Trustworthy computing...
-
It seems to me, the casual observer, that Microsoft's philosphy on security will eventually come to this. If a program, driver, what-not, is 'trusted', then give it more rights than if it were 'untrusted'. For instance, in Windows XP, AFAIK, a restricted user can install a certified driver, but can't run an arbitrary install program. A driver gets to be 'certified' becuase it passes a set of tests, and gets a stamp of approval from MS. I get the feeling for Longhorn and future OSes, they'll take this concept on to all software running on the machine. Whereas the Unix/Linux concept is, an 'administrator' user can set run, read, write permissions on a file by file basis. Programs generally only have access to a very specific directory for the user running it, unless an admin (root) sets the program to have root permissions. And this is rarley done except for very well-known programs. The user, however, can launch programs as he sees fit, it's just that some will not have permissions to go outside of that user's directory. You can do some of this in Windows, but I don't think you can specify some programs to run as 'user' and others to run as 'admin' in this way. Which do you think about these security paradigms? Is one any better than the other? Or do they both miss the boat? If your nose runs and your feet smell, then you're built upside down.
-
It seems to me, the casual observer, that Microsoft's philosphy on security will eventually come to this. If a program, driver, what-not, is 'trusted', then give it more rights than if it were 'untrusted'. For instance, in Windows XP, AFAIK, a restricted user can install a certified driver, but can't run an arbitrary install program. A driver gets to be 'certified' becuase it passes a set of tests, and gets a stamp of approval from MS. I get the feeling for Longhorn and future OSes, they'll take this concept on to all software running on the machine. Whereas the Unix/Linux concept is, an 'administrator' user can set run, read, write permissions on a file by file basis. Programs generally only have access to a very specific directory for the user running it, unless an admin (root) sets the program to have root permissions. And this is rarley done except for very well-known programs. The user, however, can launch programs as he sees fit, it's just that some will not have permissions to go outside of that user's directory. You can do some of this in Windows, but I don't think you can specify some programs to run as 'user' and others to run as 'admin' in this way. Which do you think about these security paradigms? Is one any better than the other? Or do they both miss the boat? If your nose runs and your feet smell, then you're built upside down.
Navin wrote: Which do you think about these security paradigms? Is one any better than the other? Or do they both miss the boat? This is just a WAG, but it seems that the Unix/Linux concept, being based on file permissions, is rather antiquated. What MS is trying to do is deal with more distributed security issues, such as installing a program "on-the-fly" that's being received over the Internet, for example. What do you think? Marc Latest AAL Article My blog Join my forum!
-
It seems to me, the casual observer, that Microsoft's philosphy on security will eventually come to this. If a program, driver, what-not, is 'trusted', then give it more rights than if it were 'untrusted'. For instance, in Windows XP, AFAIK, a restricted user can install a certified driver, but can't run an arbitrary install program. A driver gets to be 'certified' becuase it passes a set of tests, and gets a stamp of approval from MS. I get the feeling for Longhorn and future OSes, they'll take this concept on to all software running on the machine. Whereas the Unix/Linux concept is, an 'administrator' user can set run, read, write permissions on a file by file basis. Programs generally only have access to a very specific directory for the user running it, unless an admin (root) sets the program to have root permissions. And this is rarley done except for very well-known programs. The user, however, can launch programs as he sees fit, it's just that some will not have permissions to go outside of that user's directory. You can do some of this in Windows, but I don't think you can specify some programs to run as 'user' and others to run as 'admin' in this way. Which do you think about these security paradigms? Is one any better than the other? Or do they both miss the boat? If your nose runs and your feet smell, then you're built upside down.
Navin wrote: A driver gets to be 'certified' becuase it passes a set of tests, and gets a stamp of approval from MS. I get the feeling for Longhorn and future OSes, they'll take this concept on to all software running on the machine. It won't be anything new. You know that ActiveX signature dialog box on IE? Navin wrote: Whereas the Unix/Linux concept is, an 'administrator' user can set run, read, write permissions on a file by file basis. You say this as if in Windows you can't. Navin wrote: You can do some of this in Windows, but I don't think you can specify some programs to run as 'user' and others to run as 'admin' in this way. Oh, you mean this: http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/sys\_srv\_secondary\_logon.htm on Windows 2000 and http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/proddocs/runas.asp on Windows XP.
