On Tue, 17 Aug 2010 17:01:50 -0400
Benjamin Scott <dragonh...@gmail.com> wrote:
> On Tue, Aug 17, 2010 at 2:31 PM, Bill Sconce <sco...@in-spec-inc.com> wrote:
> > (*) Sorry, Windows users. The tools you need just aren't
> > available on Windows.
>
> Windows NT certainly has user accounts. Always has, since the first
> version (Version 3.0). (NT is today called "Windows 7", and has also
> been called "Vista", "XP", and "2000".) (It's still Microsoft; they
> love playing name games.)
>
> Vista also introduces a number of features along the lines of
> privilege isolation.
Before you let me get ripped to shreds, let me say: if NT's user accounts
can be made to do what's needed, I want (and my clients want) to know
how to make it happen.
And I'll be happy to eat crow because I didn't know enough about
Windows, if that's the case. I certainly know about NT user accounts
But.
By "do what's needed" I don't and can't mean
o "when you want to go to the Web, log out and log back in";
o "when you want to view a PDF document, log out and log back in";
o "when you want to run a program which can't see the files
you have open on your desktop, log out and log back in";
o and so on.
Perhaps I'd have run less risk of shredding if I'd said
"The tools to make user-privilege separation usable day to day,
e.g., the ability to run programs with/without the net and to
switch among working environments/desktops/user accounts with
a single keypress, and so on just aren't available on Windows."
Or perhaps Windows users can do these things, in which case
I deserve shredding.
(I can surely say I'll be *pissed* if someone shows me that what
took me three years' part time to get working usably can be done
more easily in Windows!)
I can also surely say I've never seen a Windows shop where
any of Microsoft's "privilege separation" was used. The best of
them have user accounts set as "restricted" (a good thing), but
I've never seen ACLs used, including in the largest/most
professional Windows shop I've worked in, 4000+ desktops. Only
saying I've never seen it, not that it doesn't happen somewhere.
(Full disclosure: I've never seen a Vista system at all. None
of my clients use it. Or Windows 7. [I hope to convert them to
Linux before they ever have to!] All Vista shops could be doing
security right and I wouldn't know. And if they are all doing it
right I hereby volunteer to be shredded, with broken CRT necks.)
(I've never seen a Linux shop using ACLs or implementing
SELinux either, but those do exist. Just not at the social
strata I move in -- not in one-man-admin shops. Which are
what I care about these days.)
> Vista also supports running simultaneous virtual desktops
> in support of multiple user sessions ("Fast User Switching",
> in Microsoft parlance).
OK, that might actually help. If that facility is usable,
I was wrong. Thanks.
-Bill
P.S. It was worth a threat of shredding to have triggered md's
telling of the DecWest/Cutler story. The best!
I love this list.
_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
