Sure granted this bug would occur on all Linux distros with a similar setup.
The thing is it would occur on all operating systems if they use a similar setup. That means its hardware because its only a certain type of laptop with the issue.
I have not tried it myself no. I've got a phobia when it comes to Windows servers. At school I was the person breaking the same policies you mention.
I believe that path rule you mention operates a bit like a virus I've seen where it 'proxies' every execution request. I used similar techniques to bypass it as well. If another program spawns the program (e.g. VBA and shell) then there is nothing that can be done.
I'm not sure exactly how it works. I was never in a position to packet sniff it while it occurred but it always worked. Keep in mind that the machines I used it against did not have roaming profile.
Try it. Log in and pull out the network jack after various amounts of time.
I think Windows does the login stuff in two parts, the actual login and then all the policy stuff. There must be some unnecessary stuff in between the two parts which is why ripping the network cable works. Trust me, it works.
You may want to note that that *only* prevents Explorer from launching exes. Any other program can be used to launch a program. Word (VBA rocks), Help, Batch files, and so on.
There is no way to prevent unauthorized programs from running with only Microsoft software. To do it you'd need a program to whitelist each allowed program's signature and kill any others that are running.
Its also trivially easy to bypass such server side login scripts. Pulling out the network cable about 5 seconds after logging in usually does the trick.:) Windows then defaults to a 'allow all' state.
Yes Windows is fully scriptable but it will only allow you to lock down the really obvious things. They are extremely simple to work around if your determined enough. Hint: At a school, there will be plenty of bored kids who are determined.
Thats one way. Another way is to force another program to execute it. VBA is a sys admin's nightmare.:) Prohibiting exe execution only works against programs which Explorer executes.
KDE has a literately *huge* quantity of educational programs. Everything from typing to astronomy to vocabulary training to maths and science. Whenever I look in to that folder I'm amazed.
Saying Windows is better for that kind of stuff is stupid. Windows doesnt have a single educational program on it out of the box.
Linux for schools is nearly a ideal fit. It makes the sys admin's job a lot easier and there is already a lot of software tailor made for schools.
Hehe. No it isnt. With Windows there is *always* another way. The tricks for getting around some of them are hilariously stupid.
Linux is also very simple to lock down to school standards. Dont want the buggers to be executing their own programs? One small edit and they cannot execute anything which isnt already on the system.
Also it allows the sys admins to allow a little bit of customization which Windows cannot do easily like program preferences or even changing the background image only for themselves.
Slashdot Mirror
The problem is that the organisations which would obey that system also have unsubscribe links.
I think that would just make it easier. People can eavesdrop on smart cards.
They are *supposed* to but few people do.
Sure granted this bug would occur on all Linux distros with a similar setup.
The thing is it would occur on all operating systems if they use a similar setup.
That means its hardware because its only a certain type of laptop with the issue.
That seems like good security to me. I count 9 worms and 14 viruses.
Also those viruses are rather old. I doubt any would work anymore.
This shows the virus breakdown somewhat better: http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses
Mac OS X: 1
Linux: 30
Windows: approx 140,000
Looks like you shot yourself in the foot.
Or just use Linux which solves the security problems nicely.
Remember that Group Policy was glued on top of Windows. It only controls the obvious things.
:)
Read the posts in this thread. There are many instances of people breaking group policy.
If you firmly believe that Group Policy is infallible, then are you sure that you weren't my school's sys admins?
I have not tried it myself no. I've got a phobia when it comes to Windows servers.
At school I was the person breaking the same policies you mention.
I believe that path rule you mention operates a bit like a virus I've seen where it 'proxies' every execution request. I used similar techniques to bypass it as well.
If another program spawns the program (e.g. VBA and shell) then there is nothing that can be done.
Have you tried it?
I'm not sure exactly how it works. I was never in a position to packet sniff it while it occurred but it always worked.
Keep in mind that the machines I used it against did not have roaming profile.
The people in the mass graves disagree with you.
Try it. Log in and pull out the network jack after various amounts of time.
I think Windows does the login stuff in two parts, the actual login and then all the policy stuff.
There must be some unnecessary stuff in between the two parts which is why ripping the network cable works.
Trust me, it works.
You may want to note that that *only* prevents Explorer from launching exes.
Any other program can be used to launch a program. Word (VBA rocks), Help, Batch files, and so on.
There is no way to prevent unauthorized programs from running with only Microsoft software.
To do it you'd need a program to whitelist each allowed program's signature and kill any others that are running.
Its also trivially easy to bypass such server side login scripts. :)
Pulling out the network cable about 5 seconds after logging in usually does the trick.
Windows then defaults to a 'allow all' state.
Yes Windows is fully scriptable but it will only allow you to lock down the really obvious things.
They are extremely simple to work around if your determined enough.
Hint: At a school, there will be plenty of bored kids who are determined.
Thats one way. Another way is to force another program to execute it. VBA is a sys admin's nightmare. :)
Prohibiting exe execution only works against programs which Explorer executes.
If you think that your skilled enough to go faster than the speed limit then you'll end up dead just like that guy did.
We are talking about photons so it may be just a little bit more than 200 years.
Mr. Darwin will take care of it I think. :)
KDE has a literately *huge* quantity of educational programs. Everything from typing to astronomy to vocabulary training to maths and science.
Whenever I look in to that folder I'm amazed.
Saying Windows is better for that kind of stuff is stupid.
Windows doesnt have a single educational program on it out of the box.
Linux for schools is nearly a ideal fit.
It makes the sys admin's job a lot easier and there is already a lot of software tailor made for schools.
Hehe. No it isnt. With Windows there is *always* another way.
The tricks for getting around some of them are hilariously stupid.
Linux is also very simple to lock down to school standards.
Dont want the buggers to be executing their own programs? One small edit and they cannot execute anything which isnt already on the system.
Also it allows the sys admins to allow a little bit of customization which Windows cannot do easily like program preferences or even changing the background image only for themselves.
A 8gb SD card here in Australia costs well over $150 AUD.
Flash hard drives will not be cheap for many many years to come.
Ooh we have a Microsoft droid here. Welcome to slashdot. :)
XP -> Vista is very very different to 2k -> XP.
Far fewer benefits and far more problems.
Leopard requiring more resources than Vista? I'd love to see your sources.
Oh and I would also love to see Aero running on the RAGE 128 you mentioned. *cough* idiot
Yeah thats the only downside. I also used Canon before my last printer died.
Why did I switch? Because of the price of Canon's networked printers.
My trials with SANE worked nicely with good quality scans.
:)
Usually I just open up the printer's web interface for scanning though.
Networked all in ones rock.
What that study tells me is that people are incapable of driving at 55 mph and thus the speed limit should be lowered. :D
This guy agreed with you: http://darwinawards.com/darwin/darwin2005-15.html