Hi. On Mon 2003-02-03 at 01:07:41 +0200, [EMAIL PROTECTED] wrote: > FemmeFatale wrote: > > > >My b/f is a windows MCSE. Fine. In windows you run as root anyway. > >Even on 2k I run as an Admin. > > > >Now he says he sees no diff from that to running as Root in linux.
That's quite correct. So, for the same reasons that running as root on Linux is not a great idea, doing the same on Windows is not either. (I tried really hard to avoid saying "is equally stupid" ;-) > >I can't give him any better argument for not doing so other than its > >insecure (he doesn't care about that on a home compy) So he does not care that running some downloaded program may screw up his whole system. And if he got lucky it contains some backdoor that runs some attack and and he does not care getting cut off by his ISP (who may decide to prevent the attack and ask questions later). Security is not only about keeping your files safe, but mainly about keeping control over your computer (which also keeps your files safe). And no, that is not some theoretical issue. He should know that by now, considering all the worms and stuff that has been covered in the main press in the meantime. And security comes in layers. Even if you have some firewall in place, that protects against most of the known exploits, having an additional protection, if a new one comes out, surely does not hurt. > >& that you can reall botch Xwindow. Botching that doesn't faze him > >either cause he'll just reinstall anyway. Well, given someone who doesn't care about who controls his computer and neither does value his time ("just reinstall"), there is really not much to argue for not running as root. It's like trying to convince someone who doesn't care about his life to fasten his seat-belts before driving. [...] > If he has that much of a Windows mentality, tell him that logging on as > root can corrupt the registry, then watch the blood drain from his face ;-) :-) > More seriously, one reason why I barred myself from being root after > more than two glasses of raki is that one typing mistake can kill your > system. Well, even without raki, I consider protecting me from myself a good idea. :) > Like you think you're in /mnt/windows/My\ Documents\Downloads > and you want to delete a bunch of junk directories with names like > ???sefdljvn5+5, ???fdsre8344 etc., so you type "rm -Rf ./?*" Just > after you hit Enter you realise that (a) you were in /usr and (b) "?" is > a regular expression. Minor nitpit: You mean shell pattern / globbing. Most shells don't understand regular expressions. If it was a regular expression, "?" would make the "/" optional and "*" would repeat that 0-n times, so ".", "./", ".//", ".///", etc. would match. Btw, at least bash and tcsh support a nice feature. When your cursor is at the end of the pattern, press "^X-*" (that is: press and hold CTRL and press x, then let go of CTRL, press * - that is: SHIFT-8 for american keyboard, I think). This will expand the pattern in-line and you can see without hitting return, which files match. I never use rm together with patterns without this trick anymore and never have deleted a file accidently since then (quite some years...). > Maybe you could just ask him why he should bother to run as root? Agreed. That is probably the better argument. You have at least security and common (UNIX) practice on your side, make him argue what *good* reasons he has (and no, laziness is not a good reason). [...] > Still, if he wants to break his computer, that's his business. If > it's your computer he's running, just change the root password and > don't tell him what it is. Was about saying the same. ;-) Another point regarding his ignorance regarding security is: If he has to access your computer (file sharing, login, whatever...), consider his computer untrusted (i.e. owned by some script kiddie) and apply appropriate (tight) access restrictions accordingly. Make him use different passwords for your computer, if he has an account for it (because the password for his computer has to be considered to be already logged by some script kiddie). And so on. In other words: imply his machine as untrusted as you would if it operated by some malicious stranger - because maybe it is, and he doesn't seem to care enough. Bye, Benjamin.
msg117949/pgp00000.pgp
Description: PGP signature