I have the home version, hence the issue. And I see this as a bug because it happens randomly (I can't link this behaviour to any change in user settings.)

While I agree XP may be a little bit outdated security-wise , I still find Windows file permissions implementation really weird (again IMHO.)

Yes, but most Windows users don't see UAC for what it is. They view it as an annoyance, and most of them scramble to turn it off immediately. Just Google "windows UAC annoyance" and see how many results you get... or... simply ask anyone who works in IT and uses Windows 7 if they have UAC switched off on their home computers.

Furthermore, pretty much any software program written for Windows requires Admin-level access just to be installed. Under Linux, I have several programs installed within my user account. Why don't Microsoft set up Windows that way? Why does every single little game or utility need to be installed system-wide? This indicates to me that Microsoft still don't truly understand the importance of separating user space from system space. Popping up a message which asks "Are you sure?" doesn't cut it.

The user should be able to do anything within their own space, including things like running customised mouse settings or specific monitor DPI settings. Windows does not allow this. Linux does.
NT has been around for almost as long as Linux. Comparing the two is perfectly fair.

Typical statements from someone who really doesn't know that much about Windows, at least the current versions. Windows can be locked down tight as a drum if you want. Just because most people don't have the discipline to use it properly or securely is not an indictment of the security model. And as far as a default Linux install, it can be crashed and burned very easily by either a neophyte or someone determined to do so. I've seen single clicks on the wrong thing stop a system dead.

I admit that I don't use/know last version of Windows that much and that my judgement may be biased. But you can't deny the original design differences. And I've never heard of botnets 'typically' running on millions of infected Linux machines, just because of users' lack of discipline. (OK, for a fair comparaison, I should scale down that number to thousands or so.)

Yeah, as root you can totally wipe out your hard drive in no time. No really big news here. (And I also happened to ruin one of my first Linux installs... )

Why isn't it that way by default?

If they were serious (and let's face it - they're not - it would kill the AV industry), they would really separate system space from user space.

When someone wants to install a piece of software, it should install to their user account by default. This is not the current behaviour in Windows. Why not?
Absolutely. I've seen it with my own two eyes.

What I've also very recently seen is our "fully locked down" office Windows network taken down by a 5 year old worm (conficker) which somehow "slipped past" our enterprise-wide installation of Symantec AV... The IT dept were here all weekend fixing it.

So if users disable a security system it is somehow the fault of the system? Google for "running <insert distro name here> as root" or something similar and you will get a large number of hits, but that says nothing about the Linux security.

Most applications use installers that are not written by Microsoft, you can hardly blame Microsoft for that. Also, most installers let you choose the directory to install in, so if you just give it a path in your user's directory you will be fine and achieve exactly what you want. In fact, at this point the Windows system with installers is more flexible than package managers like APT or RPM.

I haven't tried different DPI settings, but there is absolutely no problem in using custom mouse settings.

No, it is not. The current version of the NT tree are Windows 8/Windows Server 2012. You wouldn't find it fair to compare Windows 8 with Slackware 3 either, wouldn't you?

As stated above, this also isn't the current behavior on Linux. In this point the package management systems used on Linux are unflexible, the installers of Windows software with the ability to choose an installation-path are more flexible.

All known versions of Conficker use the security hole known as MS08-067 (patched for years), a dictionary attack on the ADMIN$ share (weak passwords) or the Autorun mechanism for removable drives (should be disabled on important systems). This is more an indicator for mistakes from IT team than for a security mechanism in an OS.

1 members found this post helpful.

And for every post on any internet forum about this, there will be at least 3 posts lambasting the person asking the question. This is universally hated by the Linux community.

Compare this to Windows-land, where the top IT journals write about how to disable UAC. Even Microsoft's own knowledge base has articles explaining how to do it.
Clearly, I was referring to unpackaged software. Yes if you use the system's package manager, it always installs things system-wide.

The thing is, you don't have to use the system's package manager to install extra things. And why would you do that if you wanted something installed to your user account anyway?
Yes, as long as you provide UAC with the Admin password because this is not a per-user setting in Windows.
No, it wouldn't be fair on Windows 8...
It's funny. Every installer I've used has always caused UAC to pop up. Why is that?
Did I mention that our desktops are running Windows 7 locked down as tightly as possible? Patches and updates are pushed out regularly by our IT guys.

As an aside: Have you tried getting Linux to boot via BCD on a UEFI box yet?

As I stated, it is no problem at all to install software on Windows to your user's directory and it is not Microsoft that is writing those installers or, in case an installer uses MSI, writes the settings for the install-script.

And here it gets funny. I couldn't remember that I had to confirm the UAC when changing mouse settings, so I just tried it. Neither changing mouse settings nor setting up a different DPI invoked the UAC here.

This can have different reasons. For example when the installer tries to write to the systemwide part of the start-menu, which a properly written installer asks you (usually they ask exactly that, if you want to install for every user or only for your user).

In that case Conficker shouldn't be able to infect the systems.

I didn't had time and mood for this yet, there may be another 1-2 months until I can try that.

Exactly right... but it did anyway. It certainly had the IT dept confounded for a few days. They still don't know how it happened.

So it is just as insecure as VMS was...

"I only need one privilege... so give me "setpriv".

And that IS equivalent to root.

