Linked by Thom Holwerda on Thu 5th Mar 2009 13:27 UTC
Windows For Windows 7, Microsoft has made some changes to User Account Control to counter the criticism that UAC was too intrusive. It didn't take long before several holes were poked in Windows 7's default UAC settings, and now one is left to wonder: is it wise to sacrifice security for (perceived?) usability? Ars has an editorial that deals with this question.
E-mail Print r 8   · Read More · 93 Comment(s)
Thread beginning with comment 351867
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Comment by hraq
by Thom_Holwerda on Thu 5th Mar 2009 20:02 UTC in reply to "Comment by hraq"
Thom_Holwerda
Member since:
2005-06-29

Said who? Is he a kernel developer? No. Is he a multiplatfrom kernel developer or designer? No

How could he claim that?


Windows NT has all the security features UNIX/Linux has - with the added functionality of ACLs. ACLs are way more advanced than anything UNIX/Linux had, but as google_ninja already pointed out a few comments upward, you could easily argue that while UNIX/Linux might have a simpler approach to security, that could still, in the end, be the better option for home users.

ACLs are a tad bit, well, complicated, you see, while UNIX security is pretty straightforward.

Reply Parent Score: 2

RE[2]: Comment by hraq
by Adam S on Thu 5th Mar 2009 20:40 in reply to "RE: Comment by hraq"
Adam S Member since:
2005-04-01

I'm confused. The standard file permissions on UNIX (e.g. 755) are an ACL. Extended ACL bits, like the mask, are also available. Furthermore, SELinux gives you even more granular MAC (mandatory access control) policies.

So how can you say Linux/Unix doesn't have access control?

Reply Parent Score: 1

RE[3]: Comment by hraq
by Morph on Thu 5th Mar 2009 21:11 in reply to "RE[2]: Comment by hraq"
Morph Member since:
2007-08-20

Call unix's 9 rwxrwxwx bits an `ACL' if you like, but it's a very short and limited one - compared to NT ACLs. In NT you can specify a permission like 'User Alice is allowed to append to this file, but not truncate it. Bob is allowed to create subfolders in this dir, but not new files.' Also permissions can be inherited from a folder to its subfolders & files. You can't do those things with old 9 bit unix permissions.

Linux & other OSs do have better ACLs *now*, but they didn't in 1990 when NT was developed. One might wonder how much they copied from NT's ACL design? ;)

Edited 2009-03-05 21:12 UTC

Reply Parent Score: 3

RE[2]: Comment by hraq
by mrhasbean on Thu 5th Mar 2009 23:37 in reply to "RE: Comment by hraq"
mrhasbean Member since:
2006-04-03

Windows NT has all the security features UNIX/Linux has - with the added functionality of ACLs.


OSX has ACLs, OSX is a *nix...

Reply Parent Score: 1

RE[3]: Comment by hraq
by Thom_Holwerda on Thu 5th Mar 2009 23:39 in reply to "RE[2]: Comment by hraq"
Thom_Holwerda Member since:
2005-06-29

OSX has ACLs, OSX is a *nix...


Try to keep up. The article clearly states I'm talking about the time of NT's inception. Mac OS X didn't even exist back then.

Edited 2009-03-05 23:39 UTC

Reply Parent Score: 2

RE[2]: Comment by hraq
by lemur2 on Fri 6th Mar 2009 00:39 in reply to "RE: Comment by hraq"
lemur2 Member since:
2007-02-17

"Said who? Is he a kernel developer? No. Is he a multiplatfrom kernel developer or designer? No How could he claim that?
Windows NT has all the security features UNIX/Linux has - with the added functionality of ACLs. ACLs are way more advanced than anything UNIX/Linux had, but as google_ninja already pointed out a few comments upward, you could easily argue that while UNIX/Linux might have a simpler approach to security, that could still, in the end, be the better option for home users. ACLs are a tad bit, well, complicated, you see, while UNIX security is pretty straightforward. "

Precisely so.

Since NT was written, however, there have been a number of security-enhanced versions of Linux implemented.

http://en.wikipedia.org/wiki/Selinux
"In free community supported Linux distributions, SELinux is supported in Debian as of the etch release, Ubuntu as of 8.04 Hardy Heron, Fedora since version 2, Hardened Gentoo, and Yellow Dog Linux."

I believe it is supported, but not the default, except in RedHat/Fedora.

There is also AppArmor.
http://en.wikipedia.org/wiki/AppArmor
"AppArmor was first used in Immunix Linux 1998-2003. AppArmor was first made available in SUSE and openSUSE, and was first enabled by default in SUSE Linux Enterprise Server 10 and in openSUSE 10.1. AppArmor was first successfully ported/packaged for Ubuntu in April 2007. AppArmor comes installed default in Ubuntu 7.10 Gutsy Gibbon, and came as a part of the release of Ubuntu 8.04, although it only protects CUPS by default, the user can install new profiles and enforce them."

