I agree with the GP. Windows was designed to allow the user to log in as administrator. In fact, take a retail copy of XP and install it on a new computer. You will end up with an account that has administration privs. Enough said.
I suggest you ruminate on the difference between "design" and "configuration".
One of the biggest failings of computer security is this idea that figuring out who can be blamed is part of it. It doesn't matter whose fault it is, just that the security has failed.
Of course it matters. Without knowing where the security failed, you cannot hope to take steps to remedy the problem.
Perhaps you need to substitute "responsibility" instead of "blame".
Actually what needs to happen is for MS to make all application developers, including their own obey strict rules for sandboxing of applications not just from the OS, but from one another.
this would result in the same scenario you called 'absurd' just above.
I don't advocate locking things down to a single repository, like Apple did, but there's no reason a full fledged desktop OS can't get all the same security advantages without the single repository lock-in... if the OS vendor put in the work to do it.
You can't secure a system where the end user can run arbitrary code. Heck, it's still nearly impossible to secure a system locked down as tightly as the iPhone.
Average users shouldn't have to know the difference. They should just log in, be in normal user mode by default, and be asked for escalation of privileges in the rare instance where that is needed (NOT all the fricking time to do normal tasks).
Please define, generically, how "normal tasks" can be identified programmatically.
I didn't say that a user should automagically be able to install to that directory, merely that, once there, an app should be free to write to its own subdirectory.
There's absolutely nothing wrong with an app putting files into its own directory in C:\Program Files (and it's complete bullshit that this trips UAC in Vista). The only problem would be writing to another app's directory.
I agree. That's why the first thing I do on any UNIX system after installing the OS is 'chmod a+w/*'.
Their file browser does not work correctly in less than Administrator mode.
Can't schedule a task in anything less than Administrator mode.
Windows update doesn't work at all in less than Administrator mode. Errors out, with no way to elevate privileges.
These are all false.
I suggest you pursue a new line of work, because you're incompetent at the one you're in.
Back to the main story: hidden registry entries suggests what Microsoft critics have been maintaining all along, Windows 8 security is the 2000/XP security model with UAC lard on top.
Of course it is. UAC is just a UI construct, like sudo or su. The Windows NT security _model_ has not changed since it was fist designed back in the late '80s (or even earlier if you want to count VMS, where it inherited it from), though the UI around it has improved significantly.
What Microsoft should have done is said, "you're not allowed to claim your application works with Vista and 7 unless it behaves nicely with UAC."
That *is* what they did.
Even better, it should be following a proper UNIX-esque security model. It could create users/groups for specific escalation. Apps shouldn't ask to escalte to administrator level. They should ask only to escalate the rights they specifically need, such as writing to C:\Program Files\Foo\.
I don't know what UNIX systems you've been using, but that's not how they typically work. Nearly all "normal" security escalations in UNIX systems are done to UID 0.
(Somewhat ironically, it *is* the way the Windows security system works.)
Microsoft is happy to blame the users, but it is Microsoft who established the industry standards. They set the table. They tell the users how to use their OS, and they tell developers how to develop for their OS.
Microsoft have been telling developers to write applications so they didn't need Administrator privileges for over a decade.
If Microsoft shipped a more secure design from the get-go, we wouldn't have as many issues.
The "design" of Windows hasn't changed, even for the consumer oriented releases, for the better part of a decade. For the "Professional" releases, over a decade and a half.
I'm sure malware authors would still target the market-share king and eventually find chinks in the armor, but right now it is so easy to target Windows that every script-kiddie on the planet pulls it off with ease.
Most malware doesn't find "chinks in the armour", it finds gullible end users.
Now a typical Linux home user desktop system, excluding Ubuntu, has all of the security features and settings I described by default.
A typical Ubuntu desktop has the same "security features" as a recent version of Windows and is a minor piece of social engineering away from a malware strike, just like Windows is.
Right, because I "... might be amazed to find out that most malware these days isn't about destroying the system", but that same malware destroyed the system, but left your user data intact. You can't even keep your own ridiculous bullshit consistent.
Perhaps you can elaborate why the idea of malware destroying a system but not user data is "ridiculous".
So what you are saying then is that you've never actually used an OS beyond just installing it and leaving it in the out of box configuration then. That pretty much explains your complete cluelessness in a nutshell.
So what you're saying is a) you didn't actually read what I wrote and b) you have no professional experience at all managing systems ?
