headdesk headdesk headdesk
08 Apr 2005From the article Fewer permissions are key to Longhorn security:
Microsoft said it would encourage the use of least permissions in Longhorn by making it easier for users to do common tasks without administrator privileges. For example....allow developers to create per user installations of applications, with user-specific settings saved in the "my programs" folder, rather than a globally accessible program files directory that requires administrative permissions to change....Windows programs commonly save user-specific files to critical areas of the operating system, such as the program files directory or protected parts of the Windows registry, which stores configuration information and is off-limits to regular users...
...splutter...Gee, individual settings saved in areas controlled by individual users...WHY IS THIS NEWS? How is it even possible that this never occured to MS before?
The company also has an opportunity to brand LUA with its own user-friendly features and interfaces, which would be a vast improvement over platforms like Sun Microsystems's Trusted Solaris and Unix, Gartner's Pescatore said. "They are so complex, nobody can use them," he said. "They require every user to be a security expert. But if you look at what Microsoft is good at, it's not inventing ways to do security, but ways to make security easier to implement for security administrators."
Okay, WHAT? What the fucking fuck was that? Have I been trolled? Is this guy secretly laughing up his sleeve at the way my face is turning RED WITH RAGE? Honestly.
Where the fuck was Microsoft when they were writing NT/2000/XP? Why the hell are there so many fucking programs that demand admin or power user access simply to use? No, MS did not write all these programs themselves, but it's their damned operating system and their damned culture of "Well of course you're the only one on the computer! Of course you're running as a power use! Of course it won't affect anyone else if you're given too much privilege!" Microsoft has a LOT of shit to clean up, and it's not just in their crappy, crappy OS: it's in the attitudes passed on to users and developers too.
"[Solaris and Unix] require every user to be a security expert." No, actually, they don't. That's the whole fucking point. The programs are (generally, yes there are exceptions) well-behaved: they don't need crazy privilege, they save user-specific files IN THE USER'S FUCKING DIRECTORY, and so on. You need one security expert -- the sysadmin (and hey, before anyone kicks I am not saying I'm a security expert or anything like it) -- who sets things up safely. You don't have a glorified text editor (hello, Code Composer!) that requires power user to run it, and you don't have the accompanying conversations about "please don't install that app again".
"But if you look at what Microsoft is good at, it's not inventing ways to do security, but ways to make security easier to implement for security administrators." HA! It is to laugh. I can hear you out there wondering why I don't get a copy of Regmon to look at what registry keys CC needs access to, and open up the permissions on that. Excellent question, and I should be dropping everything to do that right now -- point taken. But why the fuck isn't a tool like this included with 2K to start with? Why are all the admin tools MS does provide squirrelled away in different resource kits and download areas, safely kept from the unschooled likes of me?
I'm ranting. There are flaws in my arguments. I don't like or trust MS or Windows very much. I lhave drunk deeply of the Unix kool-aid, and I am horribly, horribly biased. But for the love of all that is holy, this whole article just leaves me agog. Redmond can't be that ignorant, and I mean that sincerely. But what the hell else am I supposed to think? Why has twenty-five years of open, easy-to-find operating system knowledge passed them over? What lamb's blood did they smear over their cubicle doors to prevent the Angel of Death from entering?
(Story hit Slashdot today, and I saw it too late to get this comment in...so this rant hits the journal. You lucky, lucky people.)
Add a comment:
Name and email required; email is not displayed.
Related Posts
QRP weekend 08 Oct 2018
Open Source Cubesat Workshop 2018 03 Oct 2018
mpd crash? try removing files in /var/lib/mpd/ 11 Aug 2018