Full Disclosure mailing list archives

Re: [Fwd: Re: windows future]

From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Thu, 27 Aug 2009 20:33:37 -0300

I'm not sure this is a solution. Most of the people I work with will
unquestioningly click every UAC prompt. Knowing what to whitelist

requires

a fair degree of technical skill beyond most users' ability.


On Thursday 27 August 2009 08:34:54 Thor (Hammer of God) wrote:

If they can just "unquestionably click" the UAC prompt, then they are
already running as administrators, or your DA has changed the default
setting for UAC, which requires "normal users" to enter the admin

username

and password to run code with escalated permissions.

In either case, it's not Vista's fault.


It is somewhat Vista's (or Windows') fault if the default user is also
the
administrator by default. Yes, knowledgeable people will know to set up
a
separate user account, but in a home environment such people are few
and far
between.


But that's the same on my Mac and Ubuntu distro too.  The first user is the admin.  Granted, the default behavior on 
Mac/nix requires the admin password and not just a confirmation, but at the end of the day, it's all the same.  I 
actually like being able to change the behavior to suit my environment, which I can do with Visa/Win7.  

So the point is really moot, and it all comes down to the same thing I've been saying for what seems like (because it 
is) years now.  Stop blaming the OS (whichever one you pick) and take responsibility for your installs.  You've said it 
yourself... you are basically saying that the people you work with are too stupid to read a prompt, or to create and 
use a normal user account.  This will change if they install Mac OSX or Ubuntu?

In my own "business" situation, I am the computer goto guy. Our
equipment
isn't capable of Vista. When I arrived it ran XP Home. It took about a
year,
but we migrated to something more open source, and to an OS that
insists on
regular user accounts by default.


What are you running that creates a "regular" user first by defaut?  And I'm confused.  You say most of the people you 
work with would unquestionably click the UAC (presumably "OK") but now you say you aren't even running Vista where you 
work.  These people can install and use your open source solution and create normal users but can't do the same on 
Vista?  Or are you just assuming that they can't even though they don't use it?  What's your point exactly?

t  

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

[Fwd: Re: windows future] Rohit Patnaik (Aug 27)
- Re: [Fwd: Re: windows future] Peter Besenbruch (Aug 27)
  - Re: [Fwd: Re: windows future] Thor (Hammer of God) (Aug 27)
    - Re: [Fwd: Re: windows future] Peter Besenbruch (Aug 27)
    - Re: [Fwd: Re: windows future] Rohit Patnaik (Aug 27)
    - Re: [Fwd: Re: windows future] Thor (Hammer of God) (Aug 27)
    - Re: [Fwd: Re: windows future] Rob Thompson (Aug 27)
    - Re: [Fwd: Re: windows future] Thor (Hammer of God) (Aug 28)
    - Re: [Fwd: Re: windows future] Peter Besenbruch (Aug 27)
    - Re: [Fwd: Re: windows future] Thor (Hammer of God) (Aug 28)
    - Re: [Fwd: Re: windows future] Peter Besenbruch (Aug 28)
    - Re: [Fwd: Re: windows future] Thor (Hammer of God) (Aug 28)
    - Re: [Fwd: Re: windows future] Peter Besenbruch (Aug 28)
    - Re: [Fwd: Re: windows future] Thor (Hammer of God) (Aug 28)
    - Re: [Fwd: Re: windows future] Peter Besenbruch (Aug 28)
    - Re: [Fwd: Re: windows future] Michal (Aug 29)

(Thread continues...)