funsec mailing list archives
Re: Administrator Accounts
From: Matthew Murphy <mattmurphy () kc rr com>
Date: Wed, 22 Feb 2006 16:02:57 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Larry Seltzer wrote:
No question the auto-prompting for admin credentials is important and Windows is years behind on this, but as long as the user really does have these credentials they are open to social engineering attack for it. A home user has to have their own admin credentials available, but in a properly-administered system I don't see why an enterprise user needs them, even on a notebook.
It's not just a properly-administered system that comes into play here, but a system running properly-developed software. Such software is in far shorter supply than it should be. Many enterprises run apps that were written for Windows 95, 98 or Me. These applications were written in a single-user world where there was no concept of multi-user systems or rights limitation. Users in this environment could do things like write to the software's install directory instead of their own profile hives, etc. Some of these apps needlessly require admin rights (or more limited privileges that pose an equivalent danger). This is one of the things Vista will alleviate with Application Impact Management (AIM) is the scenario whereby a non-admin user whose software attempts to write to protected directories/registry hives will have their own copy of that data (instead of being denied access/altering the global copy) from that point forward. - -- "Social Darwinism: Try to make something idiot-proof, nature will provide you with a better idiot." -- Michael Holstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB5444D38 iD8DBQFD/N+Rfp4vUrVETTgRA96MAKCh8Ja86+qyMmDrvEaxfECzi28+zQCfRe/X 5UjAId/anb/70u6a44PEs1c= =NbT5 -----END PGP SIGNATURE-----
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Administrator Accounts Todd Towles (Feb 22)
- Re: Administrator Accounts Blue Boar (Feb 22)
- Re: Administrator Accounts Mike Owen (Feb 22)
- RE: Administrator Accounts Larry Seltzer (Feb 22)
- Re: Administrator Accounts Matthew Murphy (Feb 22)
- Re: Administrator Accounts Valdis . Kletnieks (Feb 22)
- Re: Administrator Accounts Mike Owen (Feb 22)
- Re: Administrator Accounts Blue Boar (Feb 22)
- <Possible follow-ups>
- RE: Administrator Accounts Todd Towles (Feb 22)
- RE: Administrator Accounts Larry Seltzer (Feb 22)
- RE: Administrator Accounts Todd Towles (Feb 22)
- RE: Administrator Accounts Nick FitzGerald (Feb 22)
- Re: Administrator Accounts Valdis . Kletnieks (Feb 22)
- RE: Administrator Accounts Larry Seltzer (Feb 23)
- Re: Administrator Accounts Dude VanWinkle (Feb 23)
- RE: Administrator Accounts Nick FitzGerald (Feb 22)
- Re: Administrator Accounts David Lodge (Feb 23)