Full Disclosure mailing list archives
Re: [Fwd: Re: windows future]
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Fri, 28 Aug 2009 15:29:48 -0300
On Friday 28 August 2009 03:39:14 Thor (Hammer of God) wrote:If the entire argument is around the default escalation behaviorbeing"enter a password" (which they already know) vs clicking OK becauseyouassume entering the password is more of a deterrent, then OK, but the premise of "the people I work with are too stupid to know thedifference"kind of takes away from that. And one should also note that in adomainenvironment, the default behavior is indeed username and password.Justthought I'd throw that in as well.It is entirely what the escalation behavior is. My objection to Vista is two-fold: Clicking OK instead of entering a password. As I have argued before, there really is a difference between clicking OK and entering a password.
Maybe I'm not saying it properly... (and I won't belabor the point anymore). If you want a password instead of a click, then set it to "prompt for credentials" rather than "prompt for consent" for *administrators*. But understand that normal users ARE required for administrator name and password to execute escalated functions BY DEFAULT. Only if you are *already running as admin* does the dialog come up by default, but that behavior is changeable too. Just set everything to require username and password. Argument solved.
That brings me to my second objection. Vista puts up more escalations than Ubuntu, further exacerbating that difference.
"Vista puts up more escalations than Ubuntu" is not a qualifiable statement. It all depends on what you are doing. For me, I have to su just about everything do in Ubuntu, but that has nothing to do with Ubuntu- it has to do with what I'm typically using Ubuntu for... I rarely have to escalate in Vista/Win7 as I only escalate when I have to administrative stuff on my box, which is rare (loading software, changing fw rules, admin users, manage system, etc). If you see more escalation requests on Vista, it's probably for the same reason -- you're doing stuff that requires admin all the time. If so, (really doing all admin all the time) then turn the damned thing off - that's what I do on servers (and is actually the default for the "real" administrator account). I log on, do my business unfettered, and log off. Simple.
Your point about using a password to log into domains might be valid, but only in limited instances, as I would hope that the department that set up the domain would have its users not running as administrators.
Of course they aren't running as admin. That's the whole point. There's nothing one has to do when users are not running as admin, they get the prompt for admin username and password by default. It's not a "limited instance" it is a "default instance."
We basically agree on the main point: Separate user and administrator accounts are better. I wonder if Micosoft will start enforcing that?
The "wonder if MSFT will start enforcing that" is already answered - they do, and HAVE been. Even with XP you could "run as administrator." I used to do it all the time. I actually like the UAC in Vista/Win7 better as it gives seamless admin capabilities while interactively logged on as a normal user. Anyway, this dead horse is beaten enough... T _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [Fwd: Re: windows future], (continued)
- Re: [Fwd: Re: windows future] Peter Besenbruch (Aug 27)
- Re: [Fwd: Re: windows future] Thor (Hammer of God) (Aug 27)
- Re: [Fwd: Re: windows future] Peter Besenbruch (Aug 27)
- Re: [Fwd: Re: windows future] Rohit Patnaik (Aug 27)
- Re: [Fwd: Re: windows future] Thor (Hammer of God) (Aug 27)
- Re: [Fwd: Re: windows future] Rob Thompson (Aug 27)
- Re: [Fwd: Re: windows future] Thor (Hammer of God) (Aug 28)
- Re: [Fwd: Re: windows future] Peter Besenbruch (Aug 27)
- Re: [Fwd: Re: windows future] Thor (Hammer of God) (Aug 28)
- Re: [Fwd: Re: windows future] Peter Besenbruch (Aug 28)
- Re: [Fwd: Re: windows future] Thor (Hammer of God) (Aug 28)
- Re: [Fwd: Re: windows future] Peter Besenbruch (Aug 28)
- Re: [Fwd: Re: windows future] Thor (Hammer of God) (Aug 28)
- Re: [Fwd: Re: windows future] Peter Besenbruch (Aug 28)
- Re: [Fwd: Re: windows future] Thor (Hammer of God) (Aug 27)
- Re: [Fwd: Re: windows future] Peter Besenbruch (Aug 27)
- Re: [Fwd: Re: windows future] Michal (Aug 29)