Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [Roy Schestowitz Lies Again] Windows Permits Anyone to Become an Administrator (was: [News] Windows Permits Anyone to Become an Administrator)

  • Subject: Re: [Roy Schestowitz Lies Again] Windows Permits Anyone to Become an Administrator (was: [News] Windows Permits Anyone to Become an Administrator)
  • From: "Mathew P." <Mathew@xxxxxxxx>
  • Date: Sat, 23 Sep 2006 07:40:30 GMT
  • Newsgroups: comp.os.linux.advocacy
  • Organization: March of the Penguins
  • References: <3403397.VrdnS3GvbK@schestowitz.com> <s7b2alqjv2q2$.dlg@funkenbusch.com> <qu8eu3x8mj.ln2@supertux.my.domain>
  • User-agent: slrn/0.9.8.1 (Linux)
  • Xref: news.mcc.ac.uk comp.os.linux.advocacy:1158850
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2006-09-22, Jerry McBride spake thusly:
> Erik Funkenbusch wrote:
>
>> On Fri, 22 Sep 2006 21:16:43 +0100, Roy Schestowitz wrote:
>> 
>>> Windows XP Privilege Escalation Exploit
>>> 
>>> ,----[ Quote ]
>>>| Running A Desktop With Full System Privileges
>>>| 
>>>| A tutorial on how to trick Windows XP into giving you system privs.
>>> `----
>>> 
>>>
> http://passivemode.net/updates/2006/6/5/windows-xp-privilege-escalation-exploit.html
>>> 
>>> No need to even depart from La-la Land. No buffer overflows; no physical
>>> intervention; no social engineering. Proof that the operating system is a
>>> toy.
>> 
>> Wrong, Roy.  Again.  Physical access to the console is required.  This
>> will not work remotely because the /interactive switch only allows it to
>> interact with the default desktop.
>> 
>> Second, You have to be an administrator already, or been given the rights
>> to create at jobs deliberately.  As such, either way, you have to have
>> Administrator in order to do this.  If you have Administrator rights, you
>> can do anything you want anyways with a little work.
>> 
>> It's equivelent to a root exploit on Linux in which bash is setuid root.
>> You have to be root to setuid root in the first place, so it's hardly a
>> real exploit.
>
> Everybody is ROOT on windows.... Haven't you heard???

You beat me to it. The default set up is to auto log into your account as
admin, which I dare to gerealize, most people don't even realize has happened
because they are not accustomed to the concept of opening and closing doors,
at least in the metaphorical sense, by loggin in and out of an actual user
account. Even if this example user knows what it is to log to an individual
non admin (Not the same as root, but for the sake of example I concede
the point) account, chances are, thanks to microsoft culture, they can't
imagine why doing so would have any advantages security wise or in any other
way. To them, a computer should (can?) never be used in any way that isn't just
like running windows 98. Start up computer, use, shut down computer. Don't dare
leave it idleing when your not using it since anyone who has been using windows
long enough to understand what it does knows that leaving it running is an
dinner invitation to the god of chaos. OK, coming back to the Linux root level
account: To compare windows admin level access to *nix root level access is
simply not accurate, and misleading to those reading your post who aren't
familiar with *nix and/or the deep level functioning of windows.

This is because, amoung other things, Linux and all it's *nix relatives in
the family tree (pun intended) have been designed from the feet up, starting
from the very beginning incarnations, to be based around a secure format
that is based on a file ownership concept. Since everything is a file to *nix
including hardware, everything in the system can be, and is, permission allocated
to any level of any user, group, or all other system users (or all three groups)
that is determined by the root user who can set and change user permissions and
home account setups or change system wide permissions. As a matter of
interesting trivia, windows "root kits", which, for the uninitiated, are
exploits to remotely gain control of the computer through weaknesses in the
system, are _many in number_ and _easily implemented_ . I'm sure you will
google it, and find a way to refute it that sounds resonable. I would expect
nothing less.

That's cool.

Note to the silent reader: use a search engine such as google.com on the words
"windows" and "root kit" in the same search line, and see what interesting information
you get.

Windows wasn't designed around a secure model. It's never been the design philosophy
and now it's probably too late to change that. Microsoft is giving it a go
with Vista. It's not looking promising, but we'll see.

Security wasn't part of the plan when MSdos was implemented, and subsequently
windows. Security has subsequently been a process of develping a sort of "bolt on"
addition process utilized with new version realeases and service packs. Unfortunately
this dosen't address the real problem: the basic premise of function with the
Microsoft family of OS's doesen't properly and effectively address concepts of
resource ownership. As a result windows continues to expose itself to potentially
serious security breaches.

Thanks for giving me the opportunity to present some facts about windows
and Linux,

Regards,

Mathew  





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFFFOTolkJ5K/IU2ToRAoJBAKC4ViOwKk7st2UpUumwZ0QTLjBDDQCfalZZ
6H3YZD/daQh26dbxzaQT5EE=
=o5Td
-----END PGP SIGNATURE-----

-- 
"Always do the right thing: It will delight /  Aluminum Foil Deflector Beanies  
some and astound the rest" - Mark Twain    / Psychotronic protection, low prices

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index