Re: [Asrg] Bug, or Feature?
mathew <meta@pobox.com> Tue, 01 July 2003 17:48 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA08664 for <asrg-archive@odin.ietf.org>; Tue, 1 Jul 2003 13:48:35 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5RINBI21668 for asrg-archive@odin.ietf.org; Fri, 27 Jun 2003 14:23:11 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VxsG-0005bv-Pp for asrg-web-archive@optimus.ietf.org; Fri, 27 Jun 2003 14:23:04 -0400
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA09284; Fri, 27 Jun 2003 14:22:42 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VxrQ-0004o3-21; Fri, 27 Jun 2003 14:22:12 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VuO1-0002P9-0t for asrg@optimus.ietf.org; Fri, 27 Jun 2003 10:39:37 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA27971 for <asrg@ietf.org>; Fri, 27 Jun 2003 09:54:17 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19VtgA-0002n3-00 for asrg@ietf.org; Fri, 27 Jun 2003 09:54:18 -0400
Received: from rwcrmhc11.attbi.com ([204.127.198.35]) by ietf-mx with esmtp (Exim 4.12) id 19Vtfz-0002mn-00 for asrg@ietf.org; Fri, 27 Jun 2003 09:54:07 -0400
Received: from pobox.com (h005018086b3b.ne.client2.attbi.com[66.31.45.164](untrusted sender)) by attbi.com (rwcrmhc11) with SMTP id <2003062713531601300oql29e>; Fri, 27 Jun 2003 13:53:16 +0000
X-Habeas-Swe-6: email in exchange for a license for this Habeas
Subject: Re: [Asrg] Bug, or Feature?
Mime-Version: 1.0 (Apple Message framework v552)
Content-Transfer-Encoding: 7bit
From: mathew <meta@pobox.com>
In-Reply-To: <16123.27931.953786.128919@world.std.com>
To: asrg@ietf.org
X-Habeas-Swe-1: winter into spring
X-Habeas-Swe-2: brightly anticipated
X-Habeas-Swe-3: like Habeas SWE (tm)
X-Habeas-Swe-4: Copyright 2002 Habeas (tm)
X-Habeas-Swe-5: Sender Warranted Email (SWE) (tm). The sender of this
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
X-Habeas-Swe-7: warrant mark warrants that this is a Habeas Compliant
X-Habeas-Swe-8: Message (HCM) and not spam. Please report use of this
X-Habeas-Swe-9: mark in spam to <http://www.habeas.com/report/>.
X-Image-Url: http://meta.ATH0.com/photos/MailPictures/meta@pobox.com
Message-Id: <B3849D1C-A8A6-11D7-9731-00039380F1B6@pobox.com>
X-Mailer: Apple Mail (2.552)
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Fri, 27 Jun 2003 09:53:16 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
On Thursday, June 26, 2003, at 06:00 PM, Barry Shein wrote: > These long-winded apologias for microsoft are touching (and I hope > paid for!) > > HOWEVER, what would've been so hard about putting in a goddamn pop-up > confirm box triggered at the system level which said something like: > > THAT ACTION IS TRYING TO MODIFY YOUR SYSTEM > SOFTWARE AND/OR THE REGISTRY etc etc. > > Proceed? [YES] [NO] [HELP] > > based on some reasonable rules so it's a reasonably meaningful > warning? Lord knows they ask confirmation for everything else you do > it seems. The interesting thing is that it's mostly possible to configure a Windows 2000 system this way. I have to use Windows 2000 at work, and I always run as a completely untrusted user with no registry or system modification privileges. I also remove Outlook Express and its various hidden components which many worms and viruses use to do their nasty tricks, and disable ActiveX and scripting in IE. I use Mozilla as my web browser. This week I twice had a warning dialog caused by an installer failing to install some piece of unidentified software which I had not asked for. I tried to track down where it came from, but Windows doesn't seem to offer much of an audit trail for "What launched this process?" Of course, there are still all the unpatched security holes that allow privilege elevation, but 99% of the problem is IE, ActiveX, Outlook, and running as admin the whole time. Microsoft could fix those problems tomorrow if they wanted to. The sad thing is, running as an unprivileged user breaks a *lot* of software, including some commercial applications. The culture of zero security in Windows is so ingrained now that it's assumed your Windows system will be wide open to the world. Mac OS X is mostly locked down by default. You can trash the applications, but you can't change the OS or startup sequence without a dialog requesting root privileges. Apple also recommend the "running as an unprivileged user" approach, though they don't make that the default. Unlike in Windows, running as an unprivileged user on a Mac doesn't break much. So far I've only had one application have problems. (Adobe Photoshop Elements, in case anyone's curious, and they have a note about it in their knowledgebase.) mathew _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Bug, or Feature? gep2
- Re: [Asrg] Bug, or Feature? Vernon Schryver
- Re: [Asrg] Bug, or Feature? Barry Shein
- Re: [Asrg] Bug, or Feature? mathew