Re: Windows vs Linux Security - Microsoft Windows

This is a discussion on Re: Windows vs Linux Security - Microsoft Windows ; In comp.os.linux.misc Dave wrote: : Here is my current understanding of the Linux vs Windows security : situation. : Levels 1 and 2) No problem with either system. : Level 3) It looks like Linux has a very robust isolation ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Re: Windows vs Linux Security

  1. Re: Windows vs Linux Security

    In comp.os.linux.misc Dave wrote:
    : Here is my current understanding of the Linux vs Windows security
    : situation.
    : Levels 1 and 2) No problem with either system.
    : Level 3) It looks like Linux has a very robust isolation of user
    : files and processes, and Windows does not. In the previous thread, I
    : got not a single response to my challenge for anyone to show me code
    : that could destroy anything or access "read-only" information outside
    : my "junk" account on Red Hat 8.

    Am feeling contrary today, so:

    I would challenge you or anyone else to show me any Windows code
    that can do anything obnoxious outside of the user space for any
    normal user in Windows. Like mess with system settings or another
    user's files or kill another user's running processes or the like.

    Level 3 above is well taken care of in Windows exactly the same
    as in Linux but in both cases ONLY if the sys admin is setting
    things up correctly. Logging in as "root" or as "administrator"
    is equally powerful and dangerous on both systems.

    As you note level 4 is the really challenging level.

    Stan


    --
    Stan Bischof ("stan" at the below domain)
    www.worldbadminton.com

  2. Re: Windows vs Linux Security

    ["Followup-To:" header set to comp.os.linux.misc.]
    On 2003-09-15, nobody@nowhere.com wrote:

    > In comp.os.linux.misc Dave wrote:
    >:
    >: Level 3) It looks like Linux has a very robust isolation of user
    >: files and processes, and Windows does not. In the previous thread, I
    >: got not a single response to my challenge for anyone to show me code
    >: that could destroy anything or access "read-only" information outside
    >: my "junk" account on Red Hat 8.


    [...]

    > Level 3 above is well taken care of in Windows exactly the same
    > as in Linux but in both cases ONLY if the sys admin is setting
    > things up correctly. Logging in as "root" or as "administrator"
    > is equally powerful and dangerous on both systems.


    Unfortunately, it is often very difficult to function as a mortal user in
    Windows, so most people outside of corporate desktops end up running as
    "administrator" most of the time anyway.

    --

    -John (JohnThompson@new.rr.com)

  3. Re: Windows vs Linux Security

    John Thompson wrote:

    > ["Followup-To:" header set to comp.os.linux.misc.]
    > On 2003-09-15, nobody@nowhere.com wrote:
    >
    >> In comp.os.linux.misc Dave wrote:
    >>:
    >>: Level 3) It looks like Linux has a very robust isolation of user
    >>: files and processes, and Windows does not. In the previous thread, I
    >>: got not a single response to my challenge for anyone to show me code
    >>: that could destroy anything or access "read-only" information outside
    >>: my "junk" account on Red Hat 8.

    >
    > [...]
    >
    >> Level 3 above is well taken care of in Windows exactly the same
    >> as in Linux but in both cases ONLY if the sys admin is setting
    >> things up correctly. Logging in as "root" or as "administrator"
    >> is equally powerful and dangerous on both systems.

    >
    > Unfortunately, it is often very difficult to function as a mortal user in
    > Windows, so most people outside of corporate desktops end up running as
    > "administrator" most of the time anyway.


    How is that difficult in modern versions of Windows i.e. XP?

    When I need to do something root in Windows tells me. I might need to fast
    user switch to Windows version of root but that's only a Windows+L away.
    Granted it's not quite up to the level that KDE's graphical SUDO thing is
    but even KDE is far from perfect in this regard.

    I call it even. Maybe Windows has the advantage here since you can EASILY
    switch between graphical environs while maintaining the state of your user
    environment. Perhaps that's a better model considering that you would be
    less likely to forget that you are root in Windows sterile root login.

  4. Re: Windows vs Linux Security

    As Mike Byrns so eloquently gibbered on Tue, 16 Sep 2003 at 05:31 GMT:

    > John Thompson wrote:
    >
    >> ["Followup-To:" header set to comp.os.linux.misc.]
    >> On 2003-09-15, nobody@nowhere.com wrote:
    >>
    >>> In comp.os.linux.misc Dave wrote:
    >>>:
    >>>: Level 3) It looks like Linux has a very robust isolation of user
    >>>: files and processes, and Windows does not. In the previous thread, I
    >>>: got not a single response to my challenge for anyone to show me code
    >>>: that could destroy anything or access "read-only" information outside
    >>>: my "junk" account on Red Hat 8.

    >>
    >> [...]
    >>
    >>> Level 3 above is well taken care of in Windows exactly the same
    >>> as in Linux but in both cases ONLY if the sys admin is setting
    >>> things up correctly. Logging in as "root" or as "administrator"
    >>> is equally powerful and dangerous on both systems.

    >>
    >> Unfortunately, it is often very difficult to function as a mortal user in
    >> Windows, so most people outside of corporate desktops end up running as
    >> "administrator" most of the time anyway.

    >
    > How is that difficult in modern versions of Windows i.e. XP?
    >
    > When I need to do something root in Windows tells me. I might need to fast
    > user switch to Windows version of root but that's only a Windows+L away.
    > Granted it's not quite up to the level that KDE's graphical SUDO thing is
    > but even KDE is far from perfect in this regard.


    For one, FUS doesn't work when networking XP Pro (ha, ha...Pro...those
    lugs at MICROS~1 never miss an opportunity to insert some levity!).
    It's even in the help stuff.

    Other things also don't work very well when networked, like allowing
    normal users (i.e. not Power Users(tm) [*snork* another one of those
    cute MICROS~1isms!]) to do normal user things, such as run programs
    from shared drives on the network. No matter how things are set, our
    database program continues to want to create new files on the local
    machine for anyone not given permissions of a Power User(tm) (ho, ho).
    And some things, like permissions on local machines for networked
    printers get hosed when they're set up with Power Users(tm) (ROTLMAO)
    on the machine. I've had to add the same networked printers to the same
    machines dozens of times because anybody logged in as Power User(tm)
    (LOL) can delete them. Locally-connected printers, not so. But printers
    attached to the network and added to the machine are open to all Power
    Users(tm)(ha, ha, ha). Nobody, not the networking people, not any of
    our own people, not anybody at MICROS~1 has been able to give us any
    method to prevent this.

    Lower-level users can't run things properly from the network (no matter
    what permissions are put onto the networked shares), so there's really
    no choice but to let them screw the printers.

    > I call it even. Maybe Windows has the advantage here since you can EASILY
    > switch between graphical environs while maintaining the state of your user
    > environment. Perhaps that's a better model considering that you would be
    > less likely to forget that you are root in Windows sterile root login.


    Call it as you wish. That doesn't make it true.

    See above. There's no advantage for WinDOS when it's networked. In
    fact, there are loads of shortcomings.

    --
    "Welcome to Microsoft support. May I ask which version of Code Red
    you're running?"

+ Reply to Thread