Re: Raw Sockets in WinXP

From: Su Wadlow (swadlow@utdallas.edu)
Date: 07/30/01 

Date: Sun, 29 Jul 2001 19:19:33 -0500 (CDT)
From: Su Wadlow <swadlow@utdallas.edu>
To: SECURITY-BASICS@SECURITYFOCUS.COM
Subject: Re: Raw Sockets in WinXP 
Message-ID: <Pine.GSO.4.21.0107291857230.1839-100000@apache.utdallas.edu>

On Thu, 26 Jul 2001, kath wrote:

> How many newbies get a linux distro and start doing everything as root,
> never using a normal account?

Probably most, if not all, of them.

> I know I did, a long time ago. I was
> obsessed with having the power and never needing to su up in a xterm for
> something.

I did the same thing. Except it wasn't because of an obsession
with the power of root. It was because some things didn't work
unless I was root, and I had yet to learn about configuring them
to be used by other users. And I didn't know any better.

I'd suspect this is more often the case with newbies.

> How many Windows XP users do you think will inadvertantly and sometimes
> (like how I was at first with linux) purposefully use the Administrator
> account all the time?

Probably a lot of them. Many will be like you were at first
with Linux, but many more will simply get frustrated when they
can't get an application installed, or a particular feature
won't work correctly unless they're an administrator. And it's
much easier to just log in as Administrator than it is to learn
about adding users, and putting those users in appropriate
groups.

What's really scary about this scenario is that most XP users
will be "consumers" -- home users without the expertise to
figure out how to use normal user accounts effectively, without
the inclination to learn, and without a support system. The
boxen quite likely will be just as wide open as Win95 was, and
the security that is gained by using an NT-like system may well
be negated by the user being unable to use the security
functionality effectively. 

-- 
Su Wadlow
swadlow@utdallas.edu
  If I have to explain, you wouldn't understand

Relevant Pages

  • Re: theoretical question - can roots username be changed?
    ... If everyone in the Linux world knows that the chance is good ... >>>that there is a user called 'root' on any given Linux box, ... >>whatever the system administrator wants it to be. ...
    (Fedora)
  • Re: Make a user act as root
    ... bigger" hard drive and backup to another linux box...i mean really...have ... Steve Shah - Unix Systems Network Administrator ... >I need a Windows based backup system to backup my linux. ... I have clicked Administrator to be member of group 'root' and I ...
    (alt.linux)
  • Re: theoretical question - can roots username be changed?
    ... Why the word 'feeble'? ... >>>user called 'root' on any given Linux box, ... >> whatever the system administrator wants it to be. ...
    (Fedora)
  • Re: theoretical question - can roots username be changed?
    ... If everyone in the Linux world knows that the chance is good that there is a user called 'root' on any given Linux box, and that user has nearly unrestrained privileges, why would it be feeble to double the guessing that must go on to get at root's privileges, by changing his username. ... I make it a point when securing a Windows server of always deleting the administrator account and creating a new account with membership in administrators for administration purposes. ...
    (Fedora)
  • Re: Password
    ... I ran a quick search on Ask with the phrase "linux lost ... Have you ever forgotten your root password? ... Fortunately, it wasn't a boot password, so I did have ... (although "mount" may say it is). ...
    (alt.os.linux)