed by 'Enter'. By default, the "Cancel" button is selected on the UAC prompt, so just hitting enter would deny access to whatever program is trying to access restricted resources.
As for RDP/VNC, like I said only objects that allready they allready have admin/system rights, so I don't see why remote access programs wouldn't be able to touch the UAC prompt. After all, RDP/VNC can send ctrl+alt+del to the machine.
This would also allow a damned annoying DOS attack, one which may be completely unintentional. Not many apps understand this, but popping a dialog over what the user is doing, especially if you're taking keyboard focus, is extremely rude and annoying.
I'm not sure about programs causing a DoS situation. That's an good question. As for dialogues popping up being rude and annoying, I belive that's the point. Programs that are written properly, should not write to areas that the user doesn't have access to during normal operation. This seems like such a simple concept to people like you and I, but Windows app developers still don't seem to get it. Those rude and annoying prompts might get ISV's to start writing the Windows apps properly.
"What's to stop an app from popping up a fake UAC prompt (always on top, you can't do anything else, looks identical) and intercepting my password?"
I can't say for certain but I don't think it's possible to produce a fake UAC prompt that behaves in the exact same way that the authetic one does. Authentic looking or not, a fake prompt put up by rougue code could certainly grab the user's password, but what would it do with that password? The rogue code couldn't type it into the UAC prompt, because it wouldn't have the admin token needed to do so. It could try to do some other action like create an account, but that would spark a UAC prompt, which it could not access because, again, it wouldn't have the neccessary rights to do so. In the end, for rogue code to get system access, the user would have to click the allmighty allow button, or type in some credentials (depending on how UAC is configured) on the UAC prompt.
Nothing is social engineering proof. I'm sure millions of people will click that allow button in the coming years, allowing their Vista machines to be owned, but I don't think that takes away from the usefullness of UAC.
No, but the little "Allow" button on the UAC prompt can only be touched by objects that alleady have "root-level" access to the system. A device, like a keyboard or mouse are examples. I don't know the technical details behind it but I've read that it the same mechanism that requires you to press crtl+alt+delete to get the logon prompt in Windows. You could probably manipulate the UAC prompt via sofwtare, but that software would already have to have the admin token to do so.
Also, everything but the password dialog should be blanked out.
Exactly. You cannot do ANYTHING else but answer the UAC prompt when it comes up, and only an object that allready had system access can answer it. Like I said, you've just described UAC in Vista.
Here a link that explains exactly what UAC does in a little more detail..
Slashdot Mirror
I've read that this can be stopped by encrypting your page file.
Yikes.
I'm aware of the testing issue with deployng major updates. I work in IT and have 1100+ machines with various in-house/third party software and we tested SP2 for a good eight months before deploying it to the first machines. I was only giving the parent a hard time for not knowing of SP1's expiration until now.
True, but critical updates are the most important kind of "support" and Win2k still has em for a few more years. That's more than you can say for XPSP1,
Win2k is still supported.
Microsoft announced the cutoff date for SP1 a long, long, long time ago. In fact, I'm pretty sure it was known before SP2 was even released.
Have fun rushing out SP2. You only have yourself to blame.
XP has allways had a built in firewall. It just wasn't turned on by default until SP2.
You forgot to linux to the statistics that show the number of compromised Apache servers vs the number of compromised IIS servers on the net.
Any more questions?
"Sorry, but I like retaining the rights to my software, and I want those rights to improve the software.
With the BSD license, you retain the rights to your software and you have the right to improve the software. Perhaps you should go read the BSD license agian?
"Call it a protection against HUMAN GREED."
So taking away certain rights away from those that use your sourcecode is not a form of greed?
"People everyday reap the benefits of GNU software licensing, and fail to make the connection that its the source code and the restrictions to force people to PLAY NICE and not be greedy little thought police wishing to control our lives and wallets because they don't want us to see what the hell the machines are doing with our data."
People every day reap the benefits of BSD software licensing, and fail to make the connection that it the source code and the lack of restrictions that allowed such widespread adoption of the things we takes for granted today.
"All in the name of some kind of "intellectual property" B.S."
Without that "Intelectualy property B.S.", the GPL would be nothing more than a plea to the people that download your source code.
"If software is ever going to improve, the leachers have to stop stealing other peoples work, incoporating that work into software and then claim its all theirs and you don't get the source code."
It's also not stealing because the license allows it. Also, the BSD license prohibits claiming that it's 'all yours'.
"AND more importantly, that labor shouldn't be able to be compromised in any way by stealing source code and incorporating it into software we now don't get the source code for, and are stuck with: ALA Micosoft's IP stack for Windows 2000."
The Windows 2000 IP stack was not based on BSD code. If it was, it probably would have performed better.
Actually I'm not a Linux user. I use Windows XP mostly, though I'm typing this from Vista RC2. I do use FreeBSD (NOT Linux) on my desktop from time to time, but mostly just for the novelty of it, as I think *nix type OS's are, for the most part, still only usefull in the data center.
