Linked by Thom Holwerda on Wed 31st Mar 2010 14:41 UTC
Windows As geeks, we're well aware of the importance of running as a normal user instead of as root (UNIX/Linux/BSD) or administrator (Windows). However, while this should be common knowledge to anyone reading OSNews, it's often hard to illustrate just how important it is - until now, that is. A report by BeyondTrust looked at how many security bulletins issused by Microsoft are mitigated by simply... Not running as administrator.
Permalink for comment 416340
To read all comments associated with this story, please click here.
RE[3]: Not entirely...
by strcpy on Thu 1st Apr 2010 04:49 UTC in reply to "RE[2]: Not entirely..."
strcpy
Member since:
2009-05-20


'su' doesn't require any group - just that you know the password for that user, root or otherwise.


I don't know which Unix you refer to (probably some weird GNU variant), but this is just plain wrong.


It's only a problem so long as software is designed to require admin rights to function.


My own take on this is that things in Ubuntu (the most popular one, but not the single one, of course) are not that better: a single user is automatically put into the root position. The only thing she needs to do is enter her own password.

It is the same kind of click-click-click -solution than in Windows, downplaying the Unix tradition. But instead of clicking, you type the password. And since we all know how wonderful the concept of password is among the general public ("password123" works in Ubuntu as well as in Facebook and my bank!), it is trivial to exploit.

Edited 2010-04-01 04:51 UTC

Reply Parent Score: 3