[CS-FSLUG] Five Linux Security Myths You Can Live Without

Don Parris evangelinux at thefreelyproject.org
Tue Apr 26 11:06:40 CDT 2005 

On Tue, 26 Apr 2005 11:18:34 -0400
Frank Bax <fbax at sympatico.ca> wrote:

> At 08:56 AM 4/26/05, Bob Brown wrote:
> >It is hard to run in a limited account on XP as a standard user.
> >This is not necessarily a problem with XP, but in the outside software
> >developers who still hang on to legacy practices.
> 

<SNIP>
> 
> >On the network at the church everyone runs on limited access except
> >for the admins. If anyone needs anything installed then an admin needs
> >to log in for it.
> 
> 
> At a local non-profit where I provide some support, its worse than 
> that.  The network is part of an NT domain.  There was no way we were
> going to give normal users Admin rights within the domain, so they are
> forced to choose between: (a) normal user rights with network access, and
> (b) admin rights to their own machine with no network access.  We were
> forced to allow (b) because some software will only run in that mode. 
> Apparently some users switch back and forth several times per day. 
> 
> 
> _______________________________________________


Now *that's* ugly! :)  I took an MCSE course back 3 years ago, but never
tested (school was a scam, I'm stuck with the bag and nothing to show). 
While I learned the basics of Windows security - assigning user rights, etc.
- I never got real deep into it.  Ironically, it was in that class that I
got turned onto SUSE 8.0 (the instructor was playing with it, and two of us
in the class were using Mandrake).  After loading SUSE, I almost literally
never looked back at Windows.  I was booting into it less and less, until
last November, when I migrated to SUSE 9.2.

I do know that, at work, most programs run with the same privileges as the
user running the program.  Also, knowing that I have write access to the
system folder seems a scary thing to me, from an admin point of view.  I
don't think the company has ever had to worry about that, and their security
team is excellent. 

SUSE's Yast gives me a tool that let's me choose the security settings
appropriate for a home workstation, a LAN station, or a LAN server. You
would have to do that manually in Windows(as far as I can tell). Either
that, or get a 3rd party app that does that.  I also make sure that "." is
*not* in root's path statement.

Don
-- 
evangelinux    GNU Evangelist
http://matheteuo.org/                   http://chaddb.sourceforge.net/
"Free software is like God's love - you can share it with anyone anytime
anywhere."

More information about the Christiansource mailing list