Getting people to say nice things about Microsoft (Linspire repo)

Temlakos temlakos at gmail.com
Thu Jan 25 16:39:01 UTC 2007 

Todd Zullinger wrote:
> Les Mikesell wrote:
>   
>> And meanwhile you are so much better off just deleting your own
>> files...   I'm sure you'll be thrilled that the OS is still intact
>> and running after that happens.   While I agree that this is a 'best
>> practices' thing and probably worthwhile in a multiuser scenario,
>> I'm not sure its worth the extra effort when the user you normally
>> run as has write access to everything that can't easily be
>> reinstalled anyway.
>>     
>
> One important benefit of running with limited privileges even on a
> single user system is that it thwarts attacks that aim to usurp system
> binaries and settings to further spread and damage other systems or to
> secretly steal your data without your knowledge.
>
> While it would suck to lose your files to an attack, it would suck
> even more to have the attack surreptitiously install a key-logger that
> stole all of your passwords while you surfed, or used your system to
> attack others.
>
> Running with the least privilege required to do your work makes plenty
> of sense even in a single user scenario.  Just because it doesn't
> prevent the one attack you outlined doesn't make it useless.
>
> I also think that many folks overestimate how much extra effort is
> required to run as a non-root user.  So you are asked for an admin
> password every so often if you're configuring your system.  Big deal.
> If you spend all day every day configuring your system, then you
> should be savvy enough to use sudo from the command line or slick
> enough to run as root all the time and work out the kinks in those
> uncharted waters.
>
>   
Not to mention that the real reason why most people run MS Windows as a 
Computer Admin is that when MS Windows /does/ ask a Limited User for an 
Admin password, it always botches the temporary grant of privileges. The 
Gnome desktop handles a temporary grant of privileges almost seamlessly, 
whether you're running Gnome Terminal or simply launching an 
administrative app from a menu. I imagine that KDE handles such requests 
similarly.

Add to it that many MS Windows games are dreadfully ill-behaved.

This is the legacy of MS-DOS thinking that it doesn't just own the 
world; it /is/ the world. It is simply not suitable for multi-user, 
networked use.

UNIX/Linux has multi-user system security built into every line of its 
specification.

Better than that, I've been running /and enforcing/ SELinux' targeted 
policy ever since installing FC6. I have no lasting issues.

Temlakos

More information about the fedora-list mailing list