Discussion on:
View:
Show:
I was surprised to find that Microsoft has a different opinion on what UAC does compared to what the security experts think. That's not a good thing.
Until I reinstalled Windows a year later and forgot to turn it off. It saved me from a virus attack while I was downloading updates on my machine. For that....I have rewarded UAC by leaving it on and will not turn it off now. I have Windows 7 now and it doesn't bother me in the least bit anymore. It actually makes you think a minute before accepting the install. i like it and it si a good/necessary component to Windows.
For sharing your experience. In your case, UAC worked as the security experts say it should. Did you have it in the default setting?
since ive had a similar situation thought i'd reply.. vista was very good.. windows 7 default is not so good. i upped it to the highest as soon as i got it... there was some driver software that i installed that didnt get any prompts for on the default setting which kinda rang warning bells in my head. so pushed the settings up
The drivers must of had digital signatures to not trip UAC.
Thanks for the comments, I can tell people interested in security are reading this post. I am seeing very few complaints about UAC.
Thanks for the comments, I can tell people interested in security are reading this post. I am seeing very few complaints about UAC.
Microsoft security is broken because it is too complex. There is no reason any regular user should be able to start any process that has more rights than that user.
I use Linux. I support Windows. I am often appalled at Windows security design.
Why can Outlook (that I run) do things that I can't? You are just asking for trouble.
UAC just makes things worse by adding more complexity.
The more complex a design, the more chances for flaws.
I use Linux. I support Windows. I am often appalled at Windows security design.
Why can Outlook (that I run) do things that I can't? You are just asking for trouble.
UAC just makes things worse by adding more complexity.
The more complex a design, the more chances for flaws.
Are you using Windows 7 yet? Have you been supporting Vista as well? I would be curious to learn what users have thought about UAC.
I can't remember the last time I've gotten a virus but it's been over 10 years. Just not a problem for me so I get no use out of UAC.
My Dad on the other hand is not an IT guy, he's in Sales. UAC has saved him numerous times from getting MalWare on his computer. When it comes to plain users it seems to be quite effective, though it does seem to annoy everyone equally regardless of profession.
My Dad on the other hand is not an IT guy, he's in Sales. UAC has saved him numerous times from getting MalWare on his computer. When it comes to plain users it seems to be quite effective, though it does seem to annoy everyone equally regardless of profession.
I appreciate you sharing your experiences. UAC seems to have more positive responses than negative ones in this forum.
It is very simple Art...remove users from the local admin group and they run as normal users. It is actually Linux that is to complex for normal users, and that is why you dont find it on most company desktops. Since moving to Windows Vista (and now slowly moving to Windows 7) 2 years ago, we have not experienced a single virus, worm, or malware. It was very simple...dont add users to the local admin group, which Vista made easy.
As for Linux, I ran an evaluation of both SUSE Linux & Ubuntu desktop as a possible cost saving measure for my company with 5 test users for a month, and all rebelled and demanded to go back to Windows. Enough said on that
As for Linux, I ran an evaluation of both SUSE Linux & Ubuntu desktop as a possible cost saving measure for my company with 5 test users for a month, and all rebelled and demanded to go back to Windows. Enough said on that
You are one of the few I know that is running Vista and Win 7 on AD. Is that correct?
I also appreciate your bold statement about Linux. I have asked Linux aficionados about their equivalent of AD and I still am waiting for an answer. What are your thoughts on that?
I also appreciate your bold statement about Linux. I have asked Linux aficionados about their equivalent of AD and I still am waiting for an answer. What are your thoughts on that?
I don't recall seeing that as an acronymn in any of the sources to which you referred in your article.
AD is short for Active Directory. It's Microsoft's management software. It pushes Group Policies out to every computer in the domain.
Now I see why I don't have an AD on my LAN which consists, at present, of one computer and one router. 
I suspect it is one strong reason why MS rules the business world right now. It allows enterprise IT admins to control thousands of computers from one Domain Controller.
If what you want is Active Directory, you should use Active Directory (which, by the way, many Unix and Linux systems support). If what you want instead is just a way to manage many computers centrally, the reason there isn't a single equivalent is that there are many different ways to do so. There's even more than one way to skin that cat with MS Windows; AD is not the only option.
Taking a look at the Unix/Linux side in particular:
1. AD is basically MS Windows' version of LDAP + Kerberos + NDS/BIND + a network filesystem, all of which have been supported by Unix systems for at least ten years longer than on MS Windows systems.
2. Novell offers a suite of "enterprise management" software. Do a search for Novell eDirectory to get started.
3. OpenNMS is a relatively recent addition to the mix.
4. Many Unix/Linux systems can actually plug directly into AD networks -- not just duplicate the functionality, but actually duplicate the Microsoft-specific implementation of that functionality. In fact, back in early 2006 I wrote an article for TR about Samba 4's upcoming support for Unix/Linux based Domain Controllers for Active Directory.
5. As always, Unix and Linux systems offer the tools to roll your own network management systems.
Maybe if you pointed out some specific capability large networks get out of Active Directory that you think you can't get somewhere else, someone can tell you how to get it on other OSes.
Taking a look at the Unix/Linux side in particular:
1. AD is basically MS Windows' version of LDAP + Kerberos + NDS/BIND + a network filesystem, all of which have been supported by Unix systems for at least ten years longer than on MS Windows systems.
2. Novell offers a suite of "enterprise management" software. Do a search for Novell eDirectory to get started.
3. OpenNMS is a relatively recent addition to the mix.
4. Many Unix/Linux systems can actually plug directly into AD networks -- not just duplicate the functionality, but actually duplicate the Microsoft-specific implementation of that functionality. In fact, back in early 2006 I wrote an article for TR about Samba 4's upcoming support for Unix/Linux based Domain Controllers for Active Directory.
5. As always, Unix and Linux systems offer the tools to roll your own network management systems.
Maybe if you pointed out some specific capability large networks get out of Active Directory that you think you can't get somewhere else, someone can tell you how to get it on other OSes.
I seem to vaguely recall you saying something like this before, about a year or two ago maybe:
I have asked Linux aficionados about their equivalent of AD and I still am waiting for an answer.
I also seem to vaguely recall responding to it with a series of options similarly to how I responded this time. Then as now, as I recall, you never indicated you saw my comment.
I hope you actually read what I have to say and, if you find it lacking some important piece of information, I hope you'll tell me -- so this same damned pattern will not repeat itself a year or two from now.
I have asked Linux aficionados about their equivalent of AD and I still am waiting for an answer.
I also seem to vaguely recall responding to it with a series of options similarly to how I responded this time. Then as now, as I recall, you never indicated you saw my comment.
I hope you actually read what I have to say and, if you find it lacking some important piece of information, I hope you'll tell me -- so this same damned pattern will not repeat itself a year or two from now.
First, I am sorry you feel obligated to repeat things, you don't have to.
Second, as much as I value your opinion, I also value the opinion of others and why I may ask a question more than once. I feel bad you have a problem with that.
As for your comments Chad, I read every one, as well as your posts. If you feel that I need to respond to each, I can't. There are occasions where I do not have enough time.
Edit: Spelling
Second, as much as I value your opinion, I also value the opinion of others and why I may ask a question more than once. I feel bad you have a problem with that.
As for your comments Chad, I read every one, as well as your posts. If you feel that I need to respond to each, I can't. There are occasions where I do not have enough time.
Edit: Spelling
Second, as much as I value your opinion, I also value the opinion of others and why I may ask a question more than once. I feel bad you have a problem with that.
The problem isn't that you ask other people for more information. It's that you have, apparently, ignored what I've said in answer to your question -- then gone on to state that nobody has ever answered your question. What kind of interpretation do you thing I should take from your statement that you get nothing but silence when asking for Unix options for solving the "problem" of not having Active Directory in the Unix world?
