Linked by Thom Holwerda on Wed 31st Mar 2010 14:41 UTC
Windows As geeks, we're well aware of the importance of running as a normal user instead of as root (UNIX/Linux/BSD) or administrator (Windows). However, while this should be common knowledge to anyone reading OSNews, it's often hard to illustrate just how important it is - until now, that is. A report by BeyondTrust looked at how many security bulletins issused by Microsoft are mitigated by simply... Not running as administrator.
Thread beginning with comment 416399
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: Not entirely...
by TemporalBeing on Thu 1st Apr 2010 13:04 UTC in reply to "RE[3]: Not entirely..."
Member since:

"[q]Honestly, most Linux distro's enact the first user as the 'root' user too. I am not aware of any such distro. I don't use that many distros though, but atleast the one I use a lot, Mandriva, does NOT enact the first user as root. No, you always have to enter root password separately if you wish to install applications or do other similar system administration tasks, just as it should be. Could you now then elaborate which distros actually do enact the first user as root?
Being the OP... Distro installers always ask you to enact a password for root. That is the first user enacted during the installation. After that, you can then add a normal user to use. "

In most distros, one MUST add normal users to use. [/q]

Yes. And Microsoft should force the same on Windows.

The root account is there, but it is not noramlly used. Indeed, many Linux distributions login manager will not allow root to login.

That's really not as much a distro limitation as it is that root doesn't usually have permission to run X-Windows (Xorg/etc). If you want to login as root directly, go to the console login.

Users must first login as normal users with limited priveleges, and most of the time run applications as that noraml user. Only when a system administrative change is required would one run someting as root, and the user must supply the root password to become root in order to accomplish such tasks.

On Linux, users do NOT nromally run as root.

Agreed; and Microsoft should force the same on Windows; and remove the ability to add anyone to the Admin group, and change the meaning of the 'Domain Administrators' (which typically carries all privileges of the Admin group on a local system).

With Vista and Win7, they have made a step in the right direction, but they still have a long, long ways to go.

Reply Parent Score: 2