Not too long ago, we ran a story informing you of how the auto-elevation feature in Windows 7 is broken in a way that allows malicious programs to silently gain administrative privileges. We wondered if Microsoft was ever going to fix this one before Windows 7 goes final, and even though we're not there yet, a recent article by Mark Russinovich seems to imply pretty strongly that no, Microsoft is not going to fix this.
To read all comments associated with this story, please click here.
Member since:2009-05-20
Quite the contrary.
Often additional complexity implies insecurity.
I find it somewhat funny that MS is still "the laughing stock of security" among the general public, whereas Vista was actually well received in the infosec-community.
When it comes to security, I am equally skeptical about your typical Ubuntu and Windows. And yes, I have actually audited open source code. Not so different, really, except that the dumbest users are using Windows. But even this may change.
Member since:2007-01-24
I use linux but not Ubuntu nor sudo. I prefer the "Red hat way" of use su - to become root and do the administrative things.
The plague of today's operating systems is to treat users as stupid and not capable of learning some basic things to operate the OS. Before, in CLI times, the user should learn some commands before use the system. Even to drive a car it is necessary take some lessons; why not computers which are much more complex and flexible ?
Edited 2009-06-11 15:56 UTC
Member since:
2007-01-24
It is the Microsoft way of security...
This is also the reason why ignorant and/or lazy users prefer windows. Security implies additional complexity and work and "normal" users don't care about good practices of security.
Microsoft is locked by the legacy of insecurity applications and it will never will change this to not loose its clients.
Because of this I use linux on all my computers and, when I need to run some windows application, I use a virtualized windows on vmware or virtualbox. If it becomes infected by malware it is only need the restore one file (the virtualized C: drive) to reinstall the system.
Edited 2009-06-11 15:12 UTC