On Fri, Jun 5, 2009 at 12:08 AM, Steven M. Caesare<[email protected]> wrote: > However, without backward compatibility with > the Win16 world, adoption of that [Windows NT] would have not > necessarily have been a given.
NT could run Win16 code. It just didn't allow system operations without admin privileges. Exactly how much of a problem that would have been, I can't say. It's certainly still a source of trouble today, so that doesn't bode well. But think of how much further along we would be *today* if Microsoft as a whole had started to consider security important back then, rather than starting in 2001. > Admittedly that doesn't make it "right", but the world/'net was a > different place then ... I don't buy the argument *at all* that "it was a different world back then". The Morris worm hit the Internet in 1988 -- before HTTP and HTML had even been invented, and well before Microsoft had discovered the web. Computer security and the concept of least privilege has been a fundamental in the industry for decades. Even NetWare 3.0 had a separate SUPERVISOR account. That fact that Microsoft chose to ignore this huge body of evidence does not make it a different world. > ... market realities (aka user desires) do tend to rule. Given everything Microsoft has done to get their way that has led to the market screaming bloody murder, not to mention bringing quite a few anti-trust lawsuits, I'm not at all willing to give them a free pass on that. >> For example, their latest and greatest software development suite >> has a long list of things that don't work right if you don't have >> admin rights. > > [sc] I rather expect that DEV environments might be a bit odd in this > regard ... The *nix and mainframe worlds have been developing software without admin rights for decades. Keep in mind that I completely understand the need for admin privileges to do system-level development (e.g., device drivers) or to install software for a "production test". But most development tasks, no. > (after all, you probably need SeDebug and other such perversions) Under *nix, I can debug processes I own without any special privileges. > I can say that from a biz software perspective, stuff from > MS has been MUCH better in the last several years. Sure. That's a good thing. About time, too. Even Office 2000 had some non-admin glitches. Despite the fact that it carried the Win 2000 Ready logo, and non-admin was a requirement for that logo program. (I guess when the software vendor is also the certification body, things get a bit loose.) > It is taking some vendors a while to catch up tho. Absolutely. It's ridiculous how often big companies that really should know better try and take this line. My point with the VS example was mainly that if even *Microsoft* still sometimes takes the position that admin rights are needed when they really shouldn't be, it's not surprising that other companies do, too. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
