> I know this is an Apple list, but I had to respond to this one point.

Ditto

> Non-privileged users should not be offered an option to do something

> they

> normally can't do. They should simply be prompted that what they are

> trying to do requires a higher privileged account. If they know how to

> do

> that, they can su, sudo, runas or whatever, and do it. If they don't,

> they

> don't.

Then simply change the default UAC "Behavior of the elevation prompt for standard users" setting from "Prompt for credentials" to "Automatically deny elevation requests." Then the process will automatically fail, and all "runas" functionality is still in place. Sorry about your IE installation woes, but that's got to be because of a learning curve. Everything everyone is complaining about in Vista can be very easily fixed or addressed with just a bit of "learning," including app compatibility settings. If we want security to get better, then we will have to "learn" how to do things differently. The thought that our security context can improve within an environment where people stubbornly continue to do the same things the same way is naive.

> The more I use Windows the less I like it. And I don't consider their

> security "enhancements" enhancements at all. They're security

> irritants,

> nothing more. Yes, they've closed some holes, but, overall, their

> "security" is a hodge-podge of warnings that people ignore wrapped in

> privilege escalations that people don't understand. In the end,

> they're

> less secure, because they don't even understand what they've done.

I'm not sure what you are asking for. If your concern is people who ignore warnings and people who don't understand privileged escalation, then change the "warning" to a "credential requirement" so they can't perform the privilege escalation they don't understand without proper credentials. If they know the admin credentials but still don't understand the privileged escalation, then take the prompt away completely so that they don't even get the opportunity. Even better *educate* your users as to what warnings mean and what escalation is. But at least you have the CHOICE on how to do it in Vista (and XP). If you can't educate your users, then take away their capacity to inflict damage upon themselves and others. The "security enhancements" in Vista provide strong, viable, and manageable methods to secure an enterprise, and they all come bundled as part of the OS. You said yourself that OSX enterprise management tools run into 6 figures. With a single GPO, I can push out firewall configurations (both ingress *and* egress) to my entire enterprise. I can turn settings on and off with a click. I can push out IPSec configurations the same way. I can open everything up for a network free-for-all, or I can lock it down so that the only thing people can run is notepad.exe. And all of my machines can automatically receive and install updates without having to manually enter the admin password (which is something I've never been able to do with my Mac - I can download them in the background, but I have to know my admin password to install them) Those are not "irritants."

One "mistake" Microsoft may have made in their security strategy that they may have actually listened *too much* to all the jibba-jabba. It wasn't that long ago that every other post on Bugtraq was some "l337 haxx0r" spouting off about how they could pwn a box "and all they had to do was get the user to download some .exe and run it as administrator first." And the media pundits would pick it up and run with it. Everyone was all about "users don't read warnings, and M$ suxx0rs because they don't understand security." So they build in the UAC with accompanying customizable settings to helps stop people from doing silly things (because "runas" 7 years ago apparently was not enough), and now we have Mac commercials going on about how many warnings Vista gives and how hard it is to use. If any mistake has been made, it is that processes and controls have been built around a mindset of "we can be as irresponsible as we want and we can download whatever we want from wherever we want and the OS will protect us." Bottom line (IMHO) is that if we as an industry are going to take the next step in security, we have to take *responsibility* first. We can blame everyone else under the sun for the mistakes our users make all we want, but at the end of the day, they are still *our* users, and *we* have to cash the metaphoric checks that they write.

This goes for Apple too. This entire thread began from an ultra-lame Mac Trojan, but the mere existence of the issue should at least get their attention and give pause to the "we're safe simply because we're on a Mac" thought process. Next steps should be providing for non-admin auto-update functionality and enterprise-related functions like Vista has in regard to "customizing" behavior -- even if they don't perceive them as being need now, they *will* be needed when the userbase grows, particularly in the business sector. Now, they certainly could show market leadership in security by requiring that people take responsibility for themselves, but that would probably come at the expense of market leadership in sales. Ideally, certain functions would be matched to the level of the user, not the level of the user account. To me, that's the next step -- until then, people will continue to do things how they want do, with or without understanding or education, and we will continue to blame the OS.

t

[ reply ]