Re: illusion of "service==disabled", what to do when programs require admin to run...?
From: Karl Levinson [x y] mvp (jamescagney90210@excite.com)
Date: 01/18/03
- Next message: Karl Levinson [x y] mvp: "Re: F**kin' hackers!"
- Previous message: D Small: "LSA Executable and server DLL (Export Version)"
- In reply to: linda w: "illusion of "service==disabled", what to do when programs require admin to run...?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <jamescagney90210@excite.com> Date: Sat, 18 Jan 2003 17:28:01 -0500
I don't see any easy fix to the issues you mention. Computing in a
multi-vendor network environment with lots of users is always going to be
complex, especially as more and more new features and options come out and
more and more users start adopting these and considering them necessary for
doing their jobs.
It does annoy me too that you need to be Administrator to not only install
Office, but it seems also the first time a new user logs in and the mini
Office setup runs. However, the best security comes when the installer has
elevated privileges temporarily and then subsequent users have fewer
privileges to screw up what the installer installed. Unfortunately,
achieving the best security almost always requires there to be an
administrator and requires extra effort on the part of that administrator.
IMHO Windows already sort of has the compartmental security you suggest.
Those problems you and I have with MS Office are probably problems with the
default settings, and we might be able to fix them by enabling auditing,
seeing which registry settings and files have incorrect permissions on them,
and using that knowledge to improve the process. Granted, it's not as easy
as clicking a single checkbox or two in a GUI.
By comparison, there are 16-bit Windows and DOS apps and demos you can use
that probably run fine under basic user permissions, but only because
there's probably nothing added to the registry, which limits your ability to
control with granularity each user's permissions on this setting and that
setting.
Regarding problems with low-quality software, this will always be a problem.
I especially have problems with niche software that is used by a small
number of users, and personally I find fewer problems and more documentation
with products with much larger installed user bases, like Dell.
"linda w" <lindaw_tlinxorg@hotmail.com> wrote in message
news:3E292C35.6070107@hotmail.com...
> I suppose I already suspected this to be true, but setting security
> settings are
> a bit bogus when you have user level apps (Abbyy Fine Reader 6.0 OCR
> software)
> that require Admin priviledges to run a 'demo' (which doesn't function
> -- too bad since
> the SW is otherwise highly rated).
>
> I can see, possibly, a need for admin priviledges for a program to install
> itself, but at the same time I'm even uncomfortable with that. I like
> the idea
> of unpacking a program all in a user-subdir and everything running from
> there. Why must all user-apps (I'm including even programs like
> MS-Office apps) install themselves all over the place needing full access
> to all of the registry.
>
> It seems it would be safer to have an OS that allows 'compartmental'
> security
> by user or by group so application misbehavior (intentional or one of
> the many bugs, common to "app-at-cheapest-cost&most-features" programs
> available today).
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003
- Next message: Karl Levinson [x y] mvp: "Re: F**kin' hackers!"
- Previous message: D Small: "LSA Executable and server DLL (Export Version)"
- In reply to: linda w: "illusion of "service==disabled", what to do when programs require admin to run...?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
