Some notes . . .
--- perdurabo <[EMAIL PROTECTED]> wrote:
> That's not a flaw in Windows. That's a flaw in the
> system
> administrator, or in many applications vendors who
> still program in
> "Windows 95 One User For All" mode that require
> users to be
> administrators
Yeah, unfortunately users of 9x are kind of screwed
with issues like this (as there is no concept of a
user/administrator).
With XP, 2K, 2K3, etc. though, the recommendations of
user/admin are pretty much the same as with Unix,
Linux, etc. Do normal tasks as a separate,
unprivileged user, and escalate your privileges as
needed for administrative tasks. This helps stop
malicious code as well as implementing audit and
accounting controls.
Of course, sudo has been around for awhile on the *nix
side. Windows has been able to run service accounts
for some time, but has only more recently implemented
runas (semi sudo equivalent).
>
> BTW, the perms for the hosts files on Windows XP are
> R for everyone
> and R/W for only the Adminsitrators group, which
> Russ has mentioned,
> many/most users are admins on their local machine.
Yeah, and hopefully Windows users are'nt running FAT
fs anymore (no file system security).
WRT general file permission security, I think vendors
are getting better across the board (with the possible
exception of sun). When doing some testing a couple of
years ago, RHAS was installing very few suid/sgid
files, and Microsoft has gotten much better with
registry, file, named pipe, etc. permissions.
Jason
__________________________________
Do you Yahoo!?
Check out the new Yahoo! Front Page.
www.yahoo.com
_______________________________________________
EUGLUG mailing list
[EMAIL PROTECTED]
http://www.euglug.org/mailman/listinfo/euglug
