On Thu, Oct 13, 2011 at 6:17 PM, Paul Saenz <[email protected]> wrote: > Actually I think M$ did something that is very similar to *nix type > permissions when Vista came out. The thing is that most people probably > don't know how to use it. I just recovered the files off a guys computer > that was infected with a virus and all his file folders disappeared. His > password was kitty (his wife's choice) Now when you are in vista, 7 or up, > you can't do administration tasks without the administrator password. The > problem is that most people use a password like Kitty or Scorpio. At least > that's what I usually find when someone comes to me when they need their > laptop reinstalled.
Actually, Microsoft didn't change the permissions *at all* with Vista or 7. The file permissions were still the same way as before, the way that NTFS is. What they added was UAC, which asks the user if they really wanted to do that task which required an administrative access. Very similar to sudo. Which, by the way, if a user is on the sudoers file, and want to wreck his computer, just go to the root, do a "sudo rm -rf *" and bam! Pretty much same outcome as an infection, the computer is wrecked. How exactly did the *nix permission protect anyone, again? Also, even if you had XP or 2000, and if you weren't an administrator, you'd be asked to type in the administrator password to do a lot of things, you know, things that required *administrative access*. But then again, try to tell Jane Doe that she can't install that latest cute kitty screensaver on the computer she bought with her own money. > Of course it would be much more powerful security if they used owner, user > and group, but if people don't have enough sense to use a password stronger > than kitty, then forget it. M$ works relentlessly to give all the hackers a > roadmap to their OS vulnerabilities the second Tuesday of every month. If > they educated people about passwords, they could be much more effective. I > tend to think that they don't want to do that, because it creates a whole > new industry. Well actually at least a couple of new industries if you count > the hackers too. I think those industries create a lot of revenue for M$ > too. Apparently you have absolutely no knowledge of NTFS security. Or knowledge about the regular patch schedule of the OS. I'll leave a couple links here for you to do some light reading and become at least somewhat familiar with it: http://www.pcguide.com/ref/hdd/file/ntfs/secGen-c.html http://is.gd/XTBpmq Plenty of security parameters in place, including what? Oh look at that, user, group, owner, and some other gold nuggets in there as well. Is that powerful enough? It is. It is *very* powerful. Except that when the user wants to run something and permissions get in the way, what do they do? Go ahead and give full control to themselves at the first opportunity. Nothing that executing a "sudo chmod" would avoid. With regards to Patch Tuesday, they're not "working relentlessly to give all the hackers a roadmap". Patch Tuesday is where they publish patches for current vulnerabilities so that users can install it and defend themselves. A significant number of infections out there, especially the self-spreading worms, happen mostly because of unpatched systems. Think conficker and blaster. I do agree that some vulnerabilities take time to be patched, but Microsoft does not release details about them until they're patched. A lot of security researchers also work under responsible disclosure so that details do not become public until there's a patch available. It is up to the end user to be aware of it and install it. Don't want to install patches? Well, that's *hardly* the operating system's fault, isn't it? How long have security-minded people been trying to educate people about passwords? Many many years. Have users listened? Absolutely not. Would it make a difference if Microsoft did it? Absolutely not. Remembering complicated passwords is *hard*. Having a different password for each site? That's even *harder*. That's not even including regular password changes. Will things change? I sure hope so, but it's 2011, almost 2012, and people still think that "bluesky" or "kitty" or their birth date are acceptable passwords. There are tools in place to enforce strong passwords with any Windows machine, but at the first opportunity, users will ask someone knowledgeable to "turn that **** off". To sum it up, yes, it *is* the user's fault their machine got infected. I know plenty of knowledgeable people that use Windows daily and don't get infected because they have "street smarts" or whatever it is that you might call being savvy. I have been using Windows in all my machines for as long as I can remember, and my last problem with virus, in my own computer, was in the mid 90s because I did something stupid and infected my computer. I've also been using the Internet since 1997, and I don't feel like I have to "unplug" my computers from the net and use them in an airtight room to be safe. I work in this industry, I do Windows sysadmin and helpdesk for a living. And I've managed to be pretty good at it too. But one thing that hasn't changed over all these years, is how users treat their computers and how they'll get duped into doing really dumb stuff. Do you really think it's the OS's fault? Well, it's all market share. Think about the recent Mac malware streak, that Apple itself had to catch up with it and release an OS update to get rid of the Mac Defender scareware. How's that different than an anti-malware signature update on Windows? While at it, if you have an Android phone, you better take a good look at it, because that's the next target. Plenty of malware out there already. And that's linux-based, with your *nix permissions and everything. -- Dante _______________________________________________ LinuxUsers mailing list [email protected] http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
