I agree with the general sentiment that, for a technical standpoint, separating admin and user rights to limit the attack vector can be done effectively on both platforms. How well 3rd part software copes with that is a separate issue.
> As you point out, the TCO of > Windows can be significantly higher than Linux/Unix. Perhaps if looking at this specific issue. On the other hand, the TCO for rolling out organization-wide policy enforcement across 1000's of machines might skew it back the other direction. Terms such as "TCO" have many, many facets... -sc > -----Original Message----- > From: John Aldrich [mailto:[email protected]] > Sent: Tuesday, September 29, 2009 2:24 PM > To: NT System Admin Issues > Subject: RE: MICROSOFT SECURITY ESSENTIALS > > I agree -- there's *always* some way to hack a system, whether it's > Windows > or Unix/Linux. :-) Fortunately for us Unix/Linux users, it's harder to > infect a unix/linux box from "user space." :-) As you point out, the > TCO of > Windows can be significantly higher than Linux/Unix. :-) But that being > said, it's a heck of a lot easier for the "average Joe" out there to > run a > Windows machine. Guess there are some definite trade-offs there on both > sides... :-) > > -----Original Message----- > From: Ben Scott [mailto:[email protected]] > Sent: Tuesday, September 29, 2009 1:47 PM > To: NT System Admin Issues > Subject: Re: MICROSOFT SECURITY ESSENTIALS > > On Tue, Sep 29, 2009 at 12:08 PM, John Aldrich > <[email protected]> wrote: > On Mon, Sep 28, 2009 at 5:05 PM, Ben Scott <[email protected]> > wrote: > >> Yah, that particular argument is red herring. "sudo > /path/to/shell" > >> will get you a root shell, even on those distros that don't set-up a > >> root account during install. > > > > Yes, however, you typically have to be in the "sudoers" group or else > it'll > > refuse to let you do that. > > Right, but on distros which don't set-up a root account during > install, the default user is granted sudo rights. Otherwise, there > would be no way to administer the system. :-) > > The history of this conversation is rather confused, but the point I > was attacking is that (1) any system is going to have a privileged > level, which the system owner will have, and (2) luser owners who > willingly install malware will willingly elevate the malware, so (3) > what kind of account gets set-up during install doesn't really protect > against current security threats. > > I think Windows can be made about as secure as Unix, it just takes a > lot more time and effort to do so with Windows, in a real-world > environment. "The TCO of Windows is higher", in manager-speak. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
