Log in

No account? Create an account

Previous Entry | Next Entry

The truth hurts

One of the most interesting items that comes with Microsoft's new operating system, Vista, is called User Account Control. Very simply stated, it forces the user of the system to specifically authorized any function that requires administrative credentials. For example, if you want to change install WEP to connect to "secure" wireless networks, you would need to put in your password, basically reaffirming this is something that could be dangerious and that you really want to do this. A geekier explaination is avaialble here from Microsoft.

This is a great theory, and many other systems have it. In *nix, there's a speciall command called sa which allows you to enter a system administration session to do system administration work, since you should never log in as root. I'm sure there will be a comment shortly from zarchasmpgmr telling me how long ago IBM implemented this within their architecture. =)

Well, Microsoft is finally joining the frey with UAC on Vista. And, in theory, this is good. However, Microsoft's implementation has been considered less than stellar by many people. The major offense is that UAC is too "chatty", asking for credentials a lot more often than people would think they should need.

To this point, I offer you this gem, brought to you by those fine people at Apple.


( 2 comments — Leave a comment )
Feb. 7th, 2007 07:10 pm (UTC)
Oh man, that's diabolically clever. I LOVE IT. XD
Feb. 8th, 2007 10:26 pm (UTC)
Sorry it's a day late and a dollar short. Those silly trips to Sunnyvale just screw up my week.

It's a bit different in IBM RACF-land. Only the security administrator(s) can make updates, but he can parcel out work to department administrators, who can only update the areas determined by the security administrator. There are certain flags which allow certain activities, too.

But - IBM thinks that once you've authenticated (i.e., log on to TSO), you are authenticated. Usually security administrators have 2 id's - once for normal stuff, one for security administration that they use sparingly.

I love Apple's commercials. The Vista firewall is the exact opposite - it allows everything unless you explicitly block it. And there's no way to know what's going out because it's all permitted. *sigh*
( 2 comments — Leave a comment )