On Dec 17, 2004, at 11:56 AM, Nate Duehr wrote: > I contend that they can do less to a compromised *nix system if > they compromised it as a non-root user. But wasn't someone else talking about that "other" class of unix crack, not found for windows - getting root access once you've compromised a non-root user? While this is theoretically more difficult than tricking the non-priv'ed users, the number of possibly suspect buggy applications goes way up too... > Which type of system should they start with? The secured one that they > have to make conscious decisions to make less secure, or the unsecured > one they have to lock down? "SHOULD"?! They should start with the system that provides the applications, tools, and network environment that they're required to use. "Security" should NOT be a major decision point at the USER level. At the corporate IT decision-making level, other criteria apply - THEY'RE the ones who should make the security decisions, and they should be distributing the secured versions of the OS and tools in question. But there are yet more decisions made at that level that are rarely noticed by a single user, and you risk running into the situation we have here - nice IT-supported systems seem to work pretty well, as long as you don't mind them occasionally reducing the system to a crawl in the middle of your workday while they run viruscan and such. But god help you if you've bought some sort of instrument (scope, device programmer, etc) that happens to use windows as its OS - that'll be infected within minutes if it's not up to date. And also look out if you happen to prefer a different OS/platform; "Gee, I'm sorry, but your Mac/freeBSD won't be allowed to connect to our wireless network because it doesn't support the latest semi-proprietary authentication and encryption schemes..." Sigh. BillW _______________________________________________ http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist