At Saturday, April 01, 2006 6:47 PM, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
> IE version 1 .. and what was the threat model at that time? Folks on > 9600 baud modems and the Melissa virus? Irrelevant. The point is that IE *at that time* was less secure than its competition, running under the same threat model. > Any current Microsoft product with the XP logo has to run as LUA > these days. Yes, I know that. But there is lots of software out there that doesn't have that little logo, yet users need to run it. And while we're at it, that little logo is no guarantee that the software is more secure or well-written. Let's not make the mistake of thinking that "able and willing to pay the fee to buy the logo" = "qualitatively better software" because it isn't true. > No...the vendor needs to code appropriately. This isn't 1998 and > we're running modern software. While I absolutely agree with that, you've missed my point. The UNIX world for years has gotten the concept of making the user create at least one non-admin account during installation, so that root can be used just for the things that access is needed for. And yes, there are plenty of people even today who run their day-to-day sessions as root. (I shudder at the mere thought of running KDE or GNOME as root.) And yes, there are bone-headed coders out there who write UNIX software that can really only be run as root, but they are a lot fewer than the ones on Windows -- and the user community is quick to point out what a bad practice that is and give the developer a well-deserved roasting. Why is that? Why is it okay for Windows XP to create the first user and give it admin privileges? It's not okay. This is a flaw in the Windows default installation for workstations that has been floating around ever since Windows NT 3.1. The criticism has been voiced for a long time. Microsoft employees have vocally wondered the same thing for years. (Note that XP doesn't do that if you join it to a domain during the installation, so someone clearly gets that creating new users as admins is inappropriate in *some* contexts.) > The "it's too hard" won't cut it anymore. I wasn't saying that. You asked a question -- is IE more insecure than other browsers, or is it how securely users are running their workstation. The answer is "both." Users are running more insecurely (because even today, they are *encouraged to do so by the operating system*) AND IE is less secure than other browsers. > Yell at the vendor..and I'm > not talking Microsoft here... google on LUA instructions (there's many > community resources starting out there) and most of the time... if I > don't tell the user in my office they don't have admin rights... they > don't know they don't have them anymore. Yes, there's a lot of guidance on LUA *NOW*. That wasn't the case when XP rolled out. Microsoft sure hadn't yet gotten the LUA bug at that time. And things that you and I find obvious because we're in the business of knowing them *aren't* obvious to everyone. They definitely aren't obvious to the average home user who got XP pre-loaded on their computer, walked through the installation steps where they put in their name and XP created their admin-enabled account for them, and started using their new software insecurely *by default*. Can Windows be run securely under LUA? You and I both know it can, and we both know the tools and resources to do it. How many of those tools and resources that we need to figure out which rights a given piece of software needs in order to run as a non-admin user actually come with Windows? How many of them come from Microsoft? Why wasn't LUA enforced back in 2000 when RunAs was introduced with the OS, instead of waiting years later for Vista? Why is it okay to expect our users to become security experts in order to protect themselves, instead of expecting the default install of the OS to make them as secure as possible by default even when they're installing stand-alone machines? Can IE be secured so that folks can use its features and still not be at a high level of risk? Absolutely. Is it that way by default? No, not on the workstation-grade versions of Windows. -- Devin L. Ganger Email: [EMAIL PROTECTED] 3Sharp LLC Phone: 425.882.1032 x 109 15311 NE 90th Street Cell: 425.239.2575 Redmond, WA 98052 Fax: 425.702.8455 (e)Mail Insecurity: http://blogs.3sharp.com/blog/deving/ --------------------------------------------------------------------------- ---------------------------------------------------------------------------
