Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Code Project
A

ArmadilloOnFire

@ArmadilloOnFire
About
Posts
1
Topics
0
Shares
0
Groups
0
Followers
0
Following
0

Posts

Recent Best Controversial
  • Windows Security Forced down developers troaths.
    A ArmadilloOnFire

    As a system administrator since the late 80s, I can think of no single factor that has been responsible for more general problems, frustration, lost productivity, and down time than software which *requires* local administrative permissions in order to run. Even today, there is a great deal of commercial software which, while it may be fantastic at serving the production needs of a particular vertical, makes little to no effort to work properly within the Windows security framework. The Principle of Least Privillege has been around - and deservedly venerated - since the very earliest days of computing. Some of the earlier MS operating systems (3.1, to some extent 95) did not incorporate that principle stringently, and so we wound up with a couple generations of applications that paid little attention to properly isolating user and program permissions. Consequently we saw legions of machines where the average user was granted inappropriate adminsitrative permissions on their machines. Those folks promptly went out to pounce on the first attractive looking virus, or sometimes they would simply render their machine inoperable by 'investigating' some of the lower level configuration options on their machine. "Windows is insecure and unreliable" came the outcry, but was the main problem the OS itself, or the applications that required it to be set up to fail? The answer is certainly "both" to some extent, but huge amount of trouble could certainly have been avoided had developers more often taken the approach of designing their software suit the security model of the operating system rather than requiring the security model of the operating system to be compromised to avoid their development challenges. Almost all the fundamental parts of the current security model, including registry segementation have been around as long as the Win32 API - but many developers continue, more than a decade after their release, to look for ways to 'get around' sensible security measures, rather than conform to them. Even more insidious, I seen many cases where developers *knowingly* bump end users up to full administrative permission in production situations in order to increase instability since they also carry maintenance agreements for those sites. Dozens of times I've arrived at such sites after the customer finally got so frustrated with their level of downtime that they decided to try another option. Typically after a few weeks of eliminating privllege elevations and tightening things down to the point that fo

    The Lounge business question sysadmin windows-admin linux
  • Login
  • Don't have an account? Register
  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups