__/ [ Mark Kent ] on Saturday 15 July 2006 19:31 \__
> begin oe_protect.scr
> GreyCloud <mist@xxxxxxxxxxx> espoused:
>> Brad wrote:
>>
>>> On Fri, 14 Jul 2006 20:08:25 -0600, GreyCloud wrote:
>>>
>>>
>>>>http://news.com.com/2100-1012_3-6094481.html?part=rss&tag=6094481&subj=news
>>>>
>>>>Doesn't UNIX and Linux have passworded folders?
>>>>I thought it does.
User accounts have passwords. Why not use the user access/permission system?
chown myself ./the_dir&& chmod 700 ./the_dir
>>> Yes, this can be done using encryption/password protection with PGP.
>>> What amazes me is the supposed displeasure of corporate IT people. Shame
>>> on these "IT" people for giving a normal user the priveledge of
>>> installing software in the first place. It wouldn't be such a big deal if
>>> these supposed "IT" people did their jobs in the first place. Part of IT
>>> management IS the management of ALL software that resides on a given
>>> system. I guess the Windows IT people are incapable of properly securing
>>> a system......especially a system that is in such need of securing as
>>> Windows is. :-P
PGP is what I had in mind too. Compress, then encrypt (or even
faster/immediate with .tar).
>> What I've found in the article was corporate IT people now squawking
>> about security that M$ is trying to provide, but the wrong kind.
>> Strange world.
Security != privacy. Albeit the two are closely related because you lose the
second once the first is compromised.
> The concepts are markedly different. In spite of what some would claim,
> MS Windows is essentially a single-user system, this problem being
> significantly exacerbated by the need to run so much software as
> 'admin'. Even if you try to have different users, they're all admin!
> There's no real equivalent of the /etc/ and .rc files, so again, no
> practical method to install a "site default" and have user's settings
> individually assigned in a standard way - everything works differently.
> Licensing on a per user basis causes another set of awful headaches.
> The "profile" (is that the right word?) was supposed to get around this,
> but it was stored server-side in its entirety - I've watched with a
> mixture of sympathy and amusement as Mrs Mark has tried to start up her
> PC on a VPN link in the morning, and waited, and waited, and waited...
There was a good quote appended by PK yesterday. Something along the lines of
"those who can't have UNIX imitate it poorly".
> I wonder if anyone has ever managed to have different VPN settings, say,
> on the same machine for two people - I rather doubt it. I cannot ever
> see MS pulling a real multi-user OS out of Windows.
Frankly, the code is in a state which can only be described as a sordid mess.
A Vista programmer recently confirmed this. What you suggest here requires
intervention at the very core, whereas Windows programmers could not even
strap on addons and abstractions such as WinFS and service-oriented-esqe
architecture. It will take a while to get out of this hole. First up: 60%
write-up of Windows code. A deadline driven development habit led to lots of
stuff being thrown/glued on top, e.g. NT as a multi-user UNIX alternative.
> Anyway, it'll suit MS no end to obfuscate attack vectors with local
> encryption as "security", so that they can claim that they're working
> on security by adding something which I assume is the equivalent of cfsd.
When you cannot defend your O/S, you might as well encrypt your data. Perhaps
the next time Windows servers with sensitive records get pwned, the data
will at least be harder to interpret. Nevermind the effect of botnets...
Best wishes,
Roy
--
Roy S. Schestowitz | Open syntax, Open API's, OpenSuSE
http://Schestowitz.com | SuSE Linux ¦ PGP-Key: 0x74572E8E
2:20am up 79 days 7:23, 11 users, load average: 0.40, 0.72, 0.58
http://iuron.com - Open Source knowledge engine project
|
|