As for your comments Chad, I read every one, as well as your posts. If you feel that I need to respond to each, I can't. There are occasions where I do not have enough time.
I don't expect you to respond to every comment. Please don't put words in my mouth.
I just find it odd that you act like I haven't said anything in response to your questions, asking the same questions again and explicitly stating that nobody has ever answered them. If there's some aspect of the question that I haven't answered, because you haven't made that aspect sufficiently clear, please clarify. Otherwise, please stop asking the question as if everybody has sat silently dumbfounded when you ask a question that I've actually gone out of my way to try to answer helpfully.
I wondered if maybe you had simply overlooked the answer in the past, but frankly, your offended response here as if I'm accusing you of kicking puppies just tells me that you have read my answers and still insist on acting like I haven't when you ask the same question again. Are you just behaving like nobody has ever answered the question to push some kind of agenda? What's going on here?
edit: The following quote is what you said that elicited my response. I think it's pretty clear, and have no idea why you're acting like it's unreasonable for me to want you to take a moment to acknowledge that I have , in fact, provided an answer to your question to the best of my ability with my understanding of what you asked -- and you have expressed zero dissatisfaction with the answer.
I have asked Linux aficionados about their equivalent of AD and I still am waiting for an answer.
So . . . what's the problem? Is it that I'm not technically a "Linux aficionado", and you for some reason demand that the answer come from such a person -- that it's somehow not valid coming from me instead? Shall I get some Linux aficionado friend of mine to quote me word-for-word for you, or is there some other problem?
The problem isn't that you ask other people for more information. It's that you have, apparently, ignored what I've said in answer to your question -- then gone on to state that nobody has ever answered your question. What kind of interpretation do you thing I should take from your statement that you get nothing but silence when asking for Unix options for solving the "problem" of not having Active Directory in the Unix world?
As for your comments Chad, I read every one, as well as your posts. If you feel that I need to respond to each, I can't. There are occasions where I do not have enough time.
I don't expect you to respond to every comment. Please don't put words in my mouth.
I just find it odd that you act like I haven't said anything in response to your questions, asking the same questions again and explicitly stating that nobody has ever answered them. If there's some aspect of the question that I haven't answered, because you haven't made that aspect sufficiently clear, please clarify. Otherwise, please stop asking the question as if everybody has sat silently dumbfounded when you ask a question that I've actually gone out of my way to try to answer helpfully.
I wondered if maybe you had simply overlooked the answer in the past, but frankly, your offended response here as if I'm accusing you of kicking puppies just tells me that you have read my answers and still insist on acting like I haven't when you ask the same question again. Are you just behaving like nobody has ever answered the question to push some kind of agenda? What's going on here?
edit: The following quote is what you said that elicited my response. I think it's pretty clear, and have no idea why you're acting like it's unreasonable for me to want you to take a moment to acknowledge that I have , in fact, provided an answer to your question to the best of my ability with my understanding of what you asked -- and you have expressed zero dissatisfaction with the answer.
I have asked Linux aficionados about their equivalent of AD and I still am waiting for an answer.
So . . . what's the problem? Is it that I'm not technically a "Linux aficionado", and you for some reason demand that the answer come from such a person -- that it's somehow not valid coming from me instead? Shall I get some Linux aficionado friend of mine to quote me word-for-word for you, or is there some other problem?
Just tell me whether my answer actually answered your question for you, please. If it didn't, please give me some more information about what you want to know so that, if I have an answer, I can share it with you. Maybe we can put that question of yours to rest with a solid answer, one way or another.
Maybe there's something AD does for which there isn't any equivalent functionality on a Unix system (though I doubt it, and can't think of any such functionality). If there's something specific you feel needs to be addressed, let me know and I'll see if I know of a solution to that problem.
Amidst all this, you still haven't actually let me know whether your question has been answered sufficiently, and I don't want to find out it hasn't been answered to your satisfaction by way of you saying that nobody can offer an alternative to AD that runs on Unix and Linux systems in another year or two. If you tell me now what question you meant to imply, that I haven't answered, maybe I can answer it or tell you whether there's any answer short of writing new software, so you'll have an answer now rather than just having the same question in a year or two.
Maybe there's something AD does for which there isn't any equivalent functionality on a Unix system (though I doubt it, and can't think of any such functionality). If there's something specific you feel needs to be addressed, let me know and I'll see if I know of a solution to that problem.
Amidst all this, you still haven't actually let me know whether your question has been answered sufficiently, and I don't want to find out it hasn't been answered to your satisfaction by way of you saying that nobody can offer an alternative to AD that runs on Unix and Linux systems in another year or two. If you tell me now what question you meant to imply, that I haven't answered, maybe I can answer it or tell you whether there's any answer short of writing new software, so you'll have an answer now rather than just having the same question in a year or two.
Are you going to make a cryptic, condescending comment that seems specifically designed to make people hate you?
Oh, wait . . .
Y'know, you're a lot more tolerable in person.
Oh, wait . . .
Y'know, you're a lot more tolerable in person.
Tell ya what -- you, Michael, and santeewelding need never worry that I'll try to offer any of you the benefit of any of my experience or knowledge again. I wouldn't want to tax your tolerance by trying to figure out why any of you refuse to help someone else help you.
I really think that this was a case of the user prefers Windows and why shouldn't they it is a much more familiar environment.
I have some users that hadnt used computers before running on Suse with the KDE desktop and now if i tried to put them on Windows or change the desktop they would be lost.
I have some users that hadnt used computers before running on Suse with the KDE desktop and now if i tried to put them on Windows or change the desktop they would be lost.
Are you referring to a business environment? If so, does Linux have something similar to Active Directory and Group Policies? If not, do you set up each individual computer?
How about you use NIS on your Unix and/or Linux systems? There you go; easy client configuration management.
Please don't put Linux and Windows side by side when we are talking security!! I have used both, I have supported both, and it is windoze that caused my hair to no longer grow on my now shiny bald head. Just because you have not had a virus for 2 years is because the entire IT world had to build fort knox around their network to protect the vulnerable MS devices that are the root cause of security breeches. I do not like MS but will admit, that they have moved up a notch with Win7...
so to finalize, Linux and windows should never be compared...it would be like putting a 1st grader up against a college professor with a doctorate degree!!
so to finalize, Linux and windows should never be compared...it would be like putting a 1st grader up against a college professor with a doctorate degree!!
But it's the problem of software manufacturer's who build their apps so they MUST run with admin privileges, which is ludiculous. Normal operation of an application should not require the user to modify files and folders not "their own."
The company I work for locks down all desktop machines except for a couple which have to run software that updates the freakin' windows system files all the time... there's no NEED for that. These non-locked down systems are where ALL of our viruses come from.
The company I work for locks down all desktop machines except for a couple which have to run software that updates the freakin' windows system files all the time... there's no NEED for that. These non-locked down systems are where ALL of our viruses come from.
The applications are exactly the issue that makes things complex, not OS security.
Unfortunately in manufacturing there are still many applications that will not run unless the account is a local administrator, or the security professional modifies NTFS and registry permissions to get the software to run without elevating the permissions.
Unfortunately in manufacturing there are still many applications that will not run unless the account is a local administrator, or the security professional modifies NTFS and registry permissions to get the software to run without elevating the permissions.
I also am amazed that it requires local admin rights to update Windows. Seems backwards.
This is certainly the main issue. We attempted to secure several dozen workstations so users would not be able to modify the system. Sure enough there were 2 apps that required admin privileges to function and these were business critical. So all of that work had to be diverted to protecting the now elevated user rights.
with a Standard Account.
"The default UAC setting allows a standard user to perform the following tasks without receiving a UAC prompt:
* Install updates from Windows Update.
