| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: prp17 at adelphia.net (Phillip R. Paradis) Subject: Windows user privileges > 1. XP would be more suitable to run as a user if the runas service and > windows installers were developed to add more complete and easy to use > privilege elevation techniques outside of active directory and the > default group policy that gets applied. ... > 4. The windows install creates the first user account as an > administrator so that they may install programs and hardware without > allot of hassle. This is in fact good for business over the > alternative (which is to hassle most end users beyond their point of > no return), no matter what the security implications, remember end > users don't care (even if they should). A good approach here that would allow the user to be a non-admin by default and not make things overly difficult would be: 1. When creating the Administrator account's password during setup, remind the user that they will need it to install software, etc. 2. When the user attempts to do something they have insufficient privileges for (install something, for instance) the Run As UI should appear automatically, rather than an error message. The average home user isn't smart enough to right click and find the Run As command; a great many such users don't even realize that the right mouse button has a use. It would also be nice if they'd fix Explorer, etc. to support Run As, and perhaps add an Open As command to the context menu for folders, to allow opening a folder with different credentials. While they're at it, they might find some way of marking the windows of any processes not running as the current user.
Powered by blists - more mailing lists