Linked by Thom Holwerda on Thu 5th Mar 2009 13:27 UTC
Windows For Windows 7, Microsoft has made some changes to User Account Control to counter the criticism that UAC was too intrusive. It didn't take long before several holes were poked in Windows 7's default UAC settings, and now one is left to wonder: is it wise to sacrifice security for (perceived?) usability? Ars has an editorial that deals with this question.
Thread beginning with comment 351890
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Security OR usability?
by google_ninja on Thu 5th Mar 2009 22:04 UTC in reply to "RE[2]: Security OR usability?"
Member since:

You can't just talk about UNIX security as a generality. Most of modern UNIX operating systems have ways to deal with containing the all mighty root. The BSDs have TrustedBSD (MAC), Secure Levels and Jails. Linux has SELinux (MAC), UML, and chroot(). Solaris has Zones and MAC. All of these also support POSIX ACLs. In the case of Solaris, it also support NFSv4 style ACLs which are very similar to NT ACLs. FreeBSD should also get this in the near future.

The original poster wasn't talking about that though, he was talking about the whole user/group/other thing compared to the NT ACLs.

Even though NT doesn't have the concept of a super-user, for all practical intents, if an admin account is compromised, you're still hosed because the ACLs pretty much give admins carte blanche access anyway.

Granted, which is why absolutely nothing should ever be run as an admin user on an NT system. You have very fine grained controls, so you should make least priviledged users to run your services under.

NT style ACLs are also really easy to get wrong (most permissive access rather than least permissive access), and its non-trivial to verify that any particular entity has the access that you think they do.

I actually mentioned that in my origional post. The verification got alot better with vista, because you now have an "Effective Permissions" tab that tells you what it ends up evaluating to for a given user. What is still missing though is why it evaluated to that, which can be a real pain to track down, even with the effective permissions tab.

Reply Parent Score: 2