* Install drivers from Windows Update or included with the operating system.
* View Windows settings. (However, a standard user is prompted for elevated privileges when changing Windows settings.)
* Pair Bluetooth devices to the computer.
* Reset the network adapter and perform other network diagnostic and repair tasks."
http://technet.microsoft.com/en-us/library/dd560669%28WS.10%29.aspx
"The default UAC setting allows a standard user to perform the following tasks without receiving a UAC prompt:
* Install updates from Windows Update.
* Install drivers from Windows Update or included with the operating system.
* View Windows settings. (However, a standard user is prompted for elevated privileges when changing Windows settings.)
* Pair Bluetooth devices to the computer.
* Reset the network adapter and perform other network diagnostic and repair tasks."
http://technet.microsoft.com/en-us/library/dd560669%28WS.10%29.aspx
Especially Windows Update. I hope the bad guys can't make use to that fact though.
"The default UAC setting ...."
FWIW, I don't recall finding anything in Microsoft's articles on Windows 7 UAC as to what effects other settings will have.
My guess is that the maximum UAC security setting will require "Over The Shoulder" admin elevation for a Standard account, for example, to install Windows Updates. Although, an admin who is using a Standard account could presumably use Admin Approval Mode (thus introducing a vulnerability). It is not clear from Jim Allchin's remarks whether OTS introduces the same vulnerability as AAM, but it seems reasonable to suppose that it does and for the same reason.
The third setting is not likely to be more secure than the default (second setting from the top). Maybe turning UAC off would be the best option if setting it to maximum is too inconvenient or causes problems. Then one would have to rely upon using routers, AV, firewall, VM and/or Sandboxie for security.
To reprise: according to a couple of the articles to which you referred, the Windows 7 UAC default setting introduces a vulnerability that can be exploited by malware while a process that is running on the same account has "admin privileges". So, with the Windows 7 UAC default, someone who is using a Standard account can install Windows Updates, which presumably grants that process admin privileges that malware can gain for itself and exploit (if and when malware is simultaneously running during the Windows Update).
The key question now is whether Microsoft is apprised of the vulnerability and what response they will make (if any). On the basis of Mark Russonovich's explanation of how Vista UAC works, it can be rectified by creating process isolation for a program that is "running with admin privileges" in the context of using a Standard account. But doing that will adversely affect "usability and application compatibility".
FWIW, I don't recall finding anything in Microsoft's articles on Windows 7 UAC as to what effects other settings will have.
My guess is that the maximum UAC security setting will require "Over The Shoulder" admin elevation for a Standard account, for example, to install Windows Updates. Although, an admin who is using a Standard account could presumably use Admin Approval Mode (thus introducing a vulnerability). It is not clear from Jim Allchin's remarks whether OTS introduces the same vulnerability as AAM, but it seems reasonable to suppose that it does and for the same reason.
The third setting is not likely to be more secure than the default (second setting from the top). Maybe turning UAC off would be the best option if setting it to maximum is too inconvenient or causes problems. Then one would have to rely upon using routers, AV, firewall, VM and/or Sandboxie for security.
To reprise: according to a couple of the articles to which you referred, the Windows 7 UAC default setting introduces a vulnerability that can be exploited by malware while a process that is running on the same account has "admin privileges". So, with the Windows 7 UAC default, someone who is using a Standard account can install Windows Updates, which presumably grants that process admin privileges that malware can gain for itself and exploit (if and when malware is simultaneously running during the Windows Update).
The key question now is whether Microsoft is apprised of the vulnerability and what response they will make (if any). On the basis of Mark Russonovich's explanation of how Vista UAC works, it can be rectified by creating process isolation for a program that is "running with admin privileges" in the context of using a Standard account. But doing that will adversely affect "usability and application compatibility".
Ocie, very clear and concise description. Until, you mentioned this topic, I really had not thought about what the other setting would do. Thanks for pointing it out.
Malicious security crackers will probably make use of the fact that the default setting for UAC on Win7 allows standard accounts to update the system (among other things), but perhaps more disturbingly they'll probably also make use of the fact that one can change so much about which user accounts are allowed to do what by changing UAC settings.
This is the problem with an OS that violates the principle of privilege separation: malicious security crackers have innumerable options for reaching across the bounds between account privileges and doing things you thought they wouldn't be able to do. True, architectural privilege separation limits the behavior of unprivileged accounts along very clear, well-considered boundaries; superficial privilege filtering of the sort employed by MS Windows applies a somewhat heuristic boundary that shifts and changes and looks more like a sieve than a wall, because minor bugs in the privilege management applications or minor oversights in the design of the privilege filtering schemes can prove to have tremendous consequences for the security of the system as a whole.
This is the problem with an OS that violates the principle of privilege separation: malicious security crackers have innumerable options for reaching across the bounds between account privileges and doing things you thought they wouldn't be able to do. True, architectural privilege separation limits the behavior of unprivileged accounts along very clear, well-considered boundaries; superficial privilege filtering of the sort employed by MS Windows applies a somewhat heuristic boundary that shifts and changes and looks more like a sieve than a wall, because minor bugs in the privilege management applications or minor oversights in the design of the privilege filtering schemes can prove to have tremendous consequences for the security of the system as a whole.
I also am amazed that it requires local admin rights to update Windows.
Actually, I'm amazed that Microsoft has continued to do this part of its system security right . Considering its decades of track record sacrificing security for some insubstantial specter of "user friendliness", and the way Microsoft seems to be so strongly of the opinion that all updates from the mothership should be immediately and uncritically applied all the time, I would have expected Microsoft to make it possible for unprivileged users to update MS Windows a long time ago. Hell, by Microsoft's way of thinking about how updates to the OS should be applied, random passers-by on the street with bluetooth cellphone headsets should be able to use Windows Update on your computer for you, it would seem.
Allowing just any schmuck in the office to update the OS would be incredibly stupid from a security perspective, though. Do you really want just anyone to be able to make changes to the system that affect any and all users on the system, that can conceivably affect any software running on it, or any data stored there? Is that really a power you want to grant to unprivileged users?
How would you be able to ensure you update cautiously if updates can be initiated by anyone at any time? At that point, you may as well just remove the ability to use any update policy other than Windows Automatic Updates from any and all MS Windows systems, worldwide. Why let users -- administrative or otherwise -- have any discretion at all when it comes to applying updates to the system when the administrative user account can no longer prohibit other users from making system-wide changes with updates?
I can only guess that you think it's "backwards" because you think of updates as "security". Unfortunately, that's what a lot of people think -- probably most people. They aren't security, though. They are, in fact, a security threat , and should be viewed as such, because what you have installed on the system is a known quantity and updates are not. If you discover that there is a security vulnerability in a piece of software, the guaranteed fix for it is to remove the software . Updates to the software to resolve security vulnerability issues are a convenience that allows you to keep the software while hopefully eliminating that specific vulnerability. At the same time, you might conceivably be introducing new vulnerabilities.
This is why updating must be done with care. This is why large enterprise networks that aren't run by complete nincompoops test patches, including critical security patches, before deploying them across the entire network. This is why only a user account with administrative privileges should be allowed to update software. Period.
Actually, I'm amazed that Microsoft has continued to do this part of its system security right . Considering its decades of track record sacrificing security for some insubstantial specter of "user friendliness", and the way Microsoft seems to be so strongly of the opinion that all updates from the mothership should be immediately and uncritically applied all the time, I would have expected Microsoft to make it possible for unprivileged users to update MS Windows a long time ago. Hell, by Microsoft's way of thinking about how updates to the OS should be applied, random passers-by on the street with bluetooth cellphone headsets should be able to use Windows Update on your computer for you, it would seem.