Can you suggest a reason why I'd prefer to not lose an easily replaceable OS file over potentially irreplaceable user data ?
Have you only used LiveCDs? You do know that root is a user, right?
Root is _not_ a user. Root is a *superuser* - which, by definition, can circumvent the OS's security systems.
This is in contrast to OSes like Windows that have no superuser concept, where 'Administrator' really is just another user, merely one with a bigger list of privileges.
It is good that you offered the caveat, because your suspicion is correct... that is not normal. Most systems don't have sudo at all, or only allow system administrators to have sudo access. If you are user, on a properly configured Linux system, then you do not have sudo capabilities. In fact, sudo is short for superuser do . If it was for regular users, it would be called luserdo;-)
Why do you think the typical home user desktop is comparable to a professionally managed system ?
You are forgetting that Linux is multi-user. When you do stupid things, like run a trojan because it will give you free midget pr0n, I don't want my files, or the OS upon which I am running molested by your new midget friend.
Newsflash (well, more accurately, "Oldsflash"). The world is no longer filled with green-screen trminals connected back to a central, professionally managed mainframe. The vast majority of computers in the world are single user, even though they are running multiuser OSes.
Also, we all know you have good backups, right? So you obviously would rather just restore your backed up user data than re-install the whole fscking OS after learning your valuable lesson, right?
No, I'd *much* rather reinstall the OS that a) have to go through the hassle of digging up backups and b) losing any data that's changed since the last one. The OS files are trivially available and essentially static - why would I be concerned about losing any of them ?
The technetronic era involves the gradual appearance of a more controlled society. Such a society would be dominated by an elite, unrestrained by traditional values.
The fact remains that in most sensible implementations, the user is unable to run arbitrary code outside his own directory.
Firstly, that means none of the common Linux (or UNIX in general) distributions are "sensible".
Secondly, how does only letting users run code they've downloaded into their home directory add any meaningful additional security to the average computer ? The problem is they can run code in the first place - where it's located when they do a is minor semantic issue.
Of course, anti-lock brakes aren't designed for Nascar. I wonder if a version could be developed that would help in those situations.
Of course it could. The Formula One world banned ABS over a decade and a half ago because it could brake far better and more consistently than any human.
The idea that a slow human controlling all four wheels with a foot pedal, could do a better job than a computer with dozens of accelerometers, much quicker reaction times, vastly finer motor control and the ability to brake each wheel independently, is just laughable.
Might have been more appropriate to compare it in that people in the high performance arena (nascar) don't like antilock brakes because of their limits and the separation you get from your task at hand. (you lose your "feel for the road")
I always laugh when I read this sort of thing.
In *real* high performance racing - Formula 1 - ABS (along with traction control, launch control, active suspension, and a whole bunch of other fancy electronics that basically turned the cars into a ludicrously fast go-karts) was used very successfully and then banned because it could do a far, far better job than any human.
Say what ? What kind of worthless colo facility doesn't have at least two independent, redundant power circuits to each rack, and why would anyone be doing business with them ?
Heck, even if you're self-hosting, you should have one PSU hanging of the UPS and the other wired directly to the mains. That will protect you from nearly all "expected" power-related failures.
Loosing one server is no fun, but you should already have plans for that. Losing a centralized UPS is a real problem! ALL servers go down then, even if the power didn't fail (someone will have to manually switch to bypass)!
No they don't, because your servers have dual power supplies, with each PSU on a different circuit.
The phone's software must be under my control, so I can install a new operating system if I want, or whatever else I want. It must be a fully open hardware platform, the same way I can install new software on my computer.
Do you have a similar restriction for all your electronic equipment - microwave, washer, television, car, etc ?
You should re-read it. Manually installing a copy of OS X on every computer is time consuming (particularly when it's a hackintosh and needs extra work), so Psystar did it once and then cloned the hard drive. That fucked them over big time.
If this is a problem with the law, then it is the law that is the problem.
I agree with the GP. Windows was designed to allow the user to log in as administrator. In fact, take a retail copy of XP and install it on a new computer. You will end up with an account that has administration privs. Enough said.
I suggest you ruminate on the difference between "design" and "configuration".
One of the biggest failings of computer security is this idea that figuring out who can be blamed is part of it. It doesn't matter whose fault it is, just that the security has failed.
Of course it matters. Without knowing where the security failed, you cannot hope to take steps to remedy the problem.
