Re: [Full-disclosure] [Fwd: Re: windows future]



The OS on my machines will not allow a person to run an administrative
desktop. It enforces the separation between the administrator and a
normal user by requiring the creation of at least one normal user at
install. Only that normal user can log in.

On Friday 28 August 2009 09:30:26 Thor (Hammer of God) wrote:
Oh, now that's cool. I didn't know that. The "force to create a normal
user and only use that" was not something I was aware of.

What's the OS? So, even if you wanted to, you couldn't log on as
administrator and just do whatever you needed to? I'm not sure if I like
that, but I assume this is customizable behavior, yes?

The OS is Debian Linux. Virtually all behavior in Debian is customizable, but
you would have to look look long and hard to find a Debian user who would
want to allow logging into an administrative desktop. You may become
administrator in a terminal or shell. All administrative tasks can be run
from the shell (sometimes called the command line in Windows) in Linux. On a
graphical desktop, programs may be run as administrator; they provide a login
prompt before the program will execute. Programs relying on the X server
(that's the underpinning for the graphical interface) cannot be launched from
an administrative shell by default. At the very least, remote administrators
are blocked from doing that.

Finer controls are available for normal users. Linux (and other Unixes, I
assume) assigns users to groups with names like cd-rom, tape, sudo, and
backup. Assigning a normal user to these groups allows limited extra rights.
I understand Windows also has similar fine grained controls. My point is that
at least some Linux distributions lock things down more by default. The major
distributions all do. That's a good thing. That makes the OS a more hostile
malware environment by default. That and the more diverse environment that
Linux presents, means that Linux desktop users will probably never have to
worry much about malware infections.

One distribution catering to Windows users (initially called Lindows, then
Linspire) set their distribution up the Windows way (making the administrator
the default user). They caught hell for it. Mercifully, they are defunct.

Microsoft's defaults created an environment where software houses assumed you
ran with full privileges. A lot of productivity and game software required
being an administrator to run. Back in my Windows 2000 days that was a huge
problem. I don't know if the problem remains today, but I ran across it with
a multi-platform program called RawTherapee under Linux. It writes its
configuration files where it's installed, not to the user's configuration
area. That means running it as an administrator, or installing it to one's
home directory (the Windows equivalent is "Documents and settings"). Not
good, especially if you set the home directory to refuse all executable
files. Clearly the author of the software used Windows first, and assumed
that all users would run as administrator.

Absolutely - and I learned something about other default options on other
OS's too ;)

Now if we can only teach people that there is no fortune to be made off the
transfer of funds of defunct African dictators. Piece of cake. ;)

--
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/