Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] Linux a Long Way Ahead of Windows in Role-based Access Control

  • Subject: [News] Linux a Long Way Ahead of Windows in Role-based Access Control
  • From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
  • Date: Mon, 03 Dec 2007 01:44:39 +0000
  • Newsgroups: comp.os.linux.advocacy
  • Organization: Netscape / schestowitz.com
  • User-agent: KNode/0.10.4
Go RBAC now

,----[ Quote ]
| Implement role-based access control for stronger security in your 
| environment. 
| [...]
| Linux has long had RBAC capabilities. Nearly any decent Linux distro will 
| allow you to add an RBAC security module. Many versions, such as SELinux 
| (Security Enhanced Linux), come with RBAC by default. If you don't have 
| SELinux, there's still a good chance your Linux supports RBAC already. Just 
| look for the MAC module and read the man pages. There are also many 
| developing RBAC initiatives, such as the OASIS XML-based RBAC effort for 
| Web-based content (PDF).      



Did Microsoft just patent sudo?

,----[ Quote ]
| 1985, huh? And when did this Microsoft patent happen? It was filed in
| 2000. Well gee, that doesn't make sense. How'd they get the patent?
| It certainly falls under the category of "obvious" if there's prior
| art such as sudo.
| What makes this whole thing funny, though, is something I saw a couple
| days ago. Head over to Builder-AU and listen to Peter Watson from
| Microsoft. He says,
|   "User Account Control is a great idea and strategically
|   a direction that sort of all operating systems and all technology
|   should be heading down"
| Excuse me? Does he really believe this is all Microsoft's great new
| idea?
| In the end, this seems like a patent that Microsoft will hold up and
| say "we have a patent and Linux is violating it!" They won't ever
| sue on it though (just leave the threat hanging to scare away
| potential users), because then they could have the patent revoked.
| It's better for them to just wave it around.


Microsoft Says Other OSes Should Imitate UAC

,----[ Quote ]
| The most controversial aspect of Watson's comments all center around
| the idea that Microsoft is a leader with UAC, and that other OSes
| should follow suit. UAC is a cousin of myriad "superuser" process
| elevation strategies, which Mac OS X and all flavors of Linux
| already enjoy. The fact is that Microsoft is late to the party
| with their Microsoftized version of sudo. That's really what UAC
| is, after all: sudo with a fancy display mechanism (to make it hard
| to spoof) and extra monitoring to pick up on "suspicious" behavior.


Learning to Live with UAC

,----[ Quote ]
| Like most veteran Windows users, I balked when I first encountered the User 
| Account Control (UAC) mechanism in the latter BETAs of Vista. The constant 
| interruption of nearly every system or maintenance related task was 
| unbearable. Finally, after one particularly frustrating bout of "move the 
| file/yes I really want to move the file/please let me move the file/sorry, do 
| dice buddy," I did what many early Vista users did: I turned UAC off.     
| Hint: For those of you who haven't figured it out yet, the option to disable 
| UAC is buried under the User Accounts sub-section of the Control Panel. 
| Ah, the bliss of no UAC! I could now do whatever I wanted, whenever I wanted! 
| It was just like Windows XP, but with a cooler UI! 


Researcher Reveals 2-Step Vista UAC Hack

,----[ Quote ]
| A Web application developer has uncovered a two-step process
| (PDF) for exploiting Windows Vista's User Account Control,
| essentially by having a Trojan piggyback on what could be al
| egitimate download.


Vista User Account Control and the Linux Superuser

,----[ Quote ]
| So, when I was researching the way to determine the shadow storage
| size on Windows Vista for my February 23rd entry, I wasn't too surprised
| when I got an error message about needing to elevate my privilege after
| I tried to run vssadmin from a standard command shell. What a Linux
| system would have done right there would be to ask me for the
| administrator password. 


Vista's UAC needs an overhaul. Ideas?

,----[ Quote ]
| It seems like everyone, other than possibly Microsoft's Vista team
| itself, seems to believe that the User Account Control (UAC) in
| Vista already needs an overhaul.


Windows Vista: Secure Or Just Frustrating?

,----[ Quote ]
| The problem with Vista’s security implementation is that lots of warning 
| dialog boxes don't provide security. Users get frustrated and eventually stop 
| reading them altogether. They think of them as annoyances, an extra click 
| required to get a feature to work. Is Windows Vista really more secure than 
| the operating systems that preceded it, or simply more frustrating? Since 
| Microsoft left us with no choice but to buy a PC with Vista pre-installed, 
| we’re inevitably stuck with it. Let the frustration begin.      


