Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
User Settings
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Report this Comment
Use this form to report the selected comment to the moderators. Reporting should generally be used only if the comment breaks forum rules.

67. Re: No subject Nov 11, 2006, 00:17 Creston
Anger management issues aside

My anger manages me quite well, actually.

but if you allow a user to do _everything_ then the same goes

Not EVERYTHING. Just the things that you'd expect a user to be able to do. Like installing software. And if you keep a user unable from altering OS critical files and areas, I'm not sure how those virusses would ever become terribly dangerous (provided there are no security leaks, ofcourse).
In the end, a virus has the same rights that YOU do, so if you don't have rights to overwrite the kernel.dll, the virus won't either.

but apps on Windows are built around the lack of a good security model and so they expect you to be admin

Right, because they HAVE to. Because the user can't install them. If the user could have just installed them, there would have been no need for the apps to force you into being an admin.

allow the user to elevate an app for a short time to admin status

Well, the Run As feature has existed for a long time, but it never seemed to work all that well, in my experience. There'd always be areas you just couldn't get into, especially in the registry.

Hey, if MS is looking into changing that with Vista, then good deal. It's taken them another ten years, but maybe a Windows OS will finally get SOMETHING right.

it'll take user buy-in to the new security model to change things to the way they SHOULD be

That won't be such a problem, I think. Right now a user can't do anything, so if you give them a bit more rights, I doubt any user would have an issue with it.
Also, I don't think MS should be concerning themselves with the idea that "Well, stupid users are going to run havoc with the Windows install then."

That's not MS's area to worry about. They need to make a safe and secure OS, and one way to do that is to minimize the amount of time that said OS runs in unrestricted mode (ie admin).

Sysadmins can always lock Windows down further if they have to, but it's a fucking pain right now to try to get a user to have the rights to do anything. In my opinion MS has been going about this completely the wrong way.


Avatar 15604
Login Email   Password Remember Me
If you don't already have a Blue's News user account, you can sign up here.
Forgotten your password? Click here.


Blue's News logo