Scot L. Harris wrote:
On Fri, 2005-12-02 at 14:22, Mike McCarty wrote:
Scot L. Harris wrote:
On Fri, 2005-12-02 at 00:17, Mike McCarty wrote:
John Summerfied wrote:
Mike McCarty wrote:
[ack, getting too deep!]
[snip]
Windows suffers because by default most users have admin or super user
capabilities. This in turn becomes the conduit that so many of the
viruses use to gain complete control of the system.
Eh? Not on any machine I administer, they don't.
Which is as it should be. But then you are a good administrator. :)
I doubt you will find that many users, other than at your site, that
don't have full admin capabilities on their standard user account. And
*I* don't have admin capabilities on my standard user account.
most likely they never login as administrator because they have no need
to. This allows them to blindly install software by just clicking on
it.
Ugh. I'm not disagreeing with you. One of the greatest things about
Windows was that it put the computer into the hands of the "ordinary"
user. BUT, one of the worst things is that the "ordinary" user is
not actually capable of administering a computer. This is also
true for automobiles. But we have, on every corner, dealerships
which do the admin maintenance for the users of automobiles.
Computers haven't gotten there, yet.
Under linux you can use sudo to allow a user to execute specific things
with elevated privileges when needed. In most cases that is not even
required. But it does allow you to grant new admins limited
capabilities until they learn the ropes and you learn to trust them.
This can be done on a command by command basis.
Yes. But we were discussing models, not work arounds.
If they used the least privilege rule viruses would not be as easy to
spread since they would not run with super user like privileges in most
cases.
Both systems can be run securely by using best practices. Unfortunately
most windows systems by default do not use such practices. And many new
linux users use root as their day to day login instead of setting up a
normal user. In the long run that will come back to bite them.
ANY security system can be abused.
No argument with that statement. :)
:-)
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!