Help me dominate the world - click this link and my army will grow
-
Navin wrote: Which do you think about these security paradigms? Is one any better than the other? Or do they both miss the boat? This is just a WAG, but it seems that the Unix/Linux concept, being based on file permissions, is rather antiquated. What MS is trying to do is deal with more distributed security issues, such as installing a program "on-the-fly" that's being received over the Internet, for example. What do you think? Marc Latest AAL Article My blog Join my forum!
I tend to side more with the Unix philosphy. Microsoft's makes sense for drivers, most of the time, since they really do need access to system resources. However, most Windows programs need access to all sorts of parts of the system... the insallers copy DLLs, write entries all over the registry, and copy files in odd places. That's what I don't like - programs need to be designed so they install and run without harming anything else. That way you really can lock down users without compromising functionality (much) or security. Example: I can download, install, and run many programs in Linux, being a regular user, and have that complete install localized to my user directory - and without screwing up the whole system. That helps make things more secure. Even if that program had a security hole, damage could only be done to the data in one directory. It could not take over the whole system. It is almost impossible to find Windows programs that can behave like that. Usually the program or the installer needs some system resource. Having signed programs, controls, etc., is better than nothing, but I don't think it's practical. Even if something is signed, it is probably just as likely to contain an unknown security flaw that just wan't detected, and open up your whole system. If your nose runs and your feet smell, then you're built upside down.
-
Navin wrote: A driver gets to be 'certified' becuase it passes a set of tests, and gets a stamp of approval from MS. I get the feeling for Longhorn and future OSes, they'll take this concept on to all software running on the machine. It won't be anything new. You know that ActiveX signature dialog box on IE? Navin wrote: Whereas the Unix/Linux concept is, an 'administrator' user can set run, read, write permissions on a file by file basis. You say this as if in Windows you can't. Navin wrote: You can do some of this in Windows, but I don't think you can specify some programs to run as 'user' and others to run as 'admin' in this way. Oh, you mean this: http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/sys\_srv\_secondary\_logon.htm on Windows 2000 and http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/proddocs/runas.asp on Windows XP.
Help me dominate the world - click this link and my army will grow
Yes, I know about ActiveX signing. But this is a small part, I am taking about if they end up doing that for ALL applications. Daniel Turini wrote: You say this as if in Windows you can't. Okay... you proved that you can, however that really wasn't my point at all. Windows programs often need to have access to more of the system - especially when they are being installed. Hence, Microsoft's paradigm of making software/components trusted (signed), and given more rights, or untrusted/unsigned. Unix programs generally don't need this, unless they really are system tools (in which case an admin would be installing them anyway.) You can install many Unix/Linux applications all in a single directory within your user's tree,and not need access to other parts of the system. If your nose runs and your feet smell, then you're built upside down.
-
It seems to me, the casual observer, that Microsoft's philosphy on security will eventually come to this. If a program, driver, what-not, is 'trusted', then give it more rights than if it were 'untrusted'. For instance, in Windows XP, AFAIK, a restricted user can install a certified driver, but can't run an arbitrary install program. A driver gets to be 'certified' becuase it passes a set of tests, and gets a stamp of approval from MS. I get the feeling for Longhorn and future OSes, they'll take this concept on to all software running on the machine. Whereas the Unix/Linux concept is, an 'administrator' user can set run, read, write permissions on a file by file basis. Programs generally only have access to a very specific directory for the user running it, unless an admin (root) sets the program to have root permissions. And this is rarley done except for very well-known programs. The user, however, can launch programs as he sees fit, it's just that some will not have permissions to go outside of that user's directory. You can do some of this in Windows, but I don't think you can specify some programs to run as 'user' and others to run as 'admin' in this way. Which do you think about these security paradigms? Is one any better than the other? Or do they both miss the boat? If your nose runs and your feet smell, then you're built upside down.
The Unix philosophy works so long as someone who knows their shit is running the system, and the users are content to play nice within this system. Microsoft's (end user oriented) operating systems have traditionally allowed users, and the programs that they run, to do whatever they like on a system. To provide a greater level of security, Microsoft is essentially offering to act as the admistrator for these systems now - but since the user still has the opportunity to get whatever permissions they want, this will only work when the user is "playing nice", by running only trusted software. Want a secure system? Don't hook it up to any networks, verify each and every program you run on it, and keep it in a locked vault. Short of that, backup frequently and keep the backups in a locked vault.
