| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: toddtowles at brookshires.com (Todd Towles) Subject: [in] Re: IE is just as safe as FireFox Very True, not to talk about all the apps that won't run correctly in Windows because of non-admin rights. Should we all have to give premissions to special reg keys just to have a app run as a non-admin? I mean come on...you give us a so called security feature (Run As) and then it is only useable half the time for the IT world and almost totally useless for the everyday basic user. But of course most of the apps that don't work with Run As are harder apps but I am sure everyone has seen some. > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of devis > Sent: Sunday, November 21, 2004 12:11 AM > Cc: full-disclosure@...ts.netsys.com > Subject: Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox > > Todd Towles wrote: > > >Windows doesn't tell you about the Admin account and makes > the default > >user a Admin. That isn't best method as you know. > > > > > > >RunAs is great..but that is only good once you create a > normal user - > >and then delete your new default user. Or you log in in > Administrator > >and take away the full control of the default user. Easy for the > >average window user? Nope. If it was Microsoft would make > the default > >user (note > >USER) and then let you configure the Admin account on start. > > > > > > > Thank you. Sometimes i feel the message doesn't get across. > Run as is a false sense of security. Majority of MS apps ( > that gets owned ) run with Admin or Local System priviledges. > Does Run as works on IE ? on Office ? on IIS ? > > My point was that instead of 'hiding' computer knowledge from > the 'user' > , and introducing false 'hyped' security such as 'RunAs', > assuming his stupidity, i think people will be likely to > understand that to install a program they would have to use a > different account than from browsing pages. Especially when > the company behind has lots of $$$ to make it friendly and > understood. 15 years ago people thought only a few people > will ever use email...... > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists