Linked by Thom Holwerda on Thu 5th Mar 2009 13:27 UTC
Windows For Windows 7, Microsoft has made some changes to User Account Control to counter the criticism that UAC was too intrusive. It didn't take long before several holes were poked in Windows 7's default UAC settings, and now one is left to wonder: is it wise to sacrifice security for (perceived?) usability? Ars has an editorial that deals with this question.
Thread beginning with comment 351827
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Security OR usability?
by Bill Shooter of Bul on Thu 5th Mar 2009 15:56 UTC in reply to "Security OR usability?"
Bill Shooter of Bul
Member since:
2006-07-14

I mean, the UNIX-style rights management has had no major changes since UNIX was born. And it is both secure AND usable.


Usable: Yes
Secure: Sorta. The NSA didn't think it was good enough. Hence SELinux.

Also, putting a virtual machine underneath XP or vista wont make XP or vista more secure. Don't really understand how it could. A Trojan on the virtual machine you store your data on, is still a Trojan that has access to your data.

Reply Parent Score: 2

RE[2]: Security OR usability?
by gustl on Mon 9th Mar 2009 15:24 in reply to "RE: Security OR usability?"
gustl Member since:
2006-01-19

" I mean, the UNIX-style rights management has had no major changes since UNIX was born. And it is both secure AND usable.


Usable: Yes
Secure: Sorta. The NSA didn't think it was good enough. Hence SELinux.

Also, putting a virtual machine underneath XP or vista wont make XP or vista more secure. Don't really understand how it could. A Trojan on the virtual machine you store your data on, is still a Trojan that has access to your data.
"

Well, even without SELinux you have to find a privilege escalation hole to get the machine under full control, which is one severe step more than what is required for the usual Windows desktop machine. With SELinux it is even harder.

And yes, you are right, putting XP or Vista into a VM cannot help right NOW, but in a few years time, when nobody needs this "backwards to ancient"-compatibility any more, the system THEN will be in a better state.
If Microsoft stays with current policies, they will have the same bad situation again and again and again.

Reply Parent Score: 2