The biggest issue I see when dealing with the home/SOHO user is the REFUSAL by the user to have two accounts on their system. One for installing software and one for use. I face this everytime I get called in to fix a system. Two weeks ago I got called into a doctors office because one of his staff had been browsing the Internet and got infected by a virus. Not only was the user an admin but the doctor when told that was unsafe said he just wanted to keep the staff happy and let them install stuff on his systems like screen savers, and other software they found on the net. I tried for more than an hour to get him to let me change all the users out of administrators. He just did not want to change, he and his users like the ability to install what they see without thinking of a user ID and password.
Jon On Fri, Jun 5, 2009 at 1:01 AM, Ken Schaefer <[email protected]> wrote: > Hi, > I think you're missing the points that: > > a) users were made admins by default, and so drive-by malware (e.g. autorun > stuff, or via a browser vulnerability) could pretty easily compromise the > machine. Other OSes avoided this by prompting users. UAC brings this to > Windows > > b) (a) notwithstanding, the biggest problem at the moment is PEBKAC, and > that's a platform agnostic problem. > > Cheers > Ken > > > ________________________________________ > From: Ben Scott [[email protected]] > Sent: Friday, 5 June 2009 1:56 PM > To: NT System Admin Issues > Subject: My OS is better than your OS (was: Mac Anti-Malware) > > [subject line changed to reflect the nature of this thread] > > On Thu, Jun 4, 2009 at 9:34 PM, Ken Schaefer<[email protected]> wrote: > > UAC fixes this in Windows Vista and newer. > > Windows NT 3.1 (the first release) fixed it with user accounts. > There wasn't anyone holding a gun to anyone's head saying, "Make all > users admins or else". > > Now, there's definitely a very significant momentum in the 'doze > world, where many people just assume everyone has admin rights. Even > Microsoft still has this problem to significant extent. For example, > their latest and greatest software development suite has a long list > of things that don't work right if you don't have admin rights. This > reduces overall practical security. > > There are also legions of home computers that came pre-configured to > auto-login to an admin account. If they were all running Linux or Mac > OS X or BSD that way, they'd all have the same problems. > > Mac OS X has a few things going for it: > > * Smaller installed base means it's a less attractive target. > * Since Apple started from scratch with it relatively recently, they > were able to build in a much better overall default security stance. > Application developers and users are all used to the idea of security > on that OS. > > In conclusion, "Linux rulez, Windows suxors!" > > See also: "Every OS Sucks", by Three Dead Trolls in a Baggie. > > http://www.deadtroll.com/video/ossuckscable.html > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