Allowing just any schmuck in the office to update the OS would be incredibly stupid from a security perspective, though. Do you really want just anyone to be able to make changes to the system that affect any and all users on the system, that can conceivably affect any software running on it, or any data stored there? Is that really a power you want to grant to unprivileged users?
How would you be able to ensure you update cautiously if updates can be initiated by anyone at any time? At that point, you may as well just remove the ability to use any update policy other than Windows Automatic Updates from any and all MS Windows systems, worldwide. Why let users -- administrative or otherwise -- have any discretion at all when it comes to applying updates to the system when the administrative user account can no longer prohibit other users from making system-wide changes with updates?
I can only guess that you think it's "backwards" because you think of updates as "security". Unfortunately, that's what a lot of people think -- probably most people. They aren't security, though. They are, in fact, a security threat , and should be viewed as such, because what you have installed on the system is a known quantity and updates are not. If you discover that there is a security vulnerability in a piece of software, the guaranteed fix for it is to remove the software . Updates to the software to resolve security vulnerability issues are a convenience that allows you to keep the software while hopefully eliminating that specific vulnerability. At the same time, you might conceivably be introducing new vulnerabilities.
This is why updating must be done with care. This is why large enterprise networks that aren't run by complete nincompoops test patches, including critical security patches, before deploying them across the entire network. This is why only a user account with administrative privileges should be allowed to update software. Period.
If memory serves, according to Microsoft, whether someone who is using a Standard account can, in fact, install Windows Updates is configurable via Group Policy. As far as I know, Group Policy can be used to define the "privileges" of any group of users for both Standard and Administrator accounts, respectively.
As you may recall, originally, during the era of the mainframe there was a definite division of IT personnel into two distinct groups:
(1) those who acquired, operated, maintained, repaired, upgraded and replaced all of the computer hardware ("CPU" and "peripherals") and its operating system and other "system software" such as utilities, compilers, etc., and
(2) those who were programmers, systems analysts, data acquisition and input staff, etc.
Of course, both then and now all of the IT personnel collectively supported, and were paid by, their "clients" AKA "users", whether in academia, in government or in private enterprise. My own participation in the IT paradigm of the day was in Group 2; I knew only as much as I needed to know about how and why the computer ran, and cared even less as long as it correctly executed the programs that I designed and wrote. If it didn't then that wasn't my problem to solve.
The first thing that I realized while I did the system integration of components and assembled the first microcomputer that became my personal property, was that I would be the System Administrator and the System Operator. That is, I would be responsible for evaluating, acquiring, installing, maintaining, repairing and upgrading (or replacing) and for operating not only all of the hardware, much of which is peripherals. I would also perform the same tasks for its operating system and "system utilities", and for the "end-user" software as well -- very little of which I designed and wrote, so almost all of which I "purchased", whether by paying a one-time license fee or, eventually for some programs, an annual license fee.
My first microcomputer ran IBM PC-DOS as the OS, and the microcomputer that I use now currently runs Windows XP. The only account in addition to the default Administrator account is SYSOP. Initially, I experimented with using a "limited user account" (XP jargon), especially while running software that accesses other computers via the Internet. However, some programs required that I run them with an "Administrator account" even though it seemed that they did not need administrator privileges. Also, often I spent enough time and effort on "administering and operating" the computer -- in contrast to using it for the activities for which I bought it -- that it certainly became inconvenient to run with a "limited user account". I doubt that any other OS would lessen the amount of that time and effort, and might even increase it.
Which is to say that all of your remarks are quite appropriate to the original context of mainframe computing. In most respects, they are also applicable to large organizations that use networked hundreds or thousands of microcomputers. But in the context of installing Windows Updates on the millions of computers that are used directly by individuals for their own benefit, you know who does - or doesn't - install them.
With regard to Windows Updates via a Windows 7 Standard account, you remark: ".... Do you really want just anyone to be able to make changes to the system that affect any and all users on the system, that can conceivably affect any software running on it, or any data stored there?" First, we are not discussing the OS of a mainframe that a considerable number of people use. Your remarks seem to assume that anyone who is using a Standard account can "make changes" to Windows 7 on an entire network of thousands of computers, and not just to the instance of Windows 7 that is installed on the computer on which they actually have the Standard account that they use. I do not believe that assumption is correct, if only because what anyone can actually do can be governed by Group Policy, as I stated at the start of these comments.
Of course, there are System Administrators who do have the authority and access to the appropriate software that can "make changes" -- not only Windows OS updates -- to thousands of networked computers from their workstation. But they are not "just anyone".
With respect to my own personal property, I do not want anyone at all to "make changes" to my computer without my prior knowledge and explicit consent. Those others whom I do allow to "make changes" usually expect me to pay them money.
But the point is, regardless, I am not the one who is making the changes to the system. The changes are made by the Microsoft personnel who design, code and produce the Windows OS patches, and any other software that MS chooses to "push" onto our computers. I am simply the one who has the task of running the Windows Update software that downloads and applies the patches, a task that could be "automatic" if I chose (I do not use the option to do that). If I used MS Office software, then sometimes it would be patched, too.
Do you expect that I will use the Windows Update "Custom" option to download and apply the first patch, then test the entire computer system exhaustively to determine whether the patch makes an unacceptable change? Then repeat the process for each patch until all of those that are available have been examined and either applied or rejected? Has it occurred to you that Microsoft has already done that with a significant sample of computer systems?
You may have the time and inclination to perform such testing with your own computer(s), but I do not. Paying someone else to do those tasks would make owning and operating a microcomputer financially infeasible for all but a relatively few individuals. Perhaps that would suit you, too.
Granted, it is quite understandable that, if I may excerpt your words "... large enterprise networks that aren't run by complete nincompoops test patches, including critical security patches, before deploying them across the entire network." They have much more to lose than I do if a Windows patch happens to have an adverse effect upon their particular collection of hardware and software. They also have the resources to make such a testing endeavor feasible. No one is paying me anything for my time and effort.
That said, frankly, I cannot recall any patch that was applied to Windows XP on my computer during the past seven years that proved to be a mistake. Downloading and installing some of the other software has not always been worthwhile, though.
However, a significant percentage of Windows microcomputers that are operated by individual end-users, and other family members and/or their friends, are not patched regularly, or even not at all. Many people adopt the policy that "if it ain't broke, don't fix it." Of course, they think that as long as they can use it at all (whether to their complete satisfaction), "it ain't broke" even after their microcomputer has been incorporated into a botnet, thus threatens the security of each and every other microcomputer that accesses the Internet, especially the others running an unpatched Windows OS.
Obviously, I ordinarily regard installing a Windows patch that removes an exploitable vulnerability as increasing the security of the OS. In fact, it should do exactly that. There are, of course, inherent risks. Some are that there might be a flaw in the patch itself, and/or that installing the patch introduces a new vulnerability, and/or "breaks" some function of the OS. It might also adversely affect the use of an OS service(s) by other systems software and/or by end-user applications.
Apparently your response to these inherent risks is ".... If you discover that there is a security vulnerability in a piece of software, the guaranteed fix for it is to remove the software." On the face of it, removing the software would remove the vulnerability from the system as a whole, although neither the flawed software nor anything else is "fixed". Contrary to your assertion, however, there is no guarantee that removing the software will always make the system more secure. If you find Linux has a security vulnerability, then you should uninstall it, correct?? So, by your apparent definition, a computer that cannot do anything is guaranteed to be secure.
Since we are discussing OS vulnerabilities, I suppose that you have an OS in mind which has never been patched, if only because no one has ever found any vulnerability in it. That does not mean that it does not have any. Whichever OS that might be, I would suspect that it has never been installed and executed on a few million microcomputers that have a very wide array of hardware, including a vast array of peripherals, not to mention the software. About the only thing most of these computer systems have in common is that their CPU chip is made by Intel, or perhaps by AMD, with a common architecture.
