MyDoom (was: Test)
Dan Jenkins
dan at rastech.com
Wed Feb 4 02:00:59 EST 2004
A debate on Windows vs. FOSS security does have to take into account the
applications being run on the operating system. I rarely hear anyone
mention that in these discussions. A secure OS does little good if the
applications require security to be overridden for them to operate.
Regularly I encounter Windows applications that require higher
privileges to install or even to run than I would normally be willing to
grant users. Or they require considerable analysis to identify just what
areas they need extended privileges in which to operate.
For example, one of our clients must use a specific program to view CAD
drawings which requires Administrator rights to RUN, not just install.
So every user in the company has to have administrator rights to view
their major customer's attachments! I realize that analysis might
identify all the registry keys, directories and files this application
needs access to and allow the sysadmin to grant the specific rights
required. But, the average end user is not going to do that - especially
when the viewer's instructions say it must be run with Administrator
privileges.
I've seen a number of applications which require Administrator rights to
run. I see many that require Administrator (not even the more
restrictive Power User) rights to install. Using what I consider
reasonable security on a Windows system often means that the end-user
cannot install their own software - which many see as a god-given right
or, at least, an impediment to their job. I realize installing software
can be dicey security-wise and perhaps ought to be limited to a
higher-level of security, but requiring high level rights just to
install an attachment viewer, a pricing catalog, a font package or a
file upload utility (all of which I've encountered recently) seems
excessive to me.
--
Dan Jenkins (dan at rastech.com)
Rastech Inc., Bedford, NH, USA --- 1-603-624-7272
*** Technical Support for over a Quarter Century
More information about the gnhlug-discuss
mailing list