From owner-freebsd-questions Thu Jan 3 6: 8:48 2002 Delivered-To: freebsd-questions@freebsd.org Received: from ns2.worldgatein.com (ns2.worldgatein.com [203.109.64.24]) by hub.freebsd.org (Postfix) with ESMTP id 33B7037B416 for ; Thu, 3 Jan 2002 06:08:43 -0800 (PST) Received: from rivendell.worldgatein.net (interoffice.worldgatein.net [203.109.64.31]) by ns2.worldgatein.com (Postfix) with ESMTP id D978ABE02 for ; Thu, 3 Jan 2002 19:36:57 +0530 (IST) Received: by rivendell.worldgatein.net (Postfix, from userid 1001) id A2C4532609; Thu, 3 Jan 2002 20:41:24 +0530 (IST) Date: Thu, 3 Jan 2002 20:41:24 +0530 From: Devdas Bhagat To: freebsd-questions@FreeBSD.ORG Subject: Re: Securing systems (was Re: Teaching parents UNIX) Message-ID: <20020103204124.A3077@rivendell.worldgatein.net> Reply-To: Devdas Bhagat Mail-Followup-To: freebsd-questions@FreeBSD.ORG References: <1DA741CA6767A144BAA4F10012536C27A97C@LKLDDC01.GARGANTUAN.COM> <20011230000519.GB7709@raggedclown.net> <20011229220904.A493@starpower.net> <20020102210414.D569@rivendell.worldgatein.net> <010f01c193ca$10b32fa0$0a00000a@atkielski.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <010f01c193ca$10b32fa0$0a00000a@atkielski.com>; from anthony@freebie.atkielski.com on Wed, Jan 02, 2002 at 09:14:20PM +0100 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 02/01/02 21:14 +0100, Anthony Atkielski wrote: > Devdas writes: > > > Howeve, I will blame MS for one thing. they > > always value convinience over security. > > Why do you blame MS for that? They simply provide what people are willing > to buy. Despite all the talk about security, the vast majority of users in > the world--even "professional" users--want convenience, not security. I'm on the list, please do not Cc: I like my convinience too. Thats why so many things are scripted. Thats why I like Unix :). My point is that a number of things could be made more secure without seriously inconviniencing the user. The concept of a home directory comes to mind. DOS, and Win9x were never supposed to be used by multiple users. NT was. NT has the same base concepts as 9x though , wrt security. Win2K is much better in that respect, but it has a long way to go before it can come upto the standard level of convinience and security that unix has set. (Note that I'm not saying that unix is perfect by any means, its just that it has a reasonable balance between security and convinience). The fact that unix does not require the user to be root always, or even most of the time helps a lot. I can install stuff in my home directory, and not worry about others being affected by it (mostly). On Windows, any user can instll anywhere, unless the admin locks the box down, which is a long and painful process. Yeah, GUIs suck there, when doing bulk work. It doesn't cost MS anything to ship with major holes closed by default, HTML email not being the default, not running rpc services for the desktop, but they still do it. Most administrators don't make these changes, and then get blamed for it. They deserve the blame, but in a system for *corporate* environments, I would definitely put admin convinience over end user convinience for the defaults. Since NT, and Win 2K are aimed for that environment, they should be shipping locked down, and requiring permissions to be set for users to do stuff. Ok, enough ranting for the list. All the rest to be sent to private email please. Devdas Bhagat To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message