lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 27 Aug 2009 20:33:37 -0300
From: "Thor (Hammer of God)" <thor@...merofgod.com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: [Fwd: Re:  windows future]

> > >I'm not sure this is a solution. Most of the people I work with will
> > >unquestioningly click every UAC prompt. Knowing what to whitelist
> requires
> > > a fair degree of technical skill beyond most users' ability.
> 
> On Thursday 27 August 2009 08:34:54 Thor (Hammer of God) wrote:
> > If they can just "unquestionably click" the UAC prompt, then they are
> > already running as administrators, or your DA has changed the default
> > setting for UAC, which requires "normal users" to enter the admin
> username
> > and password to run code with escalated permissions.
> >
> > In either case, it's not Vista's fault.
> 
> It is somewhat Vista's (or Windows') fault if the default user is also
> the
> administrator by default. Yes, knowledgeable people will know to set up
> a
> separate user account, but in a home environment such people are few
> and far
> between.

But that's the same on my Mac and Ubuntu distro too.  The first user is the admin.  Granted, the default behavior on Mac/nix requires the admin password and not just a confirmation, but at the end of the day, it's all the same.  I actually like being able to change the behavior to suit my environment, which I can do with Visa/Win7.  

So the point is really moot, and it all comes down to the same thing I've been saying for what seems like (because it is) years now.  Stop blaming the OS (whichever one you pick) and take responsibility for your installs.  You've said it yourself... you are basically saying that the people you work with are too stupid to read a prompt, or to create and use a normal user account.  This will change if they install Mac OSX or Ubuntu?
 
> In my own "business" situation, I am the computer goto guy. Our
> equipment
> isn't capable of Vista. When I arrived it ran XP Home. It took about a
> year,
> but we migrated to something more open source, and to an OS that
> insists on
> regular user accounts by default.

What are you running that creates a "regular" user first by defaut?  And I'm confused.  You say most of the people you work with would unquestionably click the UAC (presumably "OK") but now you say you aren't even running Vista where you work.  These people can install and use your open source solution and create normal users but can't do the same on Vista?  Or are you just assuming that they can't even though they don't use it?  What's your point exactly?

t  

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