So, all things considered, I am inclined to accept the convenience of installing security patches to an OS that allows me to continue enjoying the use of the computer system that I have. Especially with respect to my inherent role as the system operator, installing Windows and patching it quite likely require far less time and effort than I would have to spend if I adopted any other OS instead.
As you may recall, originally, during the era of the mainframe there was a definite division of IT personnel into two distinct groups:
(1) those who acquired, operated, maintained, repaired, upgraded and replaced all of the computer hardware ("CPU" and "peripherals") and its operating system and other "system software" such as utilities, compilers, etc., and
(2) those who were programmers, systems analysts, data acquisition and input staff, etc.
Of course, both then and now all of the IT personnel collectively supported, and were paid by, their "clients" AKA "users", whether in academia, in government or in private enterprise. My own participation in the IT paradigm of the day was in Group 2; I knew only as much as I needed to know about how and why the computer ran, and cared even less as long as it correctly executed the programs that I designed and wrote. If it didn't then that wasn't my problem to solve.
The first thing that I realized while I did the system integration of components and assembled the first microcomputer that became my personal property, was that I would be the System Administrator and the System Operator. That is, I would be responsible for evaluating, acquiring, installing, maintaining, repairing and upgrading (or replacing) and for operating not only all of the hardware, much of which is peripherals. I would also perform the same tasks for its operating system and "system utilities", and for the "end-user" software as well -- very little of which I designed and wrote, so almost all of which I "purchased", whether by paying a one-time license fee or, eventually for some programs, an annual license fee.
My first microcomputer ran IBM PC-DOS as the OS, and the microcomputer that I use now currently runs Windows XP. The only account in addition to the default Administrator account is SYSOP. Initially, I experimented with using a "limited user account" (XP jargon), especially while running software that accesses other computers via the Internet. However, some programs required that I run them with an "Administrator account" even though it seemed that they did not need administrator privileges. Also, often I spent enough time and effort on "administering and operating" the computer -- in contrast to using it for the activities for which I bought it -- that it certainly became inconvenient to run with a "limited user account". I doubt that any other OS would lessen the amount of that time and effort, and might even increase it.
Which is to say that all of your remarks are quite appropriate to the original context of mainframe computing. In most respects, they are also applicable to large organizations that use networked hundreds or thousands of microcomputers. But in the context of installing Windows Updates on the millions of computers that are used directly by individuals for their own benefit, you know who does - or doesn't - install them.
With regard to Windows Updates via a Windows 7 Standard account, you remark: ".... Do you really want just anyone to be able to make changes to the system that affect any and all users on the system, that can conceivably affect any software running on it, or any data stored there?" First, we are not discussing the OS of a mainframe that a considerable number of people use. Your remarks seem to assume that anyone who is using a Standard account can "make changes" to Windows 7 on an entire network of thousands of computers, and not just to the instance of Windows 7 that is installed on the computer on which they actually have the Standard account that they use. I do not believe that assumption is correct, if only because what anyone can actually do can be governed by Group Policy, as I stated at the start of these comments.
Of course, there are System Administrators who do have the authority and access to the appropriate software that can "make changes" -- not only Windows OS updates -- to thousands of networked computers from their workstation. But they are not "just anyone".
With respect to my own personal property, I do not want anyone at all to "make changes" to my computer without my prior knowledge and explicit consent. Those others whom I do allow to "make changes" usually expect me to pay them money.
But the point is, regardless, I am not the one who is making the changes to the system. The changes are made by the Microsoft personnel who design, code and produce the Windows OS patches, and any other software that MS chooses to "push" onto our computers. I am simply the one who has the task of running the Windows Update software that downloads and applies the patches, a task that could be "automatic" if I chose (I do not use the option to do that). If I used MS Office software, then sometimes it would be patched, too.
Do you expect that I will use the Windows Update "Custom" option to download and apply the first patch, then test the entire computer system exhaustively to determine whether the patch makes an unacceptable change? Then repeat the process for each patch until all of those that are available have been examined and either applied or rejected? Has it occurred to you that Microsoft has already done that with a significant sample of computer systems?
You may have the time and inclination to perform such testing with your own computer(s), but I do not. Paying someone else to do those tasks would make owning and operating a microcomputer financially infeasible for all but a relatively few individuals. Perhaps that would suit you, too.
Granted, it is quite understandable that, if I may excerpt your words "... large enterprise networks that aren't run by complete nincompoops test patches, including critical security patches, before deploying them across the entire network." They have much more to lose than I do if a Windows patch happens to have an adverse effect upon their particular collection of hardware and software. They also have the resources to make such a testing endeavor feasible. No one is paying me anything for my time and effort.
That said, frankly, I cannot recall any patch that was applied to Windows XP on my computer during the past seven years that proved to be a mistake. Downloading and installing some of the other software has not always been worthwhile, though.
However, a significant percentage of Windows microcomputers that are operated by individual end-users, and other family members and/or their friends, are not patched regularly, or even not at all. Many people adopt the policy that "if it ain't broke, don't fix it." Of course, they think that as long as they can use it at all (whether to their complete satisfaction), "it ain't broke" even after their microcomputer has been incorporated into a botnet, thus threatens the security of each and every other microcomputer that accesses the Internet, especially the others running an unpatched Windows OS.
Obviously, I ordinarily regard installing a Windows patch that removes an exploitable vulnerability as increasing the security of the OS. In fact, it should do exactly that. There are, of course, inherent risks. Some are that there might be a flaw in the patch itself, and/or that installing the patch introduces a new vulnerability, and/or "breaks" some function of the OS. It might also adversely affect the use of an OS service(s) by other systems software and/or by end-user applications.
Apparently your response to these inherent risks is ".... If you discover that there is a security vulnerability in a piece of software, the guaranteed fix for it is to remove the software." On the face of it, removing the software would remove the vulnerability from the system as a whole, although neither the flawed software nor anything else is "fixed". Contrary to your assertion, however, there is no guarantee that removing the software will always make the system more secure. If you find Linux has a security vulnerability, then you should uninstall it, correct?? So, by your apparent definition, a computer that cannot do anything is guaranteed to be secure.
Since we are discussing OS vulnerabilities, I suppose that you have an OS in mind which has never been patched, if only because no one has ever found any vulnerability in it. That does not mean that it does not have any. Whichever OS that might be, I would suspect that it has never been installed and executed on a few million microcomputers that have a very wide array of hardware, including a vast array of peripherals, not to mention the software. About the only thing most of these computer systems have in common is that their CPU chip is made by Intel, or perhaps by AMD, with a common architecture.
So, all things considered, I am inclined to accept the convenience of installing security patches to an OS that allows me to continue enjoying the use of the computer system that I have. Especially with respect to my inherent role as the system operator, installing Windows and patching it quite likely require far less time and effort than I would have to spend if I adopted any other OS instead.
If memory serves, according to Microsoft, whether someone who is using a Standard account can, in fact, install Windows Updates is configurable via Group Policy.
. . . and all of that is fine, if it's implemented properly (I won't go into that part in more detail just now). What raises my hackles is when people suggest that non-administrative users should always be able to apply updates to the system, rather than the possibility of specific users being prohibited by default but perhaps gaining such privileges at a sysadmin's discretion.
Flexibility: Good
Rigid Enforcement of No Privilege Restriction: Bad
Also, often I spent enough time and effort on "administering and operating" the computer -- in contrast to using it for the activities for which I bought it -- that it certainly became inconvenient to run with a "limited user account". I doubt that any other OS would lessen the amount of that time and effort, and might even increase it.
