On Sat, Sep 24, 2011 at 12:50:58PM +1000, Jason White wrote:
the difference between windows and linux in this context is that it's far too easy for malware to get root / admin privs by exploiting one of the many security holes, and (until W7) it was pretty much the default for users to run as admin, or for their "account" (such as it is, MS has seemingly only recently discovered the idea of multiple users and priviledge separation) to have admin privs so everything the user ran automatically had admin privs without even needing to exploit a security hole.
That's very lax indeed - thank you for educating me on the subject. The
well, even there it's only partly the user's fault. most things required admin privs to either install (understandable) or to run (absolutely unforgivable). this includes apps and games, not just system admin type utilities. even many of Microsoft's own games (Age of Empires, for example) required admin privs to *run* and, of course, other game developers just followed their apallingly bad example....it's easier to just demand full admin privileges for the entire game.
Windows NT kernel was designed by former Vax VMS developers, whom I would have expected to implement privilege separation from the beginning. Apparently, given the above, this wasn't a priority despite the widespread use of networking at the time.
security is always a trade-off against convenience for the user. MS erred way too far on the side of convenience (with a couple of extra helpings of incompetence and stupidity - like apps requiring admin privs)
I think what Craig is describing can be seen as a larger trend to try to design products that are resistant to the ignorance and incompetence of users.
no, that's not what i'm trying to describe. it's slightly related, but the point i'm making here is that the practice and the culture of windows development AND use actively sabotages any effort at having decent security. MS's patronising attitude towards their users certainly doesn't help, but it's not the root cause. craig -- craig sanders <cas@taz.net.au> BOFH excuse #372: Forced to support NT servers; sysadmins quit.