Perhaps you need to substitute "responsibility" instead of "blame".
Actually what needs to happen is for MS to make all application developers, including their own obey strict rules for sandboxing of applications not just from the OS, but from one another.
this would result in the same scenario you called 'absurd' just above.
I don't advocate locking things down to a single repository, like Apple did, but there's no reason a full fledged desktop OS can't get all the same security advantages without the single repository lock-in... if the OS vendor put in the work to do it.
You can't secure a system where the end user can run arbitrary code. Heck, it's still nearly impossible to secure a system locked down as tightly as the iPhone.
Average users shouldn't have to know the difference. They should just log in, be in normal user mode by default, and be asked for escalation of privileges in the rare instance where that is needed (NOT all the fricking time to do normal tasks).
Please define, generically, how "normal tasks" can be identified programmatically.
I didn't say that a user should automagically be able to install to that directory, merely that, once there, an app should be free to write to its own subdirectory.
Why would it need to ?
There's absolutely nothing wrong with an app putting files into its own directory in C:\Program Files (and it's complete bullshit that this trips UAC in Vista). The only problem would be writing to another app's directory.
I agree. That's why the first thing I do on any UNIX system after installing the OS is 'chmod a+w /*'.
Their file browser does not work correctly in less than Administrator mode.
Can't schedule a task in anything less than Administrator mode.
Windows update doesn't work at all in less than Administrator mode. Errors out, with no way to elevate privileges.
These are all false.
I suggest you pursue a new line of work, because you're incompetent at the one you're in.
Back to the main story: hidden registry entries suggests what Microsoft critics have been maintaining all along, Windows 8 security is the 2000/XP security model with UAC lard on top.
Of course it is. UAC is just a UI construct, like sudo or su. The Windows NT security _model_ has not changed since it was fist designed back in the late '80s (or even earlier if you want to count VMS, where it inherited it from), though the UI around it has improved significantly.
What Microsoft should have done is said, "you're not allowed to claim your application works with Vista and 7 unless it behaves nicely with UAC."
That *is* what they did.
Even better, it should be following a proper UNIX-esque security model. It could create users/groups for specific escalation. Apps shouldn't ask to escalte to administrator level. They should ask only to escalate the rights they specifically need, such as writing to C:\Program Files\Foo\.
I don't know what UNIX systems you've been using, but that's not how they typically work. Nearly all "normal" security escalations in UNIX systems are done to UID 0.
(Somewhat ironically, it *is* the way the Windows security system works.)
Microsoft is happy to blame the users, but it is Microsoft who established the industry standards. They set the table. They tell the users how to use their OS, and they tell developers how to develop for their OS.
Microsoft have been telling developers to write applications so they didn't need Administrator privileges for over a decade.
If Microsoft shipped a more secure design from the get-go, we wouldn't have as many issues.
The "design" of Windows hasn't changed, even for the consumer oriented releases, for the better part of a decade. For the "Professional" releases, over a decade and a half.
I'm sure malware authors would still target the market-share king and eventually find chinks in the armor, but right now it is so easy to target Windows that every script-kiddie on the planet pulls it off with ease.
Most malware doesn't find "chinks in the armour", it finds gullible end users.
Your a straight up moron
Gold.
Now a typical Linux home user desktop system, excluding Ubuntu, has all of the security features and settings I described by default.
A typical Ubuntu desktop has the same "security features" as a recent version of Windows and is a minor piece of social engineering away from a malware strike, just like Windows is.
Right, because I "... might be amazed to find out that most malware these days isn't about destroying the system", but that same malware destroyed the system, but left your user data intact. You can't even keep your own ridiculous bullshit consistent.
Perhaps you can elaborate why the idea of malware destroying a system but not user data is "ridiculous".
If you didn't lose your data, you sure in hell didn't lose the OS when the OS is Linux.
Wow, you really are stuck back in the past. You might be amazed to find out that most malware these days isn't about destroying the system.
Perhaps when you've dragged yourself into the early '90s, you might be able to make some relevant comments.
Keeping data an a seperate drive does absolutely nothing to save it.
It does when you're reinstalling. Which was what the comment was about.
So what you are saying then is that you've never actually used an OS beyond just installing it and leaving it in the out of box configuration then. That pretty much explains your complete cluelessness in a nutshell.
So what you're saying is a) you didn't actually read what I wrote and b) you have no professional experience at all managing systems ?