Shog9
nightdrivin'withoutheadlights...
-
Yes, I know about ActiveX signing. But this is a small part, I am taking about if they end up doing that for ALL applications. Daniel Turini wrote: You say this as if in Windows you can't. Okay... you proved that you can, however that really wasn't my point at all. Windows programs often need to have access to more of the system - especially when they are being installed. Hence, Microsoft's paradigm of making software/components trusted (signed), and given more rights, or untrusted/unsigned. Unix programs generally don't need this, unless they really are system tools (in which case an admin would be installing them anyway.) You can install many Unix/Linux applications all in a single directory within your user's tree,and not need access to other parts of the system. If your nose runs and your feet smell, then you're built upside down.
Navin wrote: Unix programs generally don't need this, unless they really are system tools (in which case an admin would be installing them anyway.) The problme with this is most Personal Computers do not have a administrator if someone goes out and buys an e-machine and can't install any utilities like Antivirus software without the consent of a special administrator it isn't really a Personal Computer anymore Matt Newman
Sonork: 100:11179 "If you're Noah and you're facing the Flood, don't call a lawyer, start building an Ark." - David Cunningham -
Navin wrote: Unix programs generally don't need this, unless they really are system tools (in which case an admin would be installing them anyway.) The problme with this is most Personal Computers do not have a administrator if someone goes out and buys an e-machine and can't install any utilities like Antivirus software without the consent of a special administrator it isn't really a Personal Computer anymore Matt Newman
Sonork: 100:11179 "If you're Noah and you're facing the Flood, don't call a lawyer, start building an Ark." - David CunninghamExactly my thinking, Windows is still popular 'cause you get so many things out of the box. Kannan
-
It seems to me, the casual observer, that Microsoft's philosphy on security will eventually come to this. If a program, driver, what-not, is 'trusted', then give it more rights than if it were 'untrusted'. For instance, in Windows XP, AFAIK, a restricted user can install a certified driver, but can't run an arbitrary install program. A driver gets to be 'certified' becuase it passes a set of tests, and gets a stamp of approval from MS. I get the feeling for Longhorn and future OSes, they'll take this concept on to all software running on the machine. Whereas the Unix/Linux concept is, an 'administrator' user can set run, read, write permissions on a file by file basis. Programs generally only have access to a very specific directory for the user running it, unless an admin (root) sets the program to have root permissions. And this is rarley done except for very well-known programs. The user, however, can launch programs as he sees fit, it's just that some will not have permissions to go outside of that user's directory. You can do some of this in Windows, but I don't think you can specify some programs to run as 'user' and others to run as 'admin' in this way. Which do you think about these security paradigms? Is one any better than the other? Or do they both miss the boat? If your nose runs and your feet smell, then you're built upside down.
Microsoft and Intel are going way beyond traditional user / file security. Part of the full blown plan is to have a special -1 ring on the processor, a micro kernel between it and each running o/s, and encrypted data channels to input devices / storage / graphics buffers etc. This is all designed to prevent the current problems of hackers intercepting data and program flow, snooping on keyboards or screen buffers, injecting code etc etc. They acknowledge that it will initially be for business users and personal users won't want it. They even seem to understand that enforcing DRM to the point the 'personal use' is affected is not going to be tolerated at a societal level. here is an overview if you have a few hours :) http://www.extremetech.com/article2/0,3973,1274119,00.asp
-
It seems to me, the casual observer, that Microsoft's philosphy on security will eventually come to this. If a program, driver, what-not, is 'trusted', then give it more rights than if it were 'untrusted'. For instance, in Windows XP, AFAIK, a restricted user can install a certified driver, but can't run an arbitrary install program. A driver gets to be 'certified' becuase it passes a set of tests, and gets a stamp of approval from MS. I get the feeling for Longhorn and future OSes, they'll take this concept on to all software running on the machine. Whereas the Unix/Linux concept is, an 'administrator' user can set run, read, write permissions on a file by file basis. Programs generally only have access to a very specific directory for the user running it, unless an admin (root) sets the program to have root permissions. And this is rarley done except for very well-known programs. The user, however, can launch programs as he sees fit, it's just that some will not have permissions to go outside of that user's directory. You can do some of this in Windows, but I don't think you can specify some programs to run as 'user' and others to run as 'admin' in this way. Which do you think about these security paradigms? Is one any better than the other? Or do they both miss the boat? If your nose runs and your feet smell, then you're built upside down.
