On Thu, 2004-12-16 at 20:55 -0800, William Chops Westfield wrote:
> On Dec 16, 2004, at 8:10 AM, Herbert Graf wrote:
> >
> > Sorry, no. Most *nix distros get "dumb" users to run as "normal" users,
> > that means the worst damage they can do to a system is their own home
> > directory.
> >
> Oh.  You have personnel to manage the "non-home" directories?  Cool.
> With that much help, I could probably make a windows system secure, too.

Nope. The only time a "non home" directory needs changing is if you're
either adjusting the OS for something, or for SOME software
installations. In both cases a temporary su to root is necessary. It is
very unlikely that something will happen for just the short while you're
root.

> Besides, nowadays the obnoxious things that a cracker might do with
> a compromised system don't necessarily involved a need for root access. 
> :-(

We're not talking obnoxious.

> I know several people with professional unix administration experience 
> and
> quite a lot of brains that discovered the hard way that their 
> net-visible
> unix system was a lot more difficult to keep secure than they expected.

Without a doubt. I personally don't recommend ANY PC is directly
connected to the net, even a consumer router provides an effective
defence.

> (of course, it helps that a unix system sort of starts out secure and 
> becomes
> less so as you make it do useful things, while a windows box (prior to 
> SP2,
> anyway) starts out horribly insecure and requires expertise to MAKE 
> secure
> to a point where you even dare to connect it to the internet...

Which is my point exactly, and why many consider windows flawed by
design. TTYL

-----------------------------
Herbert's PIC Stuff:
http://repatch.dyndns.org:8383/pic_stuff/

_______________________________________________
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist