Re: [SC-L] how far we still need to go

2007-08-28 Thread McGovern, James F (HTSC, IT)
Of ljknews Sent: Wednesday, July 25, 2007 10:23 PM To: SC-L@securecoding.org Subject: Re: [SC-L] how far we still need to go At 2:03 AM +0100 7/26/07, Dinis Cruz wrote: It's a simple economics problem. The moment these companies and developers lose sales (or market share) because their products

Re: [SC-L] how far we still need to go

2007-07-26 Thread ljknews
At 2:03 AM +0100 7/26/07, Dinis Cruz wrote: It's a simple economics problem. The moment these companies and developers lose sales (or market share) because their products require admin / root privileges to run, is the moment they start to REALLY support it. For Windows that day might be when

[SC-L] how far we still need to go

2007-07-25 Thread William L. Anderson
I was trying out a new web service that permits sharing files from the desktop to others online. It does seem a bit dodgy, but I was curious about how it worked. Well after a few attempts to install it on a Mac OS X system I finally dope out that it only seems to install and run as admin. That

Re: [SC-L] how far we still need to go

2007-07-25 Thread Kenneth Van Wyk
On Jul 25, 2007, at 9:36 AM, William L. Anderson wrote: Well after a few attempts to install it on a Mac OS X system I finally dope out that it only seems to install and run as admin. That is, I not only need to install it as admin (that's OK, ordinary users can't write to the /

Re: [SC-L] how far we still need to go

2007-07-25 Thread Dinis Cruz
It's a simple economics problem. The moment these companies and developers lose sales (or market share) because their products require admin / root privileges to run, is the moment they start to REALLY support it. And the reason why there isn't such REAL demand (with the exception of crazy

Re: [SC-L] how far we still need to go

2007-07-25 Thread William L. Anderson
BB, well yes I did gloss over the OS X admin and Unix root diffs. And I agree that the install does create the first user as admin. That's a problematic scenario. Furthermore, I probably know too much, because I knew I wanted to create an ordinary user acc't in addition to admin on my personal

Re: [SC-L] how far we still need to go

2007-07-25 Thread Blue Boar
William L. Anderson wrote: I am flabbergasted. When I first encountered Unix in 1983 I was taught that you always run as an ordinary user, and only use admin (root) privileges when needed. If OS X developers are running as admin, and building and testing their products as admin, well ...