First of foremost "trustworthy" is a business word. When you are a Microsoft gold partner and recognized trustworthy, it's because you are providing a lot of cash back to Microsoft through indirect channels. Try to $$subscribe$$ one of the zillions Microsoft partner programs[^] and see for yourself the crude truth about it. As an example of the stupidity of the "trustworthy" label, don't you remember RealNetworks's RealPlayer and RealDownload were certified spyware-free by so-called "trusted" audit companies, and detractors of those gratuitous claims were initially threatened[^]. You know what happened since then. This says a lot about what to expect from it. The addition of "Enron" effect, and the side effects of the EULA whenever you install some software. Regarding "trustworthiness" in Microsoft, today it's a buzzword only aimed to attract and retain customers, especially when Microsoft is basically adding no value on the software upgrades while at the same time forcing customers to buy them (software assurance licensing, ...). Remember that there are only a few certificate publishing authorities, and one of those, Verisign, is acting poorly for many years : you know what they are currently doing with the backbone of the internet, but you should also know about the many round of layoffs and employee fucks that happened there. In addition, Verisign is a subsidiary of Microsoft, and well-backed. They can't be labelled as actually being Microsoft simply because it wouldn't be credible that Microsoft is part of both sides of the game. The recent "msblast sobig" wave of virus are clear attacks against Microsoft. But Microsoft has ridden the horse back and is now using this as to push even further their marketing campaign forces with "why a new operating system is definitely recommended". They use it to sell Windows Server 2003 these days. If you see the bullish Ballmers videos[^] (on CNET site two weeks ago, another site backed by Microsoft ads), you'll hear him saying "the world is full of terrorists, we have an answer to this, a new shield". While he doesn't mention the name of that new
-
Navin wrote: Unix programs generally don't need this, unless they really are system tools (in which case an admin would be installing them anyway.) The problme with this is most Personal Computers do not have a administrator if someone goes out and buys an e-machine and can't install any utilities like Antivirus software without the consent of a special administrator it isn't really a Personal Computer anymore Matt Newman
Sonork: 100:11179 "If you're Noah and you're facing the Flood, don't call a lawyer, start building an Ark." - David CunninghamThat is true. However a home user who cares about security should be able to at least lock down their own system. Perhaps general use requires no password, but administrative tasks requires a special login. Some users would do this, and some won't. It's kind of like a house... some people like having one key that opens every door, others have different keys for the front or from the back. If your nose runs and your feet smell, then you're built upside down.
-
Navin wrote: A driver gets to be 'certified' becuase it passes a set of tests, and gets a stamp of approval from MS. I get the feeling for Longhorn and future OSes, they'll take this concept on to all software running on the machine. It won't be anything new. You know that ActiveX signature dialog box on IE? Navin wrote: Whereas the Unix/Linux concept is, an 'administrator' user can set run, read, write permissions on a file by file basis. You say this as if in Windows you can't. Navin wrote: You can do some of this in Windows, but I don't think you can specify some programs to run as 'user' and others to run as 'admin' in this way. Oh, you mean this: http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/sys\_srv\_secondary\_logon.htm on Windows 2000 and http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/proddocs/runas.asp on Windows XP.
Help me dominate the world - click this link and my army will grow
Daniel Turini wrote: It won't be anything new. You know that ActiveX signature dialog box on IE? I get your point, but I don't think that is the same thing. With a driver you send your code to MSQL, have it examined by hardware and software specialists and verified on different platforms before Microsoft sign the driver. With an ActiveX signature you just pay some company to create a certificate that is supposed to show that you* were the one who wrote the software. You can apply it to any software you write after that. # moliate * and if you apply for a certificate in the name of "Thor, God of Thunder; Valhalla road 1; Asgaard", I don't think you'll be turned down by most signing companies...
The corners of my eyes catch hasty, bloodless motion - a mouse? Well, certainly a peripheral of some kind.
Neil Gaiman - Cold Colours