Actually, the privilege separation model of some other OSes -- specifically Unix and Linux based systems -- makes things a lot easier to manage, because you don't have to log out of your non-administrative user account, or even switch user environment contexts, to have secure and isolated access to administrative privileges. UAC attempts to provide similar benefits, but fails to actually keep things secure and isolated because it true, architectural privilege separation doesn't yet exist in MS Windows. Instead, UAC can be configured to allow an unprivileged user to elevate its privileges "temporarily", thus offering plenty of opportunity for malicious code running elsewhere within the user environment to take advantage of that elevation to wreak untold havoc across the system with full administrative privileges.
That's why the only really safe (and understand, "safe" is here used as a relative term) way to perform administrative tasks on MS Windows is to actually start a fresh login session as an administrative user account, and do nothing within that account's user environment that might expose the computer to malicious code (including opening a Webpage somewhere out there on the Internet with a browser). If that problem were fixed, you'd find that much of the problem you describe could be made to simply evaporate.
Which is to say that all of your remarks are quite appropriate to the original context of mainframe computing.
They're also perfectly appropriate to your use of your home computer, as I hope you'll realize after my responses to your comments here.
But in the context of installing Windows Updates on the millions of computers that are used directly by individuals for their own benefit, you know who does - or doesn't - install them.
If you are installing your updates from within an unprivileged account that is regularly exposed to the dangers that lurk on the Internet, you actually may not know who is installing the updates -- because some malicious security cracker may gain access to administrative system management tools via the non-administrative account and use its access to administrative functionality when you mistype a URL and end up getting directed to some phishing Website.
Your remarks seem to assume that anyone who is using a Standard account can "make changes" to Windows 7 on an entire network of thousands of computers, and not just to the instance of Windows 7 that is installed on the computer on which they actually have the Standard account that they use.
Um . . . what? What gave you that idea? Please see above, in this comment post, to see what I meant.
The changes are made by the Microsoft personnel who design, code and produce the Windows OS patches, and any other software that MS chooses to "push" onto our computers.
This is ultimately a very harmful perspective. It ensures that you willingly give up control of your computer to some faceless corporate drones who may be thousands of miles away from you. When you do that, you also willingly give up control of any data that you store on, or that passes through, your computer. A more security-minded perspective would be the one that assumes all decisions about changes to the system are yours to make, and your responsibility. This is the perspective taken by people who research and test updates before deploying them, because they do not want mistakes made by MS Windows programmers in Redmond to destroy their lives by causing their credit card numbers and private love letters to get emailed to hundreds of identity fraudsters.
Do you expect that I will use the Windows Update "Custom" option to download and apply the first patch, then test the entire computer system exhaustively to determine whether the patch makes an unacceptable change?
Only you can decide how much time and effort to devote to researching and/or testing a patch before committing it to use on a "live" system. If you do not, at the very least, skim the descriptions of the updates Microsoft gives you before deciding whether to apply them, you are just handing responsibility for your own well-being to someone at Microsoft headquarters, though -- and when (not if, but when ) that bites you, you'll deserve exactly what you get.
Has it occurred to you that Microsoft has already done that with a significant sample of computer systems?
Has it occurred to you that Microsoft tests these things to make sure they won't affect Microsoft's bottom line, and only gives half as much of a crap about your bottom line as is absolutely necessary to ensure it won't lose scads of money in a lawsuit or by way of mass exodus of users to a different OS? Considering how willing people are to just keep shelling out money for an OS that screws them year after year, and how effectively impossible it is for an end user to successfully sue Microsoft over the low quality of its software, that's not much of an incentive to look after your needs.
That said, frankly, I cannot recall any patch that was applied to Windows XP on my computer during the past seven years that proved to be a mistake.
You're lucky, I guess. Luck is not security, though. Perhaps you should follow the news a little more, and notice that bad patches happen to good people entirely too often in the MS Windows world. I recommend you go up the thread two posts from here, to my immediately previous comment in this subthread, and click on that "update cautiously" link for more details.
Contrary to your assertion, however, there is no guarantee that removing the software will always make the system more secure.
That's not actually what I said, and if you really think it is, I don't think you're reading very closely. What I said was that removing the affected software is a guaranteed fix for that vulnerability. Full stop.
There's nothing there about any assumption that it necessarily improves the overall security of the system as a whole. Please don't put words in my mouth then tell me that that, because of those words, I'm "wrong".
Considering that the remainder of your comment, after that last quoted snippet, is a load of poppycock entirely predicated upon your assertion that I said something I never said, I'll just do you the favor of ignoring it rather than repeatedly telling you how you're talking about crap that never happened.
At least all your mistakes prior to that point could be reasonably attributed to a lack of common ground for understanding the implications of my statements, but as of that point in your response you left the realm of reasonable misunderstanding and entered that of making crap up as you go along because it's easier than actually reading what I said, as I said it, and responding to exactly that.
. . . and all of that is fine, if it's implemented properly (I won't go into that part in more detail just now). What raises my hackles is when people suggest that non-administrative users should always be able to apply updates to the system, rather than the possibility of specific users being prohibited by default but perhaps gaining such privileges at a sysadmin's discretion.
Flexibility: Good
Rigid Enforcement of No Privilege Restriction: Bad
Also, often I spent enough time and effort on "administering and operating" the computer -- in contrast to using it for the activities for which I bought it -- that it certainly became inconvenient to run with a "limited user account". I doubt that any other OS would lessen the amount of that time and effort, and might even increase it.
Actually, the privilege separation model of some other OSes -- specifically Unix and Linux based systems -- makes things a lot easier to manage, because you don't have to log out of your non-administrative user account, or even switch user environment contexts, to have secure and isolated access to administrative privileges. UAC attempts to provide similar benefits, but fails to actually keep things secure and isolated because it true, architectural privilege separation doesn't yet exist in MS Windows. Instead, UAC can be configured to allow an unprivileged user to elevate its privileges "temporarily", thus offering plenty of opportunity for malicious code running elsewhere within the user environment to take advantage of that elevation to wreak untold havoc across the system with full administrative privileges.
That's why the only really safe (and understand, "safe" is here used as a relative term) way to perform administrative tasks on MS Windows is to actually start a fresh login session as an administrative user account, and do nothing within that account's user environment that might expose the computer to malicious code (including opening a Webpage somewhere out there on the Internet with a browser). If that problem were fixed, you'd find that much of the problem you describe could be made to simply evaporate.
Which is to say that all of your remarks are quite appropriate to the original context of mainframe computing.
They're also perfectly appropriate to your use of your home computer, as I hope you'll realize after my responses to your comments here.
But in the context of installing Windows Updates on the millions of computers that are used directly by individuals for their own benefit, you know who does - or doesn't - install them.
If you are installing your updates from within an unprivileged account that is regularly exposed to the dangers that lurk on the Internet, you actually may not know who is installing the updates -- because some malicious security cracker may gain access to administrative system management tools via the non-administrative account and use its access to administrative functionality when you mistype a URL and end up getting directed to some phishing Website.
Your remarks seem to assume that anyone who is using a Standard account can "make changes" to Windows 7 on an entire network of thousands of computers, and not just to the instance of Windows 7 that is installed on the computer on which they actually have the Standard account that they use.
Um . . . what? What gave you that idea? Please see above, in this comment post, to see what I meant.
The changes are made by the Microsoft personnel who design, code and produce the Windows OS patches, and any other software that MS chooses to "push" onto our computers.
This is ultimately a very harmful perspective. It ensures that you willingly give up control of your computer to some faceless corporate drones who may be thousands of miles away from you. When you do that, you also willingly give up control of any data that you store on, or that passes through, your computer. A more security-minded perspective would be the one that assumes all decisions about changes to the system are yours to make, and your responsibility. This is the perspective taken by people who research and test updates before deploying them, because they do not want mistakes made by MS Windows programmers in Redmond to destroy their lives by causing their credit card numbers and private love letters to get emailed to hundreds of identity fraudsters.
