funsec mailing list archives
RE: Administrator Accounts
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 23 Feb 2006 14:09:13 +1300
Todd Towles wrote:
My friend Susan Bradley said it in 2005 - "We need to understand that we need to protect ourselves a little bit better. At the same time, the vendors need to step up to the plate. Intuit, in particular, and other vendors that do not support limited user rights are forcing me to make security decisions. They are the ones causing insecurity on the desktop, not me." But not all applications will run if the user does not have administrative privileges, Bradley said. "The ultimate goal is that every single application that we have installed in our systems will run in user modes," Bradley said. "The Microsoft applications do run in user mode. I cannot say that for the rest of my stupid line-of-business applications. To get certified for design for a Windows XP logo, you have to run as a user mode."
So, why pray tell, is _any_ corporate system running any of these crappy apps? If it doesn't "run in user mode" WTF was it ever get approved for use in the business? Had corporates taken this "we actually really do care, maybe just a little though, about security" this problem would not exist _for "business use" software_ today. The reason the problem exists is that "too many" corporate IT folk either don't have the balls to front a major s/w developer like Intuit (and all the others) and demand that they fix their crappy software, or the IT folk's advice is overidden by some security-clueless morron (probably an accountant) who decides it is cheaper (in terms of up- front dolars and cents) to stick with the app that they were using when Win9x ruled their roost (and don't get me started on the question of why that PoS was _ever_ used in a business that claims to care about security) and not face the re-training, data conversion, process conversion, etc, etc, etc costs of switching to Product X which does offer the intangible benefit of allowing a better security design for their IT system. Thinking in the small by small-minded folk who can only see their constrained view of the world... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Administrator Accounts Todd Towles (Feb 22)
- Re: Administrator Accounts Blue Boar (Feb 22)
- Re: Administrator Accounts Mike Owen (Feb 22)
- RE: Administrator Accounts Larry Seltzer (Feb 22)
- Re: Administrator Accounts Matthew Murphy (Feb 22)
- Re: Administrator Accounts Valdis . Kletnieks (Feb 22)
- Re: Administrator Accounts Mike Owen (Feb 22)
- Re: Administrator Accounts Blue Boar (Feb 22)
- <Possible follow-ups>
- RE: Administrator Accounts Todd Towles (Feb 22)
- RE: Administrator Accounts Larry Seltzer (Feb 22)
- RE: Administrator Accounts Todd Towles (Feb 22)
- RE: Administrator Accounts Nick FitzGerald (Feb 22)
- Re: Administrator Accounts Valdis . Kletnieks (Feb 22)
- RE: Administrator Accounts Larry Seltzer (Feb 23)
- Re: Administrator Accounts Dude VanWinkle (Feb 23)
- RE: Administrator Accounts Nick FitzGerald (Feb 22)
- Re: Administrator Accounts David Lodge (Feb 23)
- RE: Administrator Accounts Larry Seltzer (Feb 22)
- Re: Administrator Accounts Brian Loe (Feb 22)
- Re: Administrator Accounts Blue Boar (Feb 22)