Can you suggest a reason why I'd prefer to not lose an easily replaceable OS file over potentially irreplaceable user data ?
Have you only used LiveCDs? You do know that root is a user, right?
Root is _not_ a user. Root is a *superuser* - which, by definition, can circumvent the OS's security systems.
This is in contrast to OSes like Windows that have no superuser concept, where 'Administrator' really is just another user, merely one with a bigger list of privileges.
It is good that you offered the caveat, because your suspicion is correct ... that is not normal. Most systems don't have sudo at all, or only allow system administrators to have sudo access. If you are user, on a properly configured Linux system, then you do not have sudo capabilities. In fact, sudo is short for superuser do . If it was for regular users, it would be called luserdo ;-)
Why do you think the typical home user desktop is comparable to a professionally managed system ?
Yes, that is exactly what I am saying. That is how UNIX, and consequently Linux, are designed from the ground up.
As is Windows. So, what's your point ?
Ok genius, if you reinstall the entire OS, why would you not still need to restore the backups...?
By not formatting as part of the reinstall ? By keeping data on a separate drive ?
You are forgetting that Linux is multi-user. When you do stupid things, like run a trojan because it will give you free midget pr0n, I don't want my files, or the OS upon which I am running molested by your new midget friend.
Newsflash (well, more accurately, "Oldsflash"). The world is no longer filled with green-screen trminals connected back to a central, professionally managed mainframe. The vast majority of computers in the world are single user, even though they are running multiuser OSes.
Also, we all know you have good backups, right? So you obviously would rather just restore your backed up user data than re-install the whole fscking OS after learning your valuable lesson, right?
No, I'd *much* rather reinstall the OS that a) have to go through the hassle of digging up backups and b) losing any data that's changed since the last one. The OS files are trivially available and essentially static - why would I be concerned about losing any of them ?
The technetronic era involves the gradual appearance of a more controlled society. Such a society would be dominated by an elite, unrestrained by traditional values.
You mean just like every society in history ?
The fact remains that in most sensible implementations, the user is unable to run arbitrary code outside his own directory.
Firstly, that means none of the common Linux (or UNIX in general) distributions are "sensible".
Secondly, how does only letting users run code they've downloaded into their home directory add any meaningful additional security to the average computer ? The problem is they can run code in the first place - where it's located when they do a is minor semantic issue.
Of course, anti-lock brakes aren't designed for Nascar. I wonder if a version could be developed that would help in those situations.
Of course it could. The Formula One world banned ABS over a decade and a half ago because it could brake far better and more consistently than any human.
The idea that a slow human controlling all four wheels with a foot pedal, could do a better job than a computer with dozens of accelerometers, much quicker reaction times, vastly finer motor control and the ability to brake each wheel independently, is just laughable.
Might have been more appropriate to compare it in that people in the high performance arena (nascar) don't like antilock brakes because of their limits and the separation you get from your task at hand. (you lose your "feel for the road")
I always laugh when I read this sort of thing.
In *real* high performance racing - Formula 1 - ABS (along with traction control, launch control, active suspension, and a whole bunch of other fancy electronics that basically turned the cars into a ludicrously fast go-karts) was used very successfully and then banned because it could do a far, far better job than any human.
That sentence is not present anywhere in the Windows EULA.
It can be done, but in practice I rarely see it.
Say what ? What kind of worthless colo facility doesn't have at least two independent, redundant power circuits to each rack, and why would anyone be doing business with them ?
Heck, even if you're self-hosting, you should have one PSU hanging of the UPS and the other wired directly to the mains. That will protect you from nearly all "expected" power-related failures.
Loosing one server is no fun, but you should already have plans for that. Losing a centralized UPS is a real problem! ALL servers go down then, even if the power didn't fail (someone will have to manually switch to bypass)!
No they don't, because your servers have dual power supplies, with each PSU on a different circuit.
Right ?
The phone's software must be under my control, so I can install a new operating system if I want, or whatever else I want. It must be a fully open hardware platform, the same way I can install new software on my computer.
Do you have a similar restriction for all your electronic equipment - microwave, washer, television, car, etc ?
You should re-read it. Manually installing a copy of OS X on every computer is time consuming (particularly when it's a hackintosh and needs extra work), so Psystar did it once and then cloned the hard drive. That fucked them over big time.
If this is a problem with the law, then it is the law that is the problem.