Do you expect that I will use the Windows Update "Custom" option to download and apply the first patch, then test the entire computer system exhaustively to determine whether the patch makes an unacceptable change?
Only you can decide how much time and effort to devote to researching and/or testing a patch before committing it to use on a "live" system. If you do not, at the very least, skim the descriptions of the updates Microsoft gives you before deciding whether to apply them, you are just handing responsibility for your own well-being to someone at Microsoft headquarters, though -- and when (not if, but when ) that bites you, you'll deserve exactly what you get.
Has it occurred to you that Microsoft has already done that with a significant sample of computer systems?
Has it occurred to you that Microsoft tests these things to make sure they won't affect Microsoft's bottom line, and only gives half as much of a crap about your bottom line as is absolutely necessary to ensure it won't lose scads of money in a lawsuit or by way of mass exodus of users to a different OS? Considering how willing people are to just keep shelling out money for an OS that screws them year after year, and how effectively impossible it is for an end user to successfully sue Microsoft over the low quality of its software, that's not much of an incentive to look after your needs.
That said, frankly, I cannot recall any patch that was applied to Windows XP on my computer during the past seven years that proved to be a mistake.
You're lucky, I guess. Luck is not security, though. Perhaps you should follow the news a little more, and notice that bad patches happen to good people entirely too often in the MS Windows world. I recommend you go up the thread two posts from here, to my immediately previous comment in this subthread, and click on that "update cautiously" link for more details.
Contrary to your assertion, however, there is no guarantee that removing the software will always make the system more secure.
That's not actually what I said, and if you really think it is, I don't think you're reading very closely. What I said was that removing the affected software is a guaranteed fix for that vulnerability. Full stop.
There's nothing there about any assumption that it necessarily improves the overall security of the system as a whole. Please don't put words in my mouth then tell me that that, because of those words, I'm "wrong".
Considering that the remainder of your comment, after that last quoted snippet, is a load of poppycock entirely predicated upon your assertion that I said something I never said, I'll just do you the favor of ignoring it rather than repeatedly telling you how you're talking about crap that never happened.
At least all your mistakes prior to that point could be reasonably attributed to a lack of common ground for understanding the implications of my statements, but as of that point in your response you left the realm of reasonable misunderstanding and entered that of making crap up as you go along because it's easier than actually reading what I said, as I said it, and responding to exactly that.
In response to my assertion: "That said, frankly, I cannot recall any patch that was applied to Windows XP on my computer during the past seven years that proved to be a mistake. Downloading and installing some of the other software has not always been worthwhile, though." (italicization added)
You reply: "You're lucky, I guess. Luck is not security, though. Perhaps you should follow the news a little more, and notice that bad patches happen to good people entirely too often in the MS Windows world. ...." (italicization added)
Thank-you for the reminder that Microsoft included a plug-in and an extension for Firefox when they created the .NET Framework 3.5 Service Pack 1. At the times that they were respectively published, I read the blog article to which you refer in your remarks, written on October 18, 2009, as well as another blog article that you wrote on June 2, 2009 (http://blogs.techrepublic.com.com/security/?p=1716).
Of course, I uninstalled the "click once" Firefox extension, as instructed by a Microsoft article to which your June article referred, and disabled the Windows Presentation Foundation plug-in. The extension has never reappeared, but I have begun to suspect that running Microsoft Update re-enables the plug-in. Whether the plug-in has any effect without the extension, I don't know.
It has never been clear (to me) whether the .NET Framework is a component of the Windows XP operating system per se, because the only software that needs it to run is software that has been developed to use the "framework". If memory serves, I have exactly one application program, which I seldom use, that requires .NET 2.0 to run. I have been considering a completely clean re-install of Windows XP, and if I do it, then I might decide to leave .NET out at least until I encounter a more significant need for it.
Although I did not mention it explicitly, I do use the "Custom" option for Microsoft Update -- just not to download patches one at a time and test each one before I install another one. If the Firefox alterations are a reliable guide, then sometimes the capsule descriptions do not always tell me what I really need to know.
So, as I said, downloading and installing some of "the other Microsoft software" has not always been worthwhile. But if you consider .NET to be a component of the Windows XP operating system, and the service pack update for .NET as a "patch" to that OS, then why should I quibble?
In regard to other matters, as you may realize, it seems that each of us has a penchant for misinterpreting what the other has written. The older you get, the more difficult it becomes to suspend your own frame of reference while you consider that of someone else. There is also an old adage that "The devil you know is better than the one that you don't."
You reply: "You're lucky, I guess. Luck is not security, though. Perhaps you should follow the news a little more, and notice that bad patches happen to good people entirely too often in the MS Windows world. ...." (italicization added)
Thank-you for the reminder that Microsoft included a plug-in and an extension for Firefox when they created the .NET Framework 3.5 Service Pack 1. At the times that they were respectively published, I read the blog article to which you refer in your remarks, written on October 18, 2009, as well as another blog article that you wrote on June 2, 2009 (http://blogs.techrepublic.com.com/security/?p=1716).
Of course, I uninstalled the "click once" Firefox extension, as instructed by a Microsoft article to which your June article referred, and disabled the Windows Presentation Foundation plug-in. The extension has never reappeared, but I have begun to suspect that running Microsoft Update re-enables the plug-in. Whether the plug-in has any effect without the extension, I don't know.
It has never been clear (to me) whether the .NET Framework is a component of the Windows XP operating system per se, because the only software that needs it to run is software that has been developed to use the "framework". If memory serves, I have exactly one application program, which I seldom use, that requires .NET 2.0 to run. I have been considering a completely clean re-install of Windows XP, and if I do it, then I might decide to leave .NET out at least until I encounter a more significant need for it.
Although I did not mention it explicitly, I do use the "Custom" option for Microsoft Update -- just not to download patches one at a time and test each one before I install another one. If the Firefox alterations are a reliable guide, then sometimes the capsule descriptions do not always tell me what I really need to know.
So, as I said, downloading and installing some of "the other Microsoft software" has not always been worthwhile. But if you consider .NET to be a component of the Windows XP operating system, and the service pack update for .NET as a "patch" to that OS, then why should I quibble?
In regard to other matters, as you may realize, it seems that each of us has a penchant for misinterpreting what the other has written. The older you get, the more difficult it becomes to suspend your own frame of reference while you consider that of someone else. There is also an old adage that "The devil you know is better than the one that you don't."
It has never been clear (to me) whether the .NET Framework is a component of the Windows XP operating system per se, because the only software that needs it to run is software that has been developed to use the "framework".
I didn't mean to suggest that the .NET Framework is a core component of the OS. I was simply pointing out a recent example of Microsoft pushing out patches that actually damage security rather than enhancing it, to make the point that blindly trusting Windows Automatic Update (for instance) is a bad idea, and more importantly to make the point that one should always apply at least some minimal due diligence to finding out what one is installing on a computer.
If you want to make a point about some distinction between OS and additional application security as affected by updates pushed out by Microsoft using its Windows Update utility, go for it. I'm not sure what the point of such a statement would be, though, since both types of updates are delivered by the same mechanism, there's no innate distinction between the two types that guarantees that OS patches will always be 100% benign, and ultimately you can't be even remotely certain of the safety of any update if you don't even know what it is -- which was my point.
Although I did not mention it explicitly, I do use the "Custom" option for Microsoft Update -- just not to download patches one at a time and test each one before I install another one.
I don't test each one individually for an MS Windows test system I have at home, either. Of course, that's not my primary workstation by any stretch of the imagination. What I do, though, is first read Microsoft's explanation of what's in each update, then do a few minutes' research to ensure there aren't any hidden gotchas that others have discovered, then install everything I want and nothing I don't want in one shot. The process is actually fairly similar to the process I use for updating my FreeBSD systems, as described in Update your FreeBSD software with care , except that it's less orderly and a little more prone to error since the vendor (Microsoft) doesn't provide as much, or as complete, information about its updates as the FreeBSD project does.
