On 8/7/2016 11:01 AM, A. Richard Miller wrote: > Security company CrowdStrike has already noted that this increased the > attack surface for windows users and reduced their safety.
Not so much, really. The article fails to mention some important points, chief among which are that activating the subsystem requires creating an account (login/password), that this account is separate from the Windows credentials, and that this account runs as a non-privileged user even when bash is started from a Windows account with Administrator rights. In practice it should be no worse, and probably better, than virtual machines with pass-through drivers into privileged hypervisors. -- Rich P. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
