Linked by Thom Holwerda on Mon 11th Sep 2006 17:56 UTC
Windows A few days ago we reported on the fact that applications which have administrative rights in Vista (given by the user, of course) can disable User Account Protection altogether. This was seen as a security flaw; Ars, however, begs to differ: "When UAC is disabled, Vista gripes loudly about it. The Windows Security Center immediately notes that UAC has been turned off, and it prompts you to turn it back on using a system tray notification. From our own testing, it appears impossible to disable UAC without the Security Center noticing it, which makes it rather unlikely that a user is end up in a less secure state."
Thread beginning with comment 161375
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Well...
by evad on Mon 11th Sep 2006 19:23 UTC in reply to "RE: Well..."
evad
Member since:
2005-09-10

GNU/Linux doesn't have "UAC" so yes, you can't turn it off.



Or on.

Reply Parent Score: 2

RE[3]: Well...
by bob8 on Mon 11th Sep 2006 19:40 in reply to "RE[2]: Well..."
bob8 Member since:
2006-07-13

"GNU/Linux doesn't have "UAC" so yes, you can't turn it off."

Sudo can be setup to function exactly like UAC. Try looking at Ubuntu, it works that way by default. So yes Linux does have a UAC like layer.

Edited 2006-09-11 19:41

Reply Parent Score: 1

RE[4]: Well...
by sbenitezb on Mon 11th Sep 2006 20:12 in reply to "RE[3]: Well..."
sbenitezb Member since:
2005-07-22

"Sudo can be setup to function exactly like UAC. Try looking at Ubuntu, it works that way by default. So yes Linux does have a UAC like layer"

Not like Vista's! I can actually create an item in the desktop without being asked my password.

Reply Parent Score: 2

RE[3]: Well...
by tomcat on Mon 11th Sep 2006 20:36 in reply to "RE[2]: Well..."
tomcat Member since:
2006-01-06

GNU/Linux doesn't have "UAC" so yes, you can't turn it off. Or on.

Yeah, that's technically true. But once a malicious app (see my previous post) gets a privileged process running, it doesn't need to care about logging in. It can use the privileged process as a proxy to do its bidding. So, bottom line, once a user lets a privileged process run -- regardless of whether it's Windows or 'nix -- no OS is secure.

Reply Parent Score: 4

RE[4]: Well...
by t3RRa on Mon 11th Sep 2006 21:24 in reply to "RE[3]: Well..."
t3RRa Member since:
2005-11-22

But you see, most users of alternative OSes(I mean non-Windows users) basically have more skills and knowledgements on computers in general I rekon. They could figure out whether it is some kind of trojan or not.

Also there are a lot of window managers which look totally different from each others. If I use Enligntenment R17 for DE, a GNOME/KDE app pops up and asks for root password, I think I could figure out easily even without much knowledge! ;) As there are so many choices for DE/window manager in open source world, it is hard to guess users environment. I know I know that most users use GNOME or KDE. But..

Anyway, because there is no way to turn off privilege thing in *nix world, it is impossible a malicious app gets a privileged process running or at least a lot harder than Windows. period.

I don't mean *nix is perfect but at least a lot more secure than Windows. And I feel comfortable on *nix because of it. ;)

Reply Parent Score: 3