[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <54B0B7ACDC1422469902A6D39654DEEE016A4AEFB4C4@gandalf.optimum.bm>
Date: Fri, 28 Aug 2009 10:48:06 -0300
From: "Thor (Hammer of God)" <thor@...merofgod.com>
To: "my.security.lists@...il.com" <my.security.lists@...il.com>,
"full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: [Fwd: Re: windows future]
> Thor (Hammer of God) wrote:
> > But that's the same on my Mac and Ubuntu distro too. The first user
> is the admin. Granted, the default behavior on Mac/nix requires the
> admin password and not just a confirmation, but at the end of the day,
> it's all the same. I actually like being able to change the behavior
> to suit my environment, which I can do with Visa/Win7.
>
> In regards to Ubuntu, that isn't necessarily correct.
>
> Yes, the first user is setup and given access as a sudoer, but that is
> all. When you log in, you are logging in with user priveleges and have
> to escalate each time, for each independant act that requires system
> modification.
Nice to see intelligent dialog on Full-Disclosure, eh? ;)
Yes, but the point is that it is the *same* username and password set up initially. The true 'administrator' user on Vista is disabled by default, and though the user you set up initially is a member of the administrators group, it also requires that each action (needing admin privileges) must escalate in the same way; the method used is configurable by the user, but set to a confirmation dialog box rather than a password.
At this point in the game, it's all fundamentally the same, with each OS having its own nuances. It's when I see people responding to the "Mac commercial" type hyperbole of having to use UAC for every function, and how all they have to do is click "OK" (thus showing that they are running as admin which they shouldn't do, but certainly can) when I have to respond.
t
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists