Thread: computer clocks
View Single Post
  #134   Report Post  
John Rumm
 
Posts: n/a
Default
Mary Fisher wrote:

Despite Linux's inherent security model, there is nothing to stop people
messing it up if they do stupid things while logged in as root.


I wish I understood the language you're using, isn't it possible to say it
without using jargon? While I understand the need for jargon among Those Who
Know, it's not helpful to those who don't.

I take it you mean the bit about "root"?

Unix and similar platforms have always been multi user systems. The OS
supports a security model that allows the person who administers the
computer to control in very fine detail exactly what each user can see
and do with the computer (i.e. which files they are able to read, those
they can write, applications they can use). This "super user" uses an
account that is traditionally called "root". They have root privileges
which allow them to do anything they like to any file on the system,
irrespective of who it belongs to, or whether it is a critical part of
the OS itself. The accepted wizdom in these circles is that ordinary
users are given accounts that do not have these privileges. Hence they
are unable to access critical system files or files belonging to other
users. Even a user with a root account would typically have a separate
less privileged one for thier day to day activities, simply as a
safeguard against them doing something silly. One of the affects of this
is that should a user get duped into running a malitious application,
there is still very little it can do to cause harm because the user does
not have the privilege to do widespread damage to the system.

Versions of windows in the 9x line (i.e. 95, 98, ME) don't support any
of these concepts. Anyone sat in front of the computer has complete
control over it. Hence any application they run also has free reign.

Versions of windows in the NT Line (NT3.5 - 4.0, Win2K, WinXP, Win
Server 2003), however do support these concepts. They have a root
account that is by default called "administrator". A well setup system
can be orgainised in exactly the same way as the typical *nix system.

However there is a cultural difference. Very few of the people now using
these systems are instructed to create themselves a less privileged
account to use for day to day activities. Microsoft don't shout it from
the roof tops, even though they know it to be a good thing. In the case
of Windows XP Home Edition, they even hide the fact that these
capabilities exist, and hence you automatically end up doing everything
with administrator privilege. Presumably this is because they feel these
concepts would add complexity for the user, especially the one who has
graduated from the Win98 system, and is used to being able to install
what they want, when they want, without giving it a second thought.
However by allowing them to use the system without having to lean some
of these security fundamentals, they lay them open to all sorts of
future problems.

There is a worrying trend with some of the Linux versions that are
targeted at Windows users, of them following this same path.


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/
Reply With QuoteReply With Quote