mailing list archives
RE: [in] Re: IE is just as safe as FireFox
From: Paul Schmehl <pauls () utdallas edu>
Date: Fri, 19 Nov 2004 16:19:49 -0600
--On Friday, November 19, 2004 01:12:31 PM -0500 "Crotty, Edward"
<Edward.Crotty () dowjones com> wrote:
I'm not a Win based guy (troll?) - Un*x here - and even I was offended by
There is such a thing as "runas" for Windows.
That's not all.
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of devis
Sent: Friday, November 19, 2004 11:10 AM
Cc: full-disclosure () lists netsys com
Subject: Re: [in] Re: [Full-disclosure] IE is just as safe as FireFox
1) Despite recent ameliorations of MS ( multi user finally, permissions
... ) and some effort at making the system more secure, something very
important is still left out: The first default user of the MS computer
is made an administrator.
Apparently you don't have very broad experience with OSes. ON *every* OS
I'm familiar with, the first user is the administrator (or root) account.
This comes down to giving uid0 to ur first
unix user. Unix does NOT do that. It requieres you to use su and become
root ( administrator ) after proper credentials submission ( password ).
When's the last time you installed an OS from scratch? Gentoo, FreeBSD,
OpenBSD, RedHat, Fedora, Slackware, Mac OS X, Debian, Solaris, *all* create
the first user as uid0 during the install process. (I can't speak for the
others because I haven't done those, but I'd be willing to bet that NetBSD,
AIX, HP-UX, SCO et. al. work exactly the same way.)
Unix does not grant users root access by default, and it does a much better
job of separating privileges by requiring you to join the wheel group *and*
either use sudo or su to do work as root, but Windows doesn't make users
the admin by default *either*, unless you setup Fast User Switching
*during* the install.
The first user is NOT and administrator, and any recent Unix
documentation will insist on the danger of running as root(admin). Unix
keeps the admin account well separated from the user account, which MS
That's simply false. Windows has several groups. By default users are in
the "USERS" group, *not* the ADMINISTRATORS group.
It might make sense if you actually had knowledge of an OS before you
Please install a proper unix, create 2 accounts and try to
read the home directory of the second user from the first.
Please do the same in Windows. Here's a hint. You'll get the same results.
2) "After all, they don;t need to know" . " You're on a need to know
Do MS really think the users are stupid ?
Probably. Otherwise they wouldn't have those stupid warnings popup every
time you try to delete something. Are you SURE you want to do this????
Yes, damn it!!
[snipped the rant]
Oh baloney. Learn a little more about the OS before you make assumptions
that make you look ignorant.
Lets not hide from ourselves whats needed from MS to reach modern world
a complete rewrite, and a ditch of old Dos base and the 20 years old
Aside from the default permissions, you can also granularly apply
privileges in many ways. For example, by default USERS have Read &
Execute, List Folder Contents and Read access to the Windows folder, its
contents and all it's subfolders. In addition, there are fourteen (14)
separate rights that can be explicity granted or denied to them at that
level only or to all subfolders as well, to files only, to subfolders only,
to subfolders *and* files only, etc., etc.
I'm not Windows fan, but the least you can do is learn the subject before
you claim expert status and presume to preach to others.
While we're lecturing the unwashed, would you mind trimming your replies?
Who needs six levels of FD disclaimers?
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
Full-Disclosure - We believe in it.
RE: [in] Re: IE is just as safe as FireFox Paul Schmehl (Nov 20)
Message not availableRe: Windows user privileges James Tucker (Nov 21)
RE: Windows user privileges Phillip R. Paradis (Nov 23)
RE: Windows user privileges joe (Nov 21)
Re: [in] Re: IE is just as safe as FireFox devis (Nov 21)
RE: [in] Re: IE is just as safe as FireFox Phillip R. Paradis (Nov 23)
RE: [in] Re: IE is just as safe as FireFox Todd Towles (Nov 19)