Why do people switch to Linux 13485

On Wed, 2 Nov 2005 16:24:08 -0500, Bob Hauck

You're making it more complicated than it really is. Is an ACL-Role-based access control system more complex than u-g-o, of course. That doesn't necessarily mean that the interface to such a sub system can't be abstracted to a degree where the complexities are easily manageable. That's one of the things software, and specifically a GUI, excels at after all, organizing and abstracting large numbers of details in to more easily manageable views.

I confess I don't know much about SELinux, but if it caries with it the baggage of Linux's history of insisting that nearly everything be manageable from the command line, then it's understandable why managing ACLs would seem overly complex. Similarly the thought of managing ACLs just on the file system, to say nothing of applying same to system objects, from the command line of a regular distribution does give one pause. In Windows where a graphic interface is always available, such complexities aren't nearly as daunting.

You make it sound like "mere mortals" aren't capable of using SELinux.

The fact is that Role Based Access Controls like those used in SELinux and Windows actually make it *easier* to secure a system:

One of the most challenging problems in managing large networks is the complexity of security administration. Role based access control (also called role based security), as introduced in 1992 by Ferraiolo and Kuhn, has become the predominant model for advanced access control because it reduces the complexity and cost of security administration in large networked applications. Most information technology vendors have incorporated RBAC into their product line, and the technology is finding applications in areas ranging from health care to defense, in addition to the mainstream commerce systems for which it was designed.

*************************************************************

Why do people switch to Linux 13486
begin virus.txt.scr T.G. Reaper Nope, little one, you don't get to use the easy way out of tzhis. First you claim that linux fs are primitive, because...

Why do people switch to Linux 13488
On Tuesday 01 November 2005 04:54, Tim Smith stood up and spoke the following words to the mbuttes incomp.os.linux.advocacy...: This is a deliberate fragmentation technique, and unlike a real-life situation to occur. I also...

I know it's talking about "large networks" and "large networked applications," but most of the same principles and agents that pose threats to those large networks, are also risks to home LANs and individual systems connected to the Net.

I'd agree with you in that early on, MS didn't "get it" wrt security, and because of that, some ISV's were sloppy in their practices as well. However, that was then, and this is now, MS has "seen the light," and security is not just an after thought. I agree that a lot needs to be done to correct the bad habits the user base has acquired, but if anyone has the resources to address the problem Microsoft does.

It's only the last one that is actually at the root cause of most of the problems. All of the others are not inherently bad in and of themselves, provided the details of their implementation are handled correctly. Who knows, maybe Vista will force a non Admin account.

That doesn't necessarily mean that the one with the best looking models isn't indeed the better choice.

A matter of degree I guess, I can evaluate the technical merits of the OS without agreeing with all the policies and practices of the corporation.

Just showing that there are indeed *apps* under Linux that require elevated privileges.

Technically, you're right the game doesn't actually *need* admin privileges, game vendors are sometimes too zealous in wanting to extract every last bit of performance that is humanly possible. Such software should preferably be avoided. Failing that, RunAs allows the game to be used. In any case this certainty isn't a flaw in the design of the operating system, the OS is doing exactly what it should, preventing access to the hardware unless the app has admin privileges.

That's an error, and a bad habit. You don't run stuff as admin "just in case." Such practices should not be accepted as "understandable" or overlooked as unimportant. It's a bad habit regardless of what OS it happens under.

MS certainty has the resources and the clout to address the problem, whether they will choose to do so or not is anybody's guess. In the short term, yes it might alienate a few of their hardcore bonehead users, but in the long term, it would cut support costs significantly. If you or I can see that, I doubt seriously it has escaped Microsoft's notice.

