Steven, I'm trying to let this portion of the thread die... I'll agree that depending on how you look at it, the TCO for Windows VS Linux can go either way, and that separating Admin and User rights can be done on either platform. :-)
As you say, the big question is how apps/software cope with running as a non-privileged user. That can be a big vulnerability. -----Original Message----- From: Steven M. Caesare [mailto:[email protected]] Sent: Wednesday, September 30, 2009 11:19 AM To: NT System Admin Issues Subject: RE: MICROSOFT SECURITY ESSENTIALS I agree with the general sentiment that, for a technical standpoint, separating admin and user rights to limit the attack vector can be done effectively on both platforms. How well 3rd part software copes with that is a separate issue. > As you point out, the TCO of > Windows can be significantly higher than Linux/Unix. Perhaps if looking at this specific issue. On the other hand, the TCO for rolling out organization-wide policy enforcement across 1000's of machines might skew it back the other direction. Terms such as "TCO" have many, many facets... -sc > -----Original Message----- > From: John Aldrich [mailto:[email protected]] > Sent: Tuesday, September 29, 2009 2:24 PM > To: NT System Admin Issues > Subject: RE: MICROSOFT SECURITY ESSENTIALS > > I agree -- there's *always* some way to hack a system, whether it's > Windows > or Unix/Linux. :-) Fortunately for us Unix/Linux users, it's harder to > infect a unix/linux box from "user space." :-) As you point out, the > TCO of > Windows can be significantly higher than Linux/Unix. :-) But that being > said, it's a heck of a lot easier for the "average Joe" out there to > run a > Windows machine. Guess there are some definite trade-offs there on both > sides... :-) > > -----Original Message----- > From: Ben Scott [mailto:[email protected]] > Sent: Tuesday, September 29, 2009 1:47 PM > To: NT System Admin Issues > Subject: Re: MICROSOFT SECURITY ESSENTIALS > > On Tue, Sep 29, 2009 at 12:08 PM, John Aldrich > <[email protected]> wrote: > On Mon, Sep 28, 2009 at 5:05 PM, Ben Scott <[email protected]> > wrote: > >> Yah, that particular argument is red herring. "sudo > /path/to/shell" > >> will get you a root shell, even on those distros that don't set-up a > >> root account during install. > > > > Yes, however, you typically have to be in the "sudoers" group or else > it'll > > refuse to let you do that. > > Right, but on distros which don't set-up a root account during > install, the default user is granted sudo rights. Otherwise, there > would be no way to administer the system. :-) > > The history of this conversation is rather confused, but the point I > was attacking is that (1) any system is going to have a privileged > level, which the system owner will have, and (2) luser owners who > willingly install malware will willingly elevate the malware, so (3) > what kind of account gets set-up during install doesn't really protect > against current security threats. > > I think Windows can be made about as secure as Unix, it just takes a > lot more time and effort to do so with Windows, in a real-world > environment. "The TCO of Windows is higher", in manager-speak. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
