> On Thursday 04 November 2004 12:29 pm, perdurabo wrote: >> On Thu, 04 Nov 2004 08:39:35 -0800, Russ Johnson <[EMAIL PROTECTED]> >> wrote: >> > One of the fundamental flaws with Windows is that most of the time, >> any >> > user logged on has administrator privileges. >> >> That's not a flaw in Windows. That's a flaw in the system >> administrator, > > It's a flaw in Windows. Trying to pass the buck to system administrators > is > -- well, passing the buck.
Uh, what? It's not a flaw in Windows anymore than it's a flaw in Linux/UNIX. This is just a stupid statement. NT OS users are not Administrators by default. An Administrator has to add them to the local Administrators group. The same thing can be done with any flavor of UNIX. I guess it's a flaw there, too, huh? Hell, Lindows gives you root by default. No NT OS that I'm aware of does that by default. Mayne XP Home Edition, but I haven't used that crap at any length. Again, just a ridiculous statement. > It's true that there's a workaround for system administrators -- in those > environments where policy doesn't require them to make every user a Local > Admin. There's also the Power Users group and the unfortunately named, Backup Operators groups. These provide basic, sudo-like functionality. Still, application vendors need to get with the program and stop mucking up security more than it needs to be. It's just laziness on their part. > But home users can't be expected to be fully trained as system > administrators, > and this 'sploit is aimed right at them. Haha, but you expect them to do much better with Linux on a home machine? Any Linux distro that is effective to this audience is either going to just give the user root access, or make it *extremely* easy to get it. > Microsoft's marketing department rules their design decisions, and ease of > use > trumps security. Uhm, tell that to the Windows Server 2003 team. They've locked the default OS down enough to make it quite annoying to setup at first. Though, I don't expect you to actually have used it, judging from the "Windows knowledge" I've seen you post from, in the past. Microsoft is slowly changing. It's a giant corporation, things take time to move in the right direction. They're always late to the ball game, with the Internet, and with security. > According to someone I know who claims to have known Gates "back then," he > had > no concept of security back in the early nineties when he was designing > the > Win32 interface (although one would think he knew about separation of > priveleges, since he had Unix experience a la Xenix). He thought that > security was something he could delegate to underlings, to be tacked on to > the system as an afterthought. So on home systems, the user is still > (almost > always) the Local Admin and probably always will be -- totally vulnerable > to > every 'sploit out there that modifies system files. > This is just so laughably ignorant, I don't know where to begin. And I could spend hours responding. So I'll just hit some points and get back to work: - The Win32 API's don't really deal with authentication. The GINA, LSASS (Local Security Authority Sub System) and the NT kernel handle this functionality. - XENIX was a security nightmare, as were most versions of UNIX back then. - Home computer OSes back in the early 90s were designed as single-user, non-network connected operating environments. No one in the market had security in mind, because it wasn't needed. - UNIX was designed as a multi-user, network connected OS -- but its security still sucked. It was initially designed around the idea that you could trust everyone else on the network, because networks at the time were small university interconnects and basically only used by computer scientists who could trust each other. - If you had actually been using UNIX back in the 80's and early 90's, you'd know that it was full of security holes and stupidities, too. It was quite easy to root a given system via rsh (r* really), bind, dns poisoning, sendmail, rpc/nfs/yadda yadda. /etc/passwd had DES password hashes that were easy to crack. ln -s /etc/passwd ~/.plan was a particularly stupid exploit. When cgi functionality came out, we had a heyday with that, too. And this stuff didn't get patched quickly, because no sysadmin really had their mind on security. - The big security mantra didn't come until the Internet hit the mainstream and people started doing e-commerce and other privacy-oriented activities, en masse. That's when people started paying attention. EVERYONE, even UNIX had to play catch-up. > This is inherent in Windows' design. To them it's not a flaw, it's a > feature. First of all, you're lumping two separate OSes into one. Windows 3.x/95/98/ME != Windows NT/2000/XP/2003 The DOS-based Windows and the NT OS based Windows are completely separate operating systems. They are completely different OSes, and completely different concepts under the hood. They have the same GUI, yes, but does that make Windows running XFree a UNIX box? No. Windows NT, which was effectively released in 1993 was a completely separate OS. It was not designed for home users. It had a different kernel, different drivers, and a completely different security model (well, classic Windows didn't HAVE a security model. Remember, it was designed to be a single-user, non-network connected environment). In fact, the NT OS has an insanely cool object-oriented security model that I believe surpasses UNIX in security (although unfortunately, it's also much more complex. I really value simplicity when it comes to security). Unfortunately, many folks bypass the kernel security features, or do not make proper use of them. There's a virtual treasure trove of security and other features in the NT kernel that are left unexplored and obscure. It's really quite an amazing OS, and I urge you to read Inside Windows 2000 by MS Press and actually hack on the OS before embarrassing yourself further. You do not know what you're talking about, and while you may look legitimate on a list full of UNIX users who don't pay attention to Windows, you look like a fool to anyone in the know. > > Ken > -- > "The big innovation of [Windows] XP is that it has a back door that sucks > out > all your proprietary information and presents it to Microsoft to sell it > back > to you or any retailer. That's the big innovation in XP - a back door. > By > the way, it still runs all your favorite viruses." > -- Scott McNealy, CEO of Sun Microsystems Hey! Another one of those "random" taglines that get "randomly" added to the end of your messages! How random! And we all know how sane and balanced Scott McNealy is... Sincerely, Your Windows/UNIX/Linux/BSD/OS X/AmigaOS/OS2/CPM bigot, /jgw _______________________________________________ EUGLUG mailing list [EMAIL PROTECTED] http://www.euglug.org/mailman/listinfo/euglug
