ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Bug, or Feature?

2003-07-01 10:48:35
from [mathew] [Permanent Link] 
On Thursday, June 26, 2003, at 06:00 PM, Barry Shein wrote:

These long-winded apologias for microsoft are touching (and I hope
paid for!)

HOWEVER, what would've been so hard about putting in a goddamn pop-up
confirm box triggered at the system level which said something like:

        THAT ACTION IS TRYING TO MODIFY YOUR SYSTEM
        SOFTWARE AND/OR THE REGISTRY etc etc.

                 Proceed? [YES] [NO] [HELP]

based on some reasonable rules so it's a reasonably meaningful
warning? Lord knows they ask confirmation for everything else you do
it seems.
The interesting thing is that it's mostly possible to configure a Windows 2000 system this way. I have to use Windows 2000 at work, and I always run as a completely untrusted user with no registry or system modification privileges. I also remove Outlook Express and its various hidden components which many worms and viruses use to do their nasty tricks, and disable ActiveX and scripting in IE. I use Mozilla as my web browser.
This week I twice had a warning dialog caused by an installer failing to install some piece of unidentified software which I had not asked for. I tried to track down where it came from, but Windows doesn't seem to offer much of an audit trail for "What launched this process?"
Of course, there are still all the unpatched security holes that allow privilege elevation, but 99% of the problem is IE, ActiveX, Outlook, and running as admin the whole time. Microsoft could fix those problems tomorrow if they wanted to.
The sad thing is, running as an unprivileged user breaks a *lot* of software, including some commercial applications. The culture of zero security in Windows is so ingrained now that it's assumed your Windows system will be wide open to the world.
Mac OS X is mostly locked down by default. You can trash the applications, but you can't change the OS or startup sequence without a dialog requesting root privileges. Apple also recommend the "running as an unprivileged user" approach, though they don't make that the default.
Unlike in Windows, running as an unprivileged user on a Mac doesn't break much. So far I've only had one application have problems. (Adobe Photoshop Elements, in case anyone's curious, and they have a note about it in their knowledgebase.) 


mathew


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: [Asrg] Bug, or Feature?, mathew <=
Previous by Date:  Re: [Asrg] In case anyone thought Barry was exaggerating, Chris Lewis
Next by Date:  RE: [Asrg] Consent Proposal, Bob Wyman
Previous by Thread:  Re: [Asrg] SMTP server connections that disconnect right away, Chris Lewis
Next by Thread:  Re: [Asrg] Fwd: Major E-mail Delivery for FTC DNCR Launch, Madscientist
Indexes:  [Date] [Thread] [Top] [All Lists]