,----[Quote ]
| "Oh, excuse me, is this supposed be a joke? We all remember all those
| Microsoft's statements about how serious Microsoft is about security in
| Vista and how all those new cool security features like UAC or Protected
| Mode IE will improve the world's security. And now we hear what?


Vista's Faux Security

,----[ Quote ]
| At the end of the new Apple ad, the security guard finally asks the
| hapless PC: "You are coming to a sad realization. Cancel or allow?"
| Unfortunately, after conditioning the world to click "allow," all
| Microsoft will have accomplished is to pass the buck to the hapless
| PC user, trying to make the user responsible for anything bad that
| happens because they ultimately chose to allow it.
| While that may allow Microsoft?s security engineers to sleep at night,
| the rest of us won't rest as easy until Vista's holes are plugged
| with something more substantial than a dialog box.


Vista's UAC security is hopeless, says Symantec

,----[ Quote ]
| A key security feature of Windows Vista, User Account Control (UAC) is
| still nearly unusable, Symantec has said.
| At a press presentation last week, Symantec vice president of
| engineering Rowan Trollope said Symantec's customers had found the
| feature so "chatty", that it was a burden on users, potentially
| creating new help-desk calls. 


Windows Vista set to overwhelm helpdesks

,----[ Quote ]
| The Windows Vista features that will most benefit end users are
| likely to cause a flood of calls to enterprise IT help desks, it
| was claimed today.
| SupportSoft predicted that one of the main areas in which
| end-users are likely to experience problems will be dealing
| with Vista's security features.


Windows Forces you to use UAC to Add a Printer

,----[ Quote ]
| Another bug that got past the extensive RTM testing process? Nope.
| It's a bug that came into existence during the finalization process.
| This bug wasn't there in RC2, but it's most definitely there now. All
| we can say is, hopefully this gets patched before SP6.


Analyst slams Vista's 'backward' UI

,----[ Quote ]
| Windows Vista is a step back in usability, researcher claims


Windows Vista Tip: Run as administrator

,----[ Quote ]
| This will make every admin operation prompt you for credentials
| while it is great if you do a lot of remote operations it can
| become tedious if you are performing a lot of local admin operations.


Microsoft: Turn off Vista's UAC to fix problems

,----[ Quote ]
| I've been fairly critical of the new User Access Control (UAC) in
| Windows Vista, as I feel it is too secure to be usable, which will
| probably result in many users and corporations turning off and
| losing out on what could have been Vista?s best feature.
| [...]
| He recommends turning UAC back on after fixing the problem, but
| when users need to do this more than a couple of times to get a
| usable system, they will just leave it turned off.


'Vista's Account Protection: One Click and It's Gone'

,----[ Quote ]
| One of Vista's big security features is 'User Account Protection'
| (or 'User Account Control') which pops up and asks for user
| authentication before software can make any administrative changes to
| the system. But the TweakVista utility can turn off UAP in one click...


The Truth About User Privileges

,----[ Quote ]
| Has the time finally come for the least-privilege user -- you know,
| setting your Windows client machines to run without system
| administrator rights?
| [...]
| Today, some Windows applications just won't run properly on a
| desktop without administrative rights. "It's a dirty little
| secret people sweep under the rug because they're not able to
| do much about the problem. A lot of applications and pieces
| of environments won't work if users aren't given admin rights,"
| says Steve Kleynhans, vice president for Gartner's client
| platforms group. "If you can get applications to function
| with lower rights, in a lot of cases it hampers the user
| experience."


Opinion: 'Vista Casts A Pall On PC Gaming'

,----[ Quote ]
| In the interest of full disclosure I should make it clear that in a
| previous life time I was responsible for all of Microsoft's OS
| strategy for games and media, from writing the original DirectX
| development plan, to managing Microsoft?s relationships with the
| industries leading game developers. 10 years after launching DirectX
| 1.0, I still have strong opinions and feelings about how to make
| Windows a great game platform, and probably feel a stronger sense
| of pique than most when I see Microsoft making careless or callous
| mistakes that impact game developers.


Microsoft Windows: Insecure by Design


If Only We Knew Then What We Know Now About Windows XP


Why Windows is a security nightmare.


The Structural Failures of Windows


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index