The key words being "system that is a member of a domain". That is not an average home user. XP Home can't even be a member of a domain.

On Tue, 01 Nov 2005 10:18:51 -0500, Bob Hauck That was just an addition to...

No, SELinux does not use (just) u-g-o, but then average home users don't run that OS.

ACL's are an advantage in some circumstances. The average home or small business is not one of those circumstances. The theoretical advantages are irrelevant for those users.

Yes, it is. I agree.

No, they shouldn't be, because the defaults supplied by their OS vendor has iimplied that it is ok.

I don't think I have made that argument. Ever. You're knocking down strawmen.

I'm claiming that Microsoft's policies have created the present malware disaster. I'm claiming that they haven't changed their policies because of fear that it might annoy somebody and cost them a dollar or two.

So why doesn't Microsoft make that the default then?

I have never made that argument about the NT series of Windows. I'm not aware of anyone serious who has.

Nor is the Linux user missing out on anything spectacular by not having ACL's on his desktop machine.

So you admit that there are end-user apps that need special privilege to function. Outside of admin tools, I have NO Linux apps that need to run under sudo. Zero.

On Wed, 2 Nov 2005 16:24:08 -0500, Bob Hauck You're making it more complicated than it really is. Is an ACL-Role-based access control system more complex...

I think I've said that many times now. You keep hearing that I'm saying that it is a failure of OS design. I can only conclude that you haven't been actually reading what I wrote.

Well, I think that's a rather disingenuous statement if you need to use "runas" to make them work.

I think this statement clarifies why reduced rights aren't the default. There are in fact problems that need to be worked around because the historic code base was for Win9x and that's still not been overcome enough to make reduced rights palatable to the marketing people.

It is all about the marketing with MS. They hire good people and then ignore their advice if there's a dollar involved.

-- - Bob Hauck - A proud member of the reality-based community.

