NeoSmart has published their Windows Vista RC1 Monster Review, which tries a kind of "thorough overview" of everything Vista will ship with this close to RTM. Especially interesting is the brief security run-down. And of course, there are screenshots as always.
To read all comments associated with this story, please click here.
Member since:2006-09-22
Member since:2006-08-18
> Also I think that they didn't hear "sudo" 
Or gksudo, kdesudo, gksu, kdesu, etc. I plan on setting up sudo and the front-ends; I hear its more secure than su alone.
I also have AppArmor and a good firewall (integrated in YaST) for MAC and Internet security. Mandriva uses have RSBAC + firewall and Fedora/RedHat users has SELinux + firewall.
Setting up user accounts and group rights is just as simple as Windows Vista with the GUI tools found in Gnome and KDE.
Member since:2005-08-28
One; Linux (and BSD, I assume) have groups in order to restrict what users have access to (hence the groups permission part of the permissions string -rwxRWXrwx)- users won't necessarily have access to the su (or sudo) command, for example. The list is in /etc/group. If I understand the file correctly, my particular account has membership in the 'audio' group (so processes I start can use sound), and shares membership of 'cdrom', 'floppy', and 'plugdev' with haldaemon (which I interpret to mean I'm allowed to mount devices, and so is the automounter)...
Two; Linux DOES have Access Control Lists via SELinux (and there may be other implimentations) for finer-grained control. I've never used it though, and I don't know how many distros ship with it enabled.
Three; sudo is not entirely per-task, but it's close; it's only valid for the terminal it was invoked from, and (on Ubuntu, at least) for a limited time only. You can change the time limit to zero (or a really small number, if 0 counts as 'off') and get per-task authorization.
How do the Windows processes compare? They sound fairly similar, except for the part about Vista asking you first. One of these days I ought to get around to making rm an alias for rm -i.
I did find these points, in the security roundup, VERY interesting:
Internet Explorer is no longer integrated with Windows Explorer
...
New “Protected Mode”
The browser runs in a sandbox with even lower rights than a limited user account. As such, it can write to only the Temporary Internet Files folder and cannot install start-up programs or change any configuration of the operating system without communicating through a broker process.
Both seem like very good ideas. Heck, it might be a nice idea to make ALL browsers run as their own limited users. Yeah, now all you need to do is fool the broker process... but anyway. Actually, this might be why Microsoft invited the Firefox people over, to make sure Firefox will run well in an extremely limited mode.
Member since:2005-07-06
Linux DOES have Access Control Lists via SELinux
Linux has access controll lists even without SELinux.They are called discretionary.SELinux provides an extra layer,mandatory access controll.
I've never used it though, and I don't know how many distros ship with it enabled.
The 2.6 kernel has SELinux capability build-in just not every distro comes with a default policy.
Member since:2006-04-21
On Windows, there are a hundred different in-between accounts,
Hundreds?! Having to remember *hundreds* of administrator account names and passwords is "better" than Linux?! Pure. Windows. Fanboyism.
and users can actually log on as Administrator for day-to-day activities.
Umm, yeah. You can do that in Linux, too. Fortunately even Linspire users aren't that stupid these days, I hear.
Member since:
2006-06-20
It’s even better than Linux. I never thought I’d live to the day when I can honestly say “Windows security for user accounts is much better than that of Linux.” Scary? Unbelievable? It’s true. Linux has two types of accounts: Normal, and Super-User. That’s like having “Restricted User” and “Administrator” on Windows, with nothing in between. On Windows, there are a hundred different in-between accounts, and users can actually log on as Administrator for day-to-day activities. Even more so, on Linux when you request higher privileges
su -
You can then proceed and do whatever you like. On Windows, it’s a per-task deal. Both are secure, but, believe it or not, Windows is more secure - from that aspect anyway.
I heard something similar on windows XP, don't know why its still not working...
Edited 2006-09-22 06:19