-- Cheers T.G. Reaper --

T.G. Reaper Gentoo & Windows user..The right OS for the right job. ******************************************************

Linux | Previous | Next

Why do people switch to Linux 13486

Linux Advocacy from Newsgroups

The #1 Usenet Provider on the Internet

Why do people switch to Linux 13484

PLEX86 x86- Virtual Machine (VM) Program


	CVS \| Mailing List \| Download \| Newsgroups

		Why do people switch to Linux 13485 On Wed, 2 Nov 2005 16:24:08 -0500, Bob Hauck You're making it more complicated than it really is. Is an ACL-Role-based access control system more complex than u-g-o, of course. That doesn't necessarily mean that the interface to such a sub system can't be abstracted to a degree where the complexities are easily manageable. That's one of the things software, and specifically a GUI, excels at after all, organizing and abstracting large numbers of details in to more easily manageable views. I confess I don't know much about SELinux, but if it caries with it the baggage of Linux's history of insisting that nearly everything be manageable from the command line, then it's understandable why managing ACLs would seem overly complex. Similarly the thought of managing ACLs just on the file system, to say nothing of applying same to system objects, from the command line of a regular distribution does give one pause. In Windows where a graphic interface is always available, such complexities aren't nearly as daunting. You make it sound like "mere mortals" aren't capable of using SELinux. The fact is that Role Based Access Controls like those used in SELinux and Windows actually make it easier to secure a system: One of the most challenging problems in managing large networks is the complexity of security administration. Role based access control (also called role based security), as introduced in 1992 by Ferraiolo and Kuhn, has become the predominant model for advanced access control because it reduces the complexity and cost of security administration in large networked applications. Most information technology vendors have incorporated RBAC into their product line, and the technology is finding applications in areas ranging from health care to defense, in addition to the mainstream commerce systems for which it was designed. ************************************************************* Why do people switch to Linux 13486 begin virus.txt.scr T.G. Reaper Nope, little one, you don't get to use the easy way out of tzhis. First you claim that linux fs are primitive, because... Why do people switch to Linux 13488 On Tuesday 01 November 2005 04:54, Tim Smith stood up and spoke the following words to the mbuttes incomp.os.linux.advocacy...: This is a deliberate fragmentation technique, and unlike a real-life situation to occur. I also... I know it's talking about "large networks" and "large networked applications," but most of the same principles and agents that pose threats to those large networks, are also risks to home LANs and individual systems connected to the Net. I'd agree with you in that early on, MS didn't "get it" wrt security, and because of that, some ISV's were sloppy in their practices as well. However, that was then, and this is now, MS has "seen the light," and security is not just an after thought. I agree that a lot needs to be done to correct the bad habits the user base has acquired, but if anyone has the resources to address the problem Microsoft does. It's only the last one that is actually at the root cause of most of the problems. All of the others are not inherently bad in and of themselves, provided the details of their implementation are handled correctly. Who knows, maybe Vista will force a non Admin account. That doesn't necessarily mean that the one with the best looking models isn't indeed the better choice. A matter of degree I guess, I can evaluate the technical merits of the OS without agreeing with all the policies and practices of the corporation. Just showing that there are indeed apps under Linux that require elevated privileges. Technically, you're right the game doesn't actually need admin privileges, game vendors are sometimes too zealous in wanting to extract every last bit of performance that is humanly possible. Such software should preferably be avoided. Failing that, RunAs allows the game to be used. In any case this certainty isn't a flaw in the design of the operating system, the OS is doing exactly what it should, preventing access to the hardware unless the app has admin privileges. That's an error, and a bad habit. You don't run stuff as admin "just in case." Such practices should not be accepted as "understandable" or overlooked as unimportant. It's a bad habit regardless of what OS it happens under. MS certainty has the resources and the clout to address the problem, whether they will choose to do so or not is anybody's guess. In the short term, yes it might alienate a few of their hardcore bonehead users, but in the long term, it would cut support costs significantly. If you or I can see that, I doubt seriously it has escaped Microsoft's notice. -- Cheers T.G. Reaper -- T.G. Reaper Gentoo & Windows user..The right OS for the right job. ****************************************************** Linux \| Previous \| Next



		Why do people switch to Linux 13486 Linux Advocacy from Newsgroups The #1 Usenet Provider on the Internet Why do people switch to Linux 13484