Linked by Neeraj Singh on Mon 23rd Apr 2007 19:02 UTC
Windows If you shout something loud enough and many people are saying it, does it become true? Some groups of people (include tech journalists and Linux advocates, such as Steven J. Vaughn-Nichols) have a psychological need to find Vista lacking. Mr. V-N has predicted that Vista will have all manner of problems, so his clear interest is to point out everything that is wrong with the OS. Who cares if he has to even make some stuff up?
Thread beginning with comment 233236
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Security
by PlatformAgnostic on Mon 23rd Apr 2007 22:44 UTC in reply to "Security"
PlatformAgnostic
Member since:
2006-01-02

Where's the kernel insecurity? The security problems with the NT line of Windows has most often been in the defaults rather than in the mechanisms. Running everyone as admin is convenient from the usability point of view, but not great for security. When used, the Windows ACL mechanism and security design works quite well.

We're going through the painful time now of fixing that. But your overall characterization of me is fairly accurate. I really am not a high-security person and don't truly believe in protecting my computer from actions I willingly engage in. I avoid crappy programs that do things in my name that I do not wish done, and that's all the security I desire for myself. I understand that there needs to be a separation between administrator and luser in most other scenarios.

Could you explain why you're misspelling my nick? I find that to detract from your argument.

Reply Parent Score: 2

RE[2]: Security
by Sophotect on Mon 23rd Apr 2007 23:11 in reply to "RE: Security"
Sophotect Member since:
2006-04-26

About usability and security...
Does it by now have an option to make File Streams / Alternate Data Streams visible in Explorer? Without having to resort to crude ways like enabling file auditing and viewing them in some log or opening the CLI? I mean, this is an essential feature, there since almost eons. Can i access this feature easily with the most visible tools? Can i?

Edited 2007-04-23 23:20

Reply Parent Score: 1

RE[3]: Security
by PlatformAgnostic on Tue 24th Apr 2007 00:23 in reply to "RE[2]: Security"
PlatformAgnostic Member since:
2006-01-02

What's your fear with alternate data streams? I may be wrong, but I don't think the OS loader takes executable code from there, so viruses can hide out, but won't be automatically executed from an ADS on most user actions.

If you're worried about people violating quotas or performing DOS with ADSes, I can see what you're saying. This is an interesting attack, and I'm not sure what the answer to it is. On the other hand, I don't see how any malicious hacker can make money off of doing this, so the threat isn't too bad.

Reply Parent Score: 2

RE[2]: Security
by Sabon on Mon 23rd Apr 2007 23:49 in reply to "RE: Security"
Sabon Member since:
2005-07-06

I didn't purposely misspell your nick. My fault. I typed it once then copied it without realizing I had misspelled it.

Security problems are actually with both but more with the latter. Despite what they will tell you there is still a lot of security work to be done. They won't truly get really far though until they build a secure OS from the ground up.

Just like a parent that is supposed to set limits and protect their children. OS venders need to make sure to put in limits of what general users can do to themselves.

Too many people I support at work do not realize that what they do can cause someone to gain rights to their financial data on their computer. It's not that they are stupid but they assume that Microsoft would leave them vulnerable. I have to explain to them that MS does by making it too easy to say yes to hazardous websites, downloads, and attachments in e-mails.

To protect them we have several servers that constantly check all of these things, causing a slight delay in the user's access of all of them, and blocking things that are questionable. We even block zip files or any kind of file that can't be easily scanned. A message is put in their e-mail stating the attachment has been blocked and why. Same with websites.

We shouldn't have to go to this expense. The security should be built in the desktop OS to begin with.

Edited 2007-04-24 00:05

Reply Parent Score: 1

RE[3]: Security
by PlatformAgnostic on Tue 24th Apr 2007 00:31 in reply to "RE[2]: Security"
PlatformAgnostic Member since:
2006-01-02

NT is a reasonably secure OS. Starting from scratch at this point really helps no one. You lose compatibility and have to go through the iterative security testing process all over again. Even the "secure-from-the-ground-up" UNIX had to go through the trial by fire until it has reached its current status as a secure OS.

At work, could you use "Software Restriction Policies" to only allow the people you support to run supported applications? If they can't execute anything that they don't need for their job, then you wouldn't have to worry so much about them getting taken over by questionable stuff.

Link here:
http://www.microsoft.com/technet/security/prodtech/windowsxp/secwin...

Reply Parent Score: 3