RE: Re: PHP coder needs Tor details

[Tony]

Actually Windows does exactly the same thing. e.g. the 'Network Service' and 
'Local Service' accounts. See 
http://www.microsoft.com/technet/security/midsizebusiness/topics/networksecurity/securingaccounts.mspx
 
People seem to forget that the original and worst worm outbreak ever - that 
efffectively shut down the internet for days was on UNIX...
 
Windows might have its problems but they are not unique.



From: [EMAIL PROTECTED] on behalf of Juliusz Chroboczek
Sent: Tue 13/02/2007 06:53
To: or-talk@freehaven.net
Subject: Re: PHP coder needs Tor details



 To shorten... How do I allow nobody to utilize Tor (It can already
 do that but I must start it like a root and stop it like a root)

Please don't.

The very reason Unix is more secure than Windows is that Unix actively
uses the permission system to prevent insecure things like PHP from
munging the networking daemons.  By running PHP with higher
privileges, you'll make your Unix system just as insecure as Windows.

Juliusz




winmail.dat

RE: Re: PHP coder needs Tor details

[Tony]

Windows hasn't rendered active content by default since XP SP2. It has never 
rendered it by default in Vista or Windows 2003.

Windows also no longer runs as administrator by default (I guess you havnt used 
Vista yet).

Its not just in theory. For instance IIS is now so improved that many sites fed 
up with the constant hacking, exploits, defacements and patching regime 
dependency compatibility issues that they experience on Linux are migrating 
over to Windows server 2003. This has been a consistent trend for some time now 
and Apache just dropped below 60% market share for the first time since 2002 as 
a direct result of cumulative migrations from Linux to Windows.

As you say 'most installations are now secure by default'. Touché. 


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eugen Leitl
Sent: 13 February 2007 10:34
To: or-talk@freehaven.net
Subject: Re: Re: PHP coder needs Tor details

On Tue, Feb 13, 2007 at 10:25:54AM -, Tony wrote:

This is offtopic, but...

 Actually Windows does exactly the same thing. e.g. the 'Network 
 Service' and 'Local Service' accounts. See 
 http://www.microsoft.com/technet/security/midsizebusiness/topics/netwo
 rksecurity/securingaccounts.mspx

The point is that rendering active content is default, and running everything 
as administrator is default (in fact, most Windows userland software needs to 
be installed and run as administrator) -- the technology and the culture 
conspire to give us the 250 Mzombie Internet experience we love.
  
 People seem to forget that the original and worst worm outbreak ever - that 
 efffectively shut down the internet for days was on UNIX...

That was a long time ago. Unix is diverse, and most installations are now 
secure by default. The technology and the culture work together, and lower 
profile is one of the key points that diversity is good, monoculture is bad.
  
 Windows might have its problems but they are not unique.

You're correct only in theory.

--
Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org 
__
ICBM: 48.07100, 11.36820http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

Re: Re: PHP coder needs Tor details

[Paul Syverson]

On Tue, Feb 13, 2007 at 07:12:01PM -, Tony wrote:
 Microsoft Outlook is part of Microsoft Office - not part of Windows. Possibly 
 you mean Outlook Express. 
 
[snip]

This  off-topic thread has gone on for too long.
Please stop this thread now.
-Paul

--
Paul Syverson  ()  ascii ribbon campaign  
Contact info at http://www.syverson.org/   /\  against html e-mail