BTW, why the hell would you use Ubuntu. It's linux trying to be just like Windows. I tried N00b...err...Ubuntu once, and I had a harder time getting a DVD to play on it that on FreeBSD. If you wanted a desktop OS that was secure, you need not use a piss-poor windows replacement like Linux...just follow my sig and learn all about Windows oft-ignored security abilities.
"All you had to do was to edit 4 config files to play the "LINUX" version of america's army?
Yeah, on FreeBSD no less.
And BTW, it was a JOKE fucktard.
"If you're computer-savvy and know what you're doing, seperation of privileges gets in your way."
No it doesn't. It saves your ass when the program you are using gets exploited.
"Sure, I wouldn't want to run as root on a physically secure system with critical data, but I know that my term papers and random stuff is not that valuable to people."
Tell that to the people who've been hit by "ransomware" exploits.
"if you're a computer nerd (a real one and not the fake kind who thinks they know things since they can read PCMag), security just becomes an unnecessary annoyance."
That's one the most ill-informed things I've seen written here in a long time...and that's saying a lot.
"Vista still installs the user as Administrator by default."
But processes that administrators start do not start out with the administrator token. They have to give them the token via clicking the allow button on UAC. If the user is logged on as a regular user, they have to enter in credentials.
I think you're right that having to enter in a password is more secure, but IMO changing the behavior of UAC so it forces even administrators to enter a password would only drive more people to disable UAC altogether. There are already a huge number of Vista BETA testers that can't stand the simple act of having to click the allow button - even though UAC doesn't come up very often during normal computer use. Do a Google for "disable UAC" and you'll see.
There's this thing about Windows users. They're LAZY. Look at my sig. I've long been a proponent of running your Windows machine as a regular user, but no one outside of the geek crowd who already understands the privilege separation concept cares. Your average Windows user dismisses anything that requires any type of thought, or extra work, regardless of the possible benefits.
Up yours you pretentious asshole.
Yours truely,
-toadlife
Sorry.
Yeah, you're right. I had to edit four config files to play the linux version of America's Army.
Parent is not a troll.
[b]Moderators:[/b] Troll != Someone you disagree with
Now you're just nitpicking. The purpose of post was to remark that a system extremely similar to the idea you described had allready been implimented in Windows Vista. I'll leave it at that.
The Mac way sounds awful. Does it automatically select POP for you and clear out your mailbox the first time you connect? I would be PISSED if it did that.
"It's true, Uranus really is full of methane gas. Look it up."
Perhaps the gas on uranus originates from the dark spot?
You are correct that it would be possible to accidentally approve something, but you would have to hit the left arrow key (to move the focus to the allow button) followed by 'Enter'. By default, the "Cancel" button is selected on the UAC prompt, so just hitting enter would deny access to whatever program is trying to access restricted resources.
As for RDP/VNC, like I said only objects that allready they allready have admin/system rights, so I don't see why remote access programs wouldn't be able to touch the UAC prompt. After all, RDP/VNC can send ctrl+alt+del to the machine.
I'm not sure about programs causing a DoS situation. That's an good question. As for dialogues popping up being rude and annoying, I belive that's the point. Programs that are written properly, should not write to areas that the user doesn't have access to during normal operation. This seems like such a simple concept to people like you and I, but Windows app developers still don't seem to get it. Those rude and annoying prompts might get ISV's to start writing the Windows apps properly.
I can't say for certain but I don't think it's possible to produce a fake UAC prompt that behaves in the exact same way that the authetic one does. Authentic looking or not, a fake prompt put up by rougue code could certainly grab the user's password, but what would it do with that password? The rogue code couldn't type it into the UAC prompt, because it wouldn't have the admin token needed to do so. It could try to do some other action like create an account, but that would spark a UAC prompt, which it could not access because, again, it wouldn't have the neccessary rights to do so. In the end, for rogue code to get system access, the user would have to click the allmighty allow button, or type in some credentials (depending on how UAC is configured) on the UAC prompt.
Nothing is social engineering proof. I'm sure millions of people will click that allow button in the coming years, allowing their Vista machines to be owned, but I don't think that takes away from the usefullness of UAC.
UAC does not require ctrl+alt+del, does it?
r ary/0d75f774-8514-4c9e-ac08-4c21f5c6c2d9.mspx
No, but the little "Allow" button on the UAC prompt can only be touched by objects that alleady have "root-level" access to the system. A device, like a keyboard or mouse are examples. I don't know the technical details behind it but I've read that it the same mechanism that requires you to press crtl+alt+delete to get the logon prompt in Windows. You could probably manipulate the UAC prompt via sofwtare, but that software would already have to have the admin token to do so.
Also, everything but the password dialog should be blanked out.
Exactly. You cannot do ANYTHING else but answer the UAC prompt when it comes up, and only an object that allready had system access can answer it. Like I said, you've just described UAC in Vista.
Here a link that explains exactly what UAC does in a little more detail..
http://www.microsoft.com/technet/windowsvista/lib
You've just decribed UAC in Windows Vista.