I was just reading about the Network Access Protection feature that'll be built into Vista (August 2006 IT Pro magazine) and couldn't help but feeling that this was the final nail in the PC's coffin.

I've personally always tried to make a clear distinction between a personal desktop computer and a corporate workstation, but that line seems fuzzy to others including, apparently, Microsoft. Well, I think they've got it all backwards.

A personal computer operating system should operate under the assumption of maximum user privilege or, conversely, least privilege for the networks you attach to. No network admin has the right to restrict what I can do on my own computer, regardless of whether I'm connected to their network or not. They can enforce whatever policies they want on their own corporate workstations but this is my PERSONAL COMPUTER.

Got that straight? Good!

So I'm left to conclude that Windows Vista is NOT a personal computer operating system. It's suitable only for corporate workstations. In short, the "new" Microsoft thinks corporations can be trusted but not individuals. That's the exact opposite of what the PC revolution was all about.


P.S. The Summer 2006 edition of 2600 magazine has an excellent article on how to prevent GPOs (Group Policy Objects) from infecting your personal computer when you connect to a foreign network. Of course, if you run Linux as your desktop OS then you have nothing to worry about.

Last I checked, one the the security staples on linux is that by default you start with a limited user account only(seldomly) use root for software setup.

Your rights end where their network begins. They might feel inclined to not let you access their root with "your own computer". They might feel inclined to not let you run viruses while you're attached to THEIR network.

Nope. Now if you're talking about GPOs affecting local policies on your computer, all you have to do is NOT join a corporate network.
If I understand correctly, GPOs are to prevent you from going places you should'nt be. And also to set local policies on multiple computers at once without individual reconfiguration. Again, none of this is an issue UNLESS you are JOINING a corporate network. Its not like visiting www.google.com is going to change access restrictions on your computer.

Technically neither was linux to begin with.

In retrospect, Windows 98 was very trusting of users. Look where it got them. Thousands upon thousands of viruses and break-ins. It s appears to me, Microsoft is trying to make up for lost times and finally implement a semi-decent security system. Only they have to go the facist way about it and enabled remote administrative control by default on corporate networks.

You might say the difference is the conscious choice of the user. But since the user is'nt consious anyway...
the difference between local or remote programs deciding access policies is nill.

Windows has been limiting whats users can do with their computer since the dawn of their existance. Only now its being applied to security. Its not a surprise really.


Either way, gone are the times, where the computer trusts the user.

More related news:

"Microsoft shutters Windows private folders"
http://news.com.com/Microsoft+shutte...3-6094481.html

"Following an outcry from corporate customers, Microsoft is removing an add-on feature to Windows that allowed users to create password-protected folders."

And in reply to stantoflight: Last time I checked, connecting to a network did not automatically give that network's admins root access to my Linux computer. And secondly, you are also mistaken in believing GPOs only apply to computers participating in an AD domain. I could go on, but don't really feel like educating you this morning...

Maybe. But surely you can see the positives here?

Look at it from the eyes of a network administrator protecting his network.
I guess this is the new world order. If you wanna connect to our network, you have to play by our rules. It seems fair to me.
Yeah. They tried trusting individuals and look at how far it got 'em...
Well, you can always go back to DOS:

www.freedos.org

Their 1.0 release is imminent! Your PC will be yours again!
Does this work under XP as well?
We knew that!

>> "Their 1.0 release is imminent! Your PC will be yours again!"

let personal computer personal again ... abeit in a genuine personal way ...


.