On Thu, Apr 18, 2013 at 12:53 AM, Kurt Buff <[email protected]> wrote: >>> Not that they're equivalent in power, but that each kind of account >>> can do and has access is different and equally valuable. >> >> For the typical home user, which is what that comic is focused >> on[1], not so much. >> >>> Root/Administrator is valuable because it can subvert the protections >>> on, or directly access, the data that end-user accounts have, and >>> end-user accounts because that's the actual money/IP resides. >> >> And for a home PC *THERE IS ONLY ONE USER*. >> >> [1] Note what's in the bubbles around the edges. > > Yes, I noted the bubbles. But a), even for home users, while there > might be only one user, there should be *at least* n+1 users, where n > is the number of individuals who actually use the machine, plus an > administrator account ...
You're still steadfastly refusing to go near the point. But, the multi-user at home question is a valid one, and involves a previously unstated assumption on both your part and mine. I've been assuming dedicated personal hardware, because I know Randall has no children, is unmarried, and referred to his laptop, which is a dedicated personal machine. So, my assumption is n=1. With that in mind: Your statement about how an admin account can access the data of other user accounts goes directly to the heart of the problem Munroe is describing: The only other user account is Randall's. The only data is the data in Randall's user account. This doesn't make the admin account worthless, because breaking into the admin account would enable breaking into Randall's user account. But it does mean breaking into the one is roughly equivalent to breaking into the other, in either direction. A lot of people/security design treats the admin account a uniquely high-value asset, even in this scenario, which is a fallacy. And this scenario may well be the most common scenario, although I lack the data to make that determination. > ... given all of those bubbles, the end user > is in a threat-rich environment, so must exercise the vigilance > techniques I and others have described/prescribed, if they care about > their data, privacy and finances. "True but unremarkable". Specifically: Not anything have to do with the comic. You keep launching into this list of unrelated techniques like it has anything to do with the discussion. I could talk about DoD personnel security requirements, but it wouldn't be particularly pertinent. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