As I have said before, the amount of time put into researching and/or testing updates should be commensurate with your circumstances. I don't expect everyone to obsessively and exhaustively test all patches all the time. I was just pointing out that if you aren't at least doing minimal research, you're going to get screwed eventually, and to some extent you're going to deserve it.
If the Firefox alterations are a reliable guide, then sometimes the capsule descriptions do not always tell me what I really need to know.
This is why I make a point of searching other resources (including Google, naturally) for further information when I research an update prior to allowing it to install. Considering the unwillingness of most people to expend any effort in seeing to the security and stability of their computers, however, I consider it a win if I can get them to just read Microsoft's descriptions and think about whether they actually need a given update before approving everything.
Going back to the beginning of this particular back-and-forth, I have to ask:
Is there anything in what I said that actually still sounds to you like it only applies to a mainframe priesthood? If not, I think you might finally understand my point.
If so . . . I guess I'll just have to resign myself to the idea that you're one of the people I tend to think of as the fifth column, working to use willful ignorance as a weapon to oppose any attempts to get people to actually try to run secure systems on the grounds that nobody should ever have to think about anything.
Ultimately, if you really believe you should not have to think about security at all when operating and managing a computer connected to the Internet, that it's too much to ask for someone to take a little responsibility for his or her own security and privacy, and that any attempt to suggest that's reasonable is the leftover cliquishness of some kind of elitist mainframe priesthood ethic, I guess maybe you should follow that to its ultimate conclusion:
You don't have to think about your own security at all. You really don't. All you have to do to completely ignore any suggestions that you should take some responsibility for your own computer security while still remaining secure, if you aren't going to pay someone else to see to it for you, is stop using computers. It's that simple.
I didn't mean to suggest that the .NET Framework is a core component of the OS. I was simply pointing out a recent example of Microsoft pushing out patches that actually damage security rather than enhancing it, to make the point that blindly trusting Windows Automatic Update (for instance) is a bad idea, and more importantly to make the point that one should always apply at least some minimal due diligence to finding out what one is installing on a computer.
If you want to make a point about some distinction between OS and additional application security as affected by updates pushed out by Microsoft using its Windows Update utility, go for it. I'm not sure what the point of such a statement would be, though, since both types of updates are delivered by the same mechanism, there's no innate distinction between the two types that guarantees that OS patches will always be 100% benign, and ultimately you can't be even remotely certain of the safety of any update if you don't even know what it is -- which was my point.
Although I did not mention it explicitly, I do use the "Custom" option for Microsoft Update -- just not to download patches one at a time and test each one before I install another one.
I don't test each one individually for an MS Windows test system I have at home, either. Of course, that's not my primary workstation by any stretch of the imagination. What I do, though, is first read Microsoft's explanation of what's in each update, then do a few minutes' research to ensure there aren't any hidden gotchas that others have discovered, then install everything I want and nothing I don't want in one shot. The process is actually fairly similar to the process I use for updating my FreeBSD systems, as described in Update your FreeBSD software with care , except that it's less orderly and a little more prone to error since the vendor (Microsoft) doesn't provide as much, or as complete, information about its updates as the FreeBSD project does.
As I have said before, the amount of time put into researching and/or testing updates should be commensurate with your circumstances. I don't expect everyone to obsessively and exhaustively test all patches all the time. I was just pointing out that if you aren't at least doing minimal research, you're going to get screwed eventually, and to some extent you're going to deserve it.
If the Firefox alterations are a reliable guide, then sometimes the capsule descriptions do not always tell me what I really need to know.
This is why I make a point of searching other resources (including Google, naturally) for further information when I research an update prior to allowing it to install. Considering the unwillingness of most people to expend any effort in seeing to the security and stability of their computers, however, I consider it a win if I can get them to just read Microsoft's descriptions and think about whether they actually need a given update before approving everything.
Going back to the beginning of this particular back-and-forth, I have to ask:
Is there anything in what I said that actually still sounds to you like it only applies to a mainframe priesthood? If not, I think you might finally understand my point.
If so . . . I guess I'll just have to resign myself to the idea that you're one of the people I tend to think of as the fifth column, working to use willful ignorance as a weapon to oppose any attempts to get people to actually try to run secure systems on the grounds that nobody should ever have to think about anything.
Ultimately, if you really believe you should not have to think about security at all when operating and managing a computer connected to the Internet, that it's too much to ask for someone to take a little responsibility for his or her own security and privacy, and that any attempt to suggest that's reasonable is the leftover cliquishness of some kind of elitist mainframe priesthood ethic, I guess maybe you should follow that to its ultimate conclusion:
You don't have to think about your own security at all. You really don't. All you have to do to completely ignore any suggestions that you should take some responsibility for your own computer security while still remaining secure, if you aren't going to pay someone else to see to it for you, is stop using computers. It's that simple.
Requiring local admin rights to allow Windows Updates is a huge problem for enterprise situations.
MS digitally signs their updates and UAC will not allow them to install if there is a problem. MS feels that having a verifiable digitally signed Windows update and standard user rights is a viable approach.
That solution does not apply to any other updating. I mentioned in the post that MS is trying to get developers to sign their installs and updates. But, that is slow going at the present.
MS digitally signs their updates and UAC will not allow them to install if there is a problem. MS feels that having a verifiable digitally signed Windows update and standard user rights is a viable approach.
That solution does not apply to any other updating. I mentioned in the post that MS is trying to get developers to sign their installs and updates. But, that is slow going at the present.
Are you saying you want to be able to manage updates for an entire network centrally? That capability does exist in MS Windows (and basically any other OS in the world that is, or pretends to be, multi-user).
At several clients. What I am referring to is that MS digitally signs every update. The signature is checked by UAC, if it is not correct the update is not installed.
MS is trying hard to get other TPV developers to use that same process. That would allow the move to UAC and standard user rights and more importantly not requiring intervention by millions of users that do not have your IT skillset.
Edit: Spelling
MS is trying hard to get other TPV developers to use that same process. That would allow the move to UAC and standard user rights and more importantly not requiring intervention by millions of users that do not have your IT skillset.
Edit: Spelling
You complained about local administrative privileges being needed to install updates. In what way do you mean that if not in the ways I addressed?
To recap, I mentioned that it's insane to not need administrative privileges to affect the entire system, and I mentioned that one can centrally manage updates by pushing them out over a network. What is your complaint, if not the fact that unprivileged users cannot just install updates?
To recap, I mentioned that it's insane to not need administrative privileges to affect the entire system, and I mentioned that one can centrally manage updates by pushing them out over a network. What is your complaint, if not the fact that unprivileged users cannot just install updates?
In security there is always a balance between usability and security. If you want your computer to be secure, make it a stand alone system with no network connection. No IE flaws to worry about and you don?t need to vote for a browser, etc. Of course this makes it hard to work with others or leverage the internet. For usability, connect to the internet; don?t use a firewall, anti-virus, etc. Of course your computer will most likely get infected with malware. Somewhere between these points is where most people want to be, make it secure enough but maintain the usability. I think the Windows 7 UAC has achieved this. The Vista UAC was the first draft and Microsoft went a little too secure, so the UAC became nagware and many people turned it off, which defeated the purpose. The Vista UAC did stop a virus from getting on my computer, so it did do its job. The Windows 7 UAC has a better balance and even better information about what is trying to do what from where, so the user can make a better choice. Remember the UAC is just one layer of Windows security. If it helps users and/or encourages developers to write more secure software than we all benefit.
I appreciate your thoughts. Are you concerned about the fact that processes are not isolated and that the bad guys are starting to leverage that?
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
