-----Original Message----- From: Jarry [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 08, 2006 8:50 PM To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] antivirus
Bob Young wrote: > PowerUser is different from Admin, Admin is the equevelent of root in the > Linux/Unix world, PowerUser is not. The primary and most important > difference is the ability to *write* to the registry, It's perfectly safe to > routinely log on as a PowerUser, as PowerUsers can *not* write to registry > keys that affect the entire system, while Admin users can write to *any* > registry key. I'm not sure if this is true. Anyway, PowerUser has the ability to install sw (even system patches!), No, PowerUsers can *NOT* install software, installing software (in most cases) requires writing to registry keys outside of the HKEY_CURRENT_USER hive, which is something a PowerUser cannot do. Windows update will definitely fail without admin privileges; I know this for a fact. I've on a number of occasions tried to run WindowsUpdate from my normal PowerUser account; it will display a dialog box specifically stating that Admin privileges are required. alter executables and system files! PowerUser can write to C:\ProgramFiles, or C:\Windows, and that is exactly, what a virus need to spread itself. As to the ability of writing to the Program Files or the Windows directory that may be true, and in theory I suppose it probably represents a small degree of risk. In several years of actual practice however I can say it hasn't caused a problem for me personally. In addition, if someone is really concerned about the issue, removing write and/or modify permissions for PowerUsers on those directories is a fairly trivial task. Since I've not tried this I can't say for sure what side effects it might have with some applications, so I'm not advocating it, though I don't see any obvious reasons why it should cause major problems ( Still... !Do a Backup first!). Not many viruses can hide their code in registry (that is just equivalent to /etc in unix-world), mostly they attach themselves to some exe/sys file, or overwrite them... I wasn't suggesting that viruses "hide their code" in the registry, that's not what the registry is for or how it's used. I was suggesting that any modification that affects the system as a whole or impacts more than just the current user is going to require modifying registry keys that cannot be written without Admin privileges. So, if you start a virus-infected program as a PowerUser, there are perfect conditions for spreading infection. If there were some virus for linux, and you start it as a normal user, it can not alter executables in /usr or /sbin, because user does not have write access to them. Such a virus could infect only *your* files. In practice it just doesn't happen that way. In addition it should be noted that by default even PowerUsers don't have write/modify permission on some sensitive directories C:\Windows\System32\drivers for example. This directory contains device drivers (code that runs in ring0 with unlimited privileges). For PowerUsers this directory is "Read & Execute" "List Contents" and "Read" that's all the permission a PowerUser has. So while a PowerUser might be able to modify some application level code in the Windows directory, actually compromising system security is a matter. I'd say PowerUser is something between a restricted user, and admin. True. I've used both Linux and Windows over the years, and they each have their strengths and weaknesses. Finer grained user permissions/privileges is one of the areas where Windows has an edge. Regards, Bob Young -- gentoo-user@gentoo.org mailing list