I think Ubuntu are proceeding along the "AppArmor by default" route:
https://blueprints.launchpad.net/ubuntu/+spec/jaunty-security-defaul...

There is not much point, however, in providing systems like NT's ACLs, SELinux or AppArmor if they aren't applied sensibly.

PS: AppArmor first appeared in Immunix Linux 1998-2003. When exactly was NT written? Sometime aroud the same timeframe, wasn't it?

http://en.wikipedia.org/wiki/Nt_kernel

Edited 2009-03-06 00:49 UTC

Reply Parent Score: 2

RE[3]: Comment by hraq
by Thom_Holwerda on Fri 6th Mar 2009 00:54 in reply to "RE[2]: Comment by hraq"
Thom_Holwerda Member since:
2005-06-29

PS: AppArmor first appeared in Immunix Linux 1998-2003. When exactly was NT written? Sometime aroud the same timeframe, wasn't it?


Haha, no. NT development started in 1989, and the first version was released in 1993.

Reply Parent Score: 2

RE[3]: Comment by hraq
by PlatformAgnostic on Fri 6th Mar 2009 12:32 in reply to "RE[2]: Comment by hraq"
PlatformAgnostic Member since:
2006-01-02

Just as a note, the developer of AppArmor works at Microsoft as part of the Windows Security group.

Reply Parent Score: 3

Milo_Hoffman Member since:
2005-07-06

FYI... we have a little PEE CEE user revisionist history going on here.

The commercial Unixes (AIX, Solaris,HPUX, IRIX etc) had ACLS before WindowsNT(er OS/2 v3) was a spooge in someones pants at IBM.


And frankly the Unix guys learned what the Windows guys have apparently not learned yet.


FRANKLY ACL'S SUCK.



WHY?

When was the last time you saw a normal user play with the ACL's on a bunch of files in a directory?


I don't know about you but for me the answer is ...I HAVE NEVER seen it happen working in enterprise IT that even a windows admin let alone a normal user ever TOUCHES ACL's. The only people that even try are those that setup the builds/installs, and those that manage NAS storage or something.



Contrast that to UNIX, easy to use permissions system, were just about everyone who reaches something between newbie<>poweruser status has totally mastered, understands and USES file permissions correctly.







Put a combination lock that takes 1000 different codes to lock, and unlock on your door, and no one in the house will bother to lock it when they leave.


Put a lock with one key, and it will probably be locked every time.




Bragging about ACL's just makes you look stupid, because anyone with real world enterprise IT experience knows they are worse than useless in real life and end up being less secure due to complexity.

Reply Parent Score: 1

PlatformAgnostic Member since:
2006-01-02

Okay Milo,

How do I solve this very simple problem that I encountered in real life with UNIX security?

I've got a set of data files for an engineering project in my home directory of a Linux file server. I want to share it with my colleague but with no one else. I am not root on the server and I have no friggin' clue who actually is. How do I make it so that we can both see the file even though we are not exclusive members of any group on the system?

On an Discretionary ACL-based system like NT, as the creator of the file, I have the right to grant my friends access to it on an individual basis without giving access to other people.

Btw, ACL support was added to Solaris in 1996, to AIX in about the same timeframe, and to Linux in 2002 (!). POSIX ACL standardization did not begin until ~1995 or so and many systems did not implement ACLs until that standard was beginning.

Unix security is really not that interesting until SELinux or AppArmor. It's just that people only use Unix for a narrow set of tasks (or a narrow type of user) so they think it's good because it meets those needs fairly well. Even then, how many of those users actually have adapted their needs because of the limitations of the UGO nonsense and only think they are satisfied due to their scaled-back desires?

Reply Parent Score: 3

RE[2]: Comment by hraq
by kaiwai on Sat 7th Mar 2009 01:57 in reply to "RE: Comment by hraq"
kaiwai Member since:
2005-07-06

Said who? Is he a kernel developer? No. Is he a multiplatfrom kernel developer or designer? No

How could he claim that?


Windows NT has all the security features UNIX/Linux has - with the added functionality of ACLs. ACLs are way more advanced than anything UNIX/Linux had, but as google_ninja already pointed out a few comments upward, you could easily argue that while UNIX/Linux might have a simpler approach to security, that could still, in the end, be the better option for home users.

ACLs are a tad bit, well, complicated, you see, while UNIX security is pretty straightforward.


Complexity can be, in itself, a security vulnerability just as over the top ease of use and automation can result in complacency, lack of quality feedback and security problems resulting from services running (and the admin doesn't know about them).

I question how much features many enterprises use because I've seen numerous cases where people have praised Active Directory but very rarely used many if not any of the advanced features in it. Same situation with ACL's, praised to the high ceilings but when the rubber hits the road, how many use them and out of those, how many of those who do use them use them because they have to. Again, complexity can be a security flaw too.

Edited 2009-03-07 01:59 UTC

Reply Parent Score: 2