-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2006-09-23, Erik Funkenbusch spake thusly:
> On Sat, 23 Sep 2006 12:22:24 GMT, ed wrote:
>
>> On Sat, 23 Sep 2006 04:57:51 -0500
>> Erik Funkenbusch <erik@xxxxxxxxxxxxxxxxxxxxxx> wrote:
>>
>>> On Sat, 23 Sep 2006 07:40:30 GMT, Mathew P. wrote:
>>>
>>>>> Everybody is ROOT on windows.... Haven't you heard???
>>>>
>>>> You beat me to it. The default set up is to auto log into your
>>>> account as admin, which I dare to gerealize, most people don't even
>>>> realize has happened because they are not accustomed to the concept
>>>> of opening and closing doors,
>>>
>>> That's true of standalone Windows, but not when used in a corporate
>>> environment. The default in a domain environment is to make users
>>> restricted normal users. You have to go out of your way to make them
>>> even local administrators. And, since physical access to the computer
>>> is required anyways, if someone is breaking into your house and
>>> getting access to your computer, you've got bigger problems.
>>
>> What if you just don't want your child to get admin?
>
> Your child can get admin whenever they want on any box they have physical
> access to. Linux or Windows or Mac.
Bruce Schneier changed his data and system security focus some time ago.
He went from emphasizing strong encryption to emphasizing physical access
controls. He wrote that Crypto analysis isn't even neccessary when an
attacker has physical access to the keyboard. In short, anyone who can
sit in front of the machine undisturbed will eventually get in given
a strong enough motive to do so. It is trivial for the pro.
You're right in as much as the above is true. However, some systems
lend themselves to physical access attack better than others. There
are lots of smart kids out there, but one thing is certain; a computer
running SELinux with the root account protected using strong alphanumeric,
long shadow passwords, is going to be *significantly* more difficult to
breach at the physical access level than many of the other commercially
available systems. The same can be said of any unix-like operating system.
Windows in particular, *cannot* hold a candle to this level of lock down
in the home environment assuming a user that even half way knows what
he/she is doing when setting up. Don't believe me? run John The Ripper
on Windows and on Linux.
Regards,
Mathew
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFFFl26lkJ5K/IU2ToRApFdAJ4kyad2t1/vdzpOk3YIMiC5+JFFTQCg11JK
m+MGMLz21LSBpo5II8HxkoY=
=yOUv
-----END PGP SIGNATURE-----
--
"Always do the right thing: It will delight / Aluminum Foil Deflector Beanies
some and astound the rest" - Mark Twain / Psychotronic protection, low prices
|
|