In linux, doing "su root" or using sudo, doesn't give you all the privileges of root - it only sets the effective UID to root. It does give you the ability to access any file (by default - not true with certain SELinux configurations). To get full root requires doing "su - root" (which sets both the effective UID and real UID to root). The advantage sudo has is that even then, you can be limited in what you can execute and the ability group users into roles, thus a more graduated access to the root account.

There are systems that don't have su (easy peasy - just delete it, but be sure sudo is installed and working as needed).

The problem with using bitmaps to represent privileges is identifying the privilege... By the time you get them all listed, your bitmap has several thousand entries... And somebody will always come up with more. As I recall, VMS was limited to two groups of 32, simply because of the time it takes to test bits, and that was too small. Linux is limited to 32, and that is way too small. Many privileges had to be combined to make things fit. That limitation makes it hard to delegate (same problem in windows) and causes security issues because of the overlaps. Just look at CAP_SYS_ADMIN for one example of an overloaded capability. (ref: http://man7.org/linux/man-pages/man7...ilities.7.html)

When capabilities were implemented I send in suggestions that there should be multiple extensions to the kernel capabilities - the base for kernel protection, then a set for system protections, then a set for site definition. But that got turned down - one of the problems with it is the amount of data needed for each inode... And the presumption that ACLs on inodes would handle that - unfortunately, they don't and they are slow to process.

It's not that way by default, because hundreds of millions of users actually have to use it, and want to do so without learning whole new paradigms or generating millions of new support calls. The vast majority of Windows systems are essentially one-user systems where complex security would be viewed as both a barrier and an annoyance. That's just the reality of how it is. Computers and operating systems are too complex for the average person to want to delve into security mechanics, they just want to get on Facebook, or surf, or play their game, or whatever. I'm not defending that behavior, it's just a market reality that Microsoft has to deal with, or risk alienating a large user base. One could as easily get on the public's case about how they don't maintain their cars, change their oil like they should, lock their doors, etc. There is always going to be a lowest common denominator that won't do it for whatever reason. In the Linux world, which is much smaller and more specialized, and where the typical user is much more aware of security issues and much more inclined to get "under the hood", good practice comes more easily.

One can well ask why they don't separate system space and user space. Actually, they do, in a lot of ways, but the short answer is that since most systems are essentially single user, doing so would not really fundamentally alter the consequences of something like a virus infection or security breach. If the files in the user's space are trashed, the system itself might continue to function, but the computer would still need to be repaired or the system reinstalled. I agree this is probably a cop-out on Microsoft's part, but from a business standpoint, there is no compelling reason to re-architect the system...though I think they will take more steps in that direction. Current versions of Windows are pretty secure, if people would just use common sense and not download and run untrusted software. The exact same problems have presented themselves on Macs, which in theory have better separation of system and user space. Since Linux is really not a target, the amount of untrusted potential malware even available to download is vastly smaller to start with, if it exists at all.

I can't speak to the situation at your company, since I don't know what's going on there. What it boils down to is that somebody probably didn't do their job. We tend to blame systems and machines that can't think or act proactively for our own omissions, more often than not, it's easier than just admitting a mistake. That being said, I've seen lots of companies running security and antivirus solutions that are either misconfigured or hopelessly out of date. That last place I did any real server work at was running a Dell Windows SBS server with an antivirus program that had never been updated since they bought it. I explained that they needed to buy an updated subscription, and that it would cost about $1400, they didn't seem the least bit interested. It's hard to counter that kind of indifference. Admittedly, this was a place where the owner bought a stack of Windows XP HOME editions to use on his Windows domain (Home can't connect to a domain, for those that don't know) on the information he got from "a guy who knows computers" that said they could be "hacked" so they would work....so I'm sitting there with a bunch of Home editions, a bunch of workstations, and I'm supposed to get them on the network that day. He also demanded I get a PowerMac G5-based workstation to not only join the domain, but be able to run the shared WINDOWS applications there. Not surprisingly, I don't do that kind of freelance work any more, it's too frustrating.

1 members found this post helpful.

Only time I've seen that happen is when the user is running the GUI as root.

That is a BIG PEBCAK error.

Excellent post.

I believe that's the end of the thread, folks.

1 members found this post helpful.

Is there a flowchart or a block diagram that illustrates this ?

Something conceptual put in picture form, not a flow diagram of some
specific source code.

Starting with iptables and or the command line, how a packet or a
program starts, is accepted or denied, the actions after that, acceptance
or denial, that keeps the OS secure and running.

Then how that packet or program could proceed to test Linux security layers.
User, root, system, admin, and what that would conceptually look like in
flow diagram form. Basic steps taken to keep intruder code out of those
areas.

And, finally, the kernel. Basic steps taken to keep intruder code out of
the kernel or keep the kernel from doing something it shouldn't. In conceptual
picture and arrow form. But still technically defining the OS modules or
systems running to provide the security actions portrayed.


I found a flow diagram about iptables and how they keep the whole system secure
but not about the lower layers and the kernel. Shouldn't be hard to do.

thx

patrick

It doesn't work like that. Things don't "flow" through layers of security. Data flows though the various subsystems though, but security isn't like that.

An introduction to (even though it is a bit dated) SELinux is at

http://docs.fedoraproject.org/en-US/...nhanced_Linux/

And then there is the DAC (discretionary access controls) which are much simpler to understand, mostly because they are more familiar owner, group, other permissions.

In addition, Linux also support access control lists.

Then there are capabilities...

http://www.symantec.com/connect/arti...ities-and-acls