Linked by Amjith Ramanujam on Fri 8th Aug 2008 13:14 UTC
Windows This week at the Black Hat Security Conference two security researchers will discuss their findings which could completely bring Windows Vista to its knees. According to Dino Dai Zovi, a popular security researcher, "the genius of this is that it's completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over."
Thread beginning with comment 326256
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Bottom Line
by apoclypse on Fri 8th Aug 2008 19:28 UTC in reply to "RE[2]: Bottom Line"
apoclypse
Member since:
2007-02-17

Users aren't just running as administrator out of habit; many programs just won't run correctly otherwise.

We usually run Linux on occasion, but once in a rare while I'll boot up Windows to do something or other. For example, my daughter was given a game for her birthday, so I booted up Windows to try it out. Turns out that I had to make my six-year-old girl an administrator if she wanted to play the game!

So while the architects did a good job on the core system, common practices force users to turn off the security.



Well installing anything, even a game should require an admin account. There are dll files that get installed sometimes and sometimes changes to the registry. The same applies to most Linux and OSX apps. The issue I see with windows is when Ix install an app and log in as a non-admin user and get all these errors when I log in about not having permission to run my apps because they need admin rights. There shouldn't be any apps requiring admin rights unless they are making system wide changes.

Reply Parent Score: 4

RE[4]: Bottom Line
by ari-free on Fri 8th Aug 2008 20:36 in reply to "RE[3]: Bottom Line"
ari-free Member since:
2007-01-22

people are always installing and trying out new software. They won't like to switch in and out of admin, even if everything works in limited user mode. So take the sudo approach and enter your password every time you want to change the system.

Reply Parent Score: 3