nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Spyware becomes increasingly malicious (let's return to reality)

From: "Alexei Roudnev" <alex () relcom net>
Date: Thu, 15 Jul 2004 21:38:16 -0700

Did you try to run Windoze as 'not admin user'? Ok, try, then install, say,
harmless user-level (not a server at all) Visio package...

They run as admin, because Windoze (1) have not easy (temporary) switching
between User and Admin, and (2) 99.99% applications require user privilege
to be installed or configured (and they are not sevice applcaitions).



Not necessarily true.  Security/permissions plays a major part in the
effectiveness of adware and spyware.  A majority of consumer Windows
OS's run with the default login as an admin user.  When a user chooses
to install "Cool-Search", their user rights allow for registry changes
and alterations of system libraries, which cause ads to display when
using IE.

Can this be prevented by running Windows as a non-privileged user,
yes.  But people want to install their "Cool-Search" and
non-privileged users can't install anything.

If I am in Unix, I can install Cool-Search when I am a normal 'user', BUT
these will not be a system-wide application. I need root privileges to
install a service, and I do not neeed it to install something which is
client only (can not run by itself).

// I am not advice for Unix here.

These is a difference - in a very old, ansient Unix system there is simple
and effective privilege segregation (and everyone understands it). No one
application writes into /bin and /usr/bin, and only very few badly designed
applications try to write anything into /etc; user's directory have simple
'-rwxrwxr-x- (or other) access list (easy to understand), etc etc... As a
result, 99% of this _old_ OS are more secure than99% of  Windoze
installations (through Windoze can be made much more secure than Unix).
There is all result of 'hidden complexity'.


Install 'Osiris' (or Tripwire) IDS and try to configure rules for Unix and
Windoze, then compare. Tremedows difference!


When using OS's other than Windows, users can install their own
binaries, but they do not have access to modify the system binaries.
Then can still browse with the system wide Mozilla/whatever, but their
actions will not have the ability to alter anything that will allow
for ads to be served when browsing, or for browsing habits to be sent
to a third party.

Technically they can run some startup script, but even if they do it, it is
_very_ easy to get rid of such thing. And (what is most important) usesr can
do 100% tasks when logining as a 'user' not as an 'admin' (if they need
temporary permission change, they can got it).
Previous By Date Next
Previous By Thread Next

Current thread: