?

Log in

No account? Create an account

LUA part 4 (of 5): Changes in Windows Vista/7 - John C. Kirk — LiveJournal

Jan. 19th, 2010

03:39 am - LUA part 4 (of 5): Changes in Windows Vista/7

Previous Entry Share Next Entry

Comments:

[User Picture]
From:johnckirk
Date:January 19th, 2010 03:03 pm (UTC)
(Link)
I haven't used sudo, but it does sound like a fairly similar concept. There's a blog post here which discusses some implementation differences; the main issue seems to be that in Unix you can authorise a program once and then always run it as root, whereas in Windows you have to authorise it every time. Does that match your experience in Mac OS X?
(Reply) (Parent) (Thread)
[User Picture]
From:gaspodog
Date:January 19th, 2010 03:34 pm (UTC)
(Link)
Whenever I run commands (programs) which modify files outside the areas my default account can access, I have to use sudo to acquire the required privileges if on the commandline, or I will be prompted for my password if in the GUI. You can set things up deliberately so that they always run at a different user level, but I've never done this. This is broadly the same on Mac OS X and Ubuntu.

Some software will install components which run as root (or with higher levels of access) - but you get what you deserve if you install that sort of thing without thinking about where you've got it from and whether you trust the source.

On Ubuntu, 99% of the software I use comes from the Ubuntu software repositories, which I generally regard as a trusted source. Quite a few pieces of software will install components which require different user access from my own account. Some achieve this by having components run as root by various system scripts, others set up their own user accounts with the required access on installation and use that. Community vetting would quickly detect if anything from the official repositories was suspect.

I'm not quite sure the article you link to knows what it's talking about regarding the UNIX/Linux etc. side of things. There are problems with sudo, but to say that we've been 'plagued' by them is a bit over the top. It seems to conclude that the sudo approach wouldn't work with Windows because of the history of security on the Windows platform, not through any inherent problem with sudo (which is itself eminently configurable and can be set up in a variety of ways).

The Symantec article linked to basically seems to assert that sudo is a security hole because sometimes users are silly and run code they shouldn't. With all the will in the world, if an uneducated user has access to root privileges through any means then they have the capability to run malware and damage the system. The only way to protect them from this is to give them no access to such privileges and limit what they can do.

I personally think there's a lot more value in choosing a scheme, sticking to it, and then pushing for user education wherever possible.

Note: referring to UNIX as a whole is problematic, because whilst certified UNIX systems (which includes Mac OS X) and UNIX-like systems (like Linux) have a lot in common in the way they do things, they also do quite a few things differently. There are various choices for implementing LUA stuff, and different distros and OSes vary widely.
(Reply) (Parent) (Thread)
[User Picture]
From:shuripentu
Date:January 19th, 2010 06:23 pm (UTC)
(Link)
I'm not quite sure the article you link to knows what it's talking about regarding the UNIX/Linux etc. side of things. There are problems with sudo, but to say that we've been 'plagued' by them is a bit over the top.


I may be incredibly oblivious by nature, but if there was a plague, you'd think I'd have noticed it sometime in the last 10 years...

And yes, if a user has (potential) administrative privileges and is ignorant, then absolutely nothing can protect them from hosing their computer, and possibly their finances. User education is IMO much more important and effective than putting up security barriers, especially ones that said user can take down when they like.

I've had a look at the Vista UAC prompt, and I honestly don't think it does anything for user education. It says the user needs to give permission for a process to continue, and asks the user if they started that process. It says nothing about the most important aspect, which is that this process wants administrative-level privileges, which would allow it to modify system files and settings, and is the user certain that they want to allow this process to do so? This seems obvious to us, but we already know about and understand root privileges; the real audience are the users who are in the dark, and as it stands, they remain in the dark.
(Reply) (Parent) (Thread)
[User Picture]
From:susannahf
Date:January 19th, 2010 07:29 pm (UTC)
(Link)
User education is IMO much more important and effective than putting up security barriers, especially ones that said user can take down when they like.

YES. This is *exactly* exactly my point. Having set up my parents' new Win7 machine, I have to say, I like UAC. It makes windows more secure, more sudo-like. Which is Good. BUT, it doesn't in any way replace or reduce the need for user education. If anything, it increases it, since now you get scary boxes saying "jucheck.exe wants to run, should I let it?" WTF! (turns out that's java update - good explanation there guys!)

Given the choice, I would choose user education over software controls any day. Because an idiot user will disable the software controls, but a small amount of understanding goes a very long way - and yes I am referring to supporting non-techies. I tech-support for my parents and grandparents, who range from competent but not confident to positively luddite. And yet they can all understand and apply basic security rules if explained in a sensible manner (two of which are "if in doubt, don't click it. If frightened, turn the computer off, at the mains if necessary.")
(Reply) (Parent) (Thread)