[CS-FSLUG] Five Linux Security Myths You Can Live Without

[Frank Bax]

At 08:56 AM 4/26/05, Bob Brown wrote:
>It is hard to run in a limited account on XP as a standard user.
>This is not necessarily a problem with XP, but in the outside software
>developers who still hang on to legacy practices.

Exactly.  The recent post about upcoming Longhorn security suggests 
Microsoft will attempt to fix this, although its unclear how.  The problem 
is that developers do their development while logged in with admin 
priveledges, so software does not run properly without those 
privileges.  It doesn't help that the default install gives initial user 
Admin rights.  If MS follows through on the proposed changes, I expect 
Windows will go through even more growing pains.  It'll be worse than 
SP2.  MS has already stated earlier that no existing software will run on 
Longhorn.  Both are good changes for Windows (as they catch up to Linux), 
but will the user community stick with them if software vendors do not 
comply?  Will Linux be more appealing, because these issues have already 
been addressed?


>On the network at the church everyone runs on limited access except
>for the admins. If anyone needs anything installed then an admin needs
>to log in for it.


At a local non-profit where I provide some support, its worse than 
that.  The network is part of an NT domain.  There was no way we were going 
to give normal users Admin rights within the domain, so they are forced to 
choose between: (a) normal user rights with network access, and (b) admin 
rights to their own machine with no network access.  We were forced to 
allow (b) because some software will only run in that mode.  Apparently 
some users switch back and forth several times per day.