Getting people to say nice things about Microsoft (Linspire repo)
Temlakos
temlakos at gmail.com
Thu Jan 25 16:39:01 UTC 2007
Todd Zullinger wrote:
> Les Mikesell wrote:
>
>> And meanwhile you are so much better off just deleting your own
>> files... I'm sure you'll be thrilled that the OS is still intact
>> and running after that happens. While I agree that this is a 'best
>> practices' thing and probably worthwhile in a multiuser scenario,
>> I'm not sure its worth the extra effort when the user you normally
>> run as has write access to everything that can't easily be
>> reinstalled anyway.
>>
>
> One important benefit of running with limited privileges even on a
> single user system is that it thwarts attacks that aim to usurp system
> binaries and settings to further spread and damage other systems or to
> secretly steal your data without your knowledge.
>
> While it would suck to lose your files to an attack, it would suck
> even more to have the attack surreptitiously install a key-logger that
> stole all of your passwords while you surfed, or used your system to
> attack others.
>
> Running with the least privilege required to do your work makes plenty
> of sense even in a single user scenario. Just because it doesn't
> prevent the one attack you outlined doesn't make it useless.
>
> I also think that many folks overestimate how much extra effort is
> required to run as a non-root user. So you are asked for an admin
> password every so often if you're configuring your system. Big deal.
> If you spend all day every day configuring your system, then you
> should be savvy enough to use sudo from the command line or slick
> enough to run as root all the time and work out the kinks in those
> uncharted waters.
>
>
Not to mention that the real reason why most people run MS Windows as a
Computer Admin is that when MS Windows /does/ ask a Limited User for an
Admin password, it always botches the temporary grant of privileges. The
Gnome desktop handles a temporary grant of privileges almost seamlessly,
whether you're running Gnome Terminal or simply launching an
administrative app from a menu. I imagine that KDE handles such requests
similarly.
Add to it that many MS Windows games are dreadfully ill-behaved.
This is the legacy of MS-DOS thinking that it doesn't just own the
world; it /is/ the world. It is simply not suitable for multi-user,
networked use.
UNIX/Linux has multi-user system security built into every line of its
specification.
Better than that, I've been running /and enforcing/ SELinux' targeted
policy ever since installing FC6. I have no lasting issues.
Temlakos
More information about the fedora-list
mailing list