Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: [in] Re: IE is just as safe as FireFox
From: "Todd Towles" <toddtowles () brookshires com>
Date: Mon, 22 Nov 2004 07:47:37 -0600

Very True, not to talk about all the apps that won't run correctly in
Windows because of non-admin rights. Should we all have to give
premissions to special reg keys just to have a app run as a non-admin? I
mean come on...you give us a so called security feature (Run As) and
then it is only useable half the time for the IT world and almost
totally useless for the everyday basic user. 

But of course most of the apps that don't work with Run As are harder
apps but I am sure everyone has seen some. 

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of devis
Sent: Sunday, November 21, 2004 12:11 AM
Cc: full-disclosure () lists netsys com
Subject: Re: [in] Re: [Full-disclosure] IE is just as safe as FireFox

Todd Towles wrote:

Windows doesn't tell you about the Admin account and makes 
the default 
user a Admin. That isn't best method as you know.

RunAs is great..but that is only good once you create a 
normal user - 
and then delete your new default user. Or you log in in 
and take away the full control of the default user. Easy for the 
average window user? Nope. If it was Microsoft would make 
the default 
user (note
USER) and then let you configure the Admin account on start. 


Thank you. Sometimes i feel the message doesn't get across. 
Run as is a false sense of security. Majority of MS apps ( 
that gets owned ) run with Admin or Local System priviledges. 
Does Run as works on IE ? on Office ? on IIS ?

My point was that instead of 'hiding' computer knowledge from 
the 'user' 
, and introducing false 'hyped' security such as 'RunAs', 
assuming his stupidity, i think people will be likely to 
understand that to install a program they would have to use a 
different account than from browsing pages. Especially when 
the company behind has lots of $$$ to make it friendly and 
understood. 15 years ago people thought only a few people 
will ever use email......

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]