Focus on Apple
Re: What's George Ou smoking? Feb 16 2007 07:35PM
Thor (Hammer of God) (thor hammerofgod com) (2 replies)
Re: What's George Ou smoking? Feb 20 2007 10:23AM
Michael Dalling (mtdalling gmail com)
On Friday 16 February 2007 19:35, Thor (Hammer of God) wrote:
> If you are still running interactively as admin, that is YOUR problem, not
> Vista's.

... in a manner of speaking. But Microsoft has the user set up an admin
account and really leaves it at that.

And Apple is no different in this respect. Anyone who went to Apple's site
and read the security documents would discover that Apple recommends
otherwise, but how many people would do that? It seems to me that the way
the set-up runs would lead a user to confuse the accounts and physical
ownership of the machine. The 501 account will use the owner's name and
information that he's submitting to Apple (submitting, that is, unless he
quits the relevant screen).

I haven't used Vista, but it seems to me that its UAC differs somewhat from
how I'd escalate privileges on OS X or Linux. First, as I understand it, if
I'm running as an administrative user (which users typically do on Windows,
because that's what they're led to do) I don't need to authenticate; I merely
click to approve. Secondly, I've read that it's not always clear what has
triggered the dialog--if true, that seems a bad thing to me. Thirdly, I've
also read that once the dialog pops up the user has to respond to it before
he can do anything else. On OS X you could certainly carry on working in a
different application and come back to your authentication dialog. The fact
that, apparently, you can't on Vista seems another incentive for people to
click through. One can imagine likely scenarios in home use such as a parent
leaving the room without locking the screen, a dialog popping up, and a child
clicking through. He couldn't do that on OS X, because even on an admin
account he'd need to submit an administrator's password.

But it was Mr. Ou's comments on Joanna's Rutkowska's criticisms that surprised
me. One would get the impression that Mac and Linux users are typically
downloading installers from the Internet and having to run them with admin
privileges. I simply don't think that's true. I already said what I
understood the position to be on OS X. On Linux it seems to me that,
typically speaking, applications software comes via one's vendor and is
installed from its repositories with a package manager. So here installing
an application is no different from getting Windows Updates/Software Updates
from MS or Apple, and there is no problem. OTOH, someone might install, for
example, the flashplayer. But that will be in his Home area in
~/.mozilla/plugins, and he didn't need to give the installer admin privileges
to run it.

Maybe I'm missing something, but it seems to me that what typically happens on
either Mac or Linux isn't like Joanna's imagined Tetris-scenario at all.

--
Michael

[ reply ]
RE: What's George Ou smoking? Feb 19 2007 02:55PM
Don Rhodes (drhodes mail colgate edu)


 

Privacy Statement
Copyright 2010, SecurityFocus