Hole in the XP Firewall
 

It seems Bill put an intentional hole in the Windows XP Firewall. :(
Explained here and here.

You can't possibly believe that someone who is Knight Commander of the Most Excellent Order of the British Empire can't be so duplicitous can he?

Oh, boy. This wouldn't be a problem if XP's out-of-the-box configuration didn't run the default user with Admin priviledges... the Unix world figured this out a long time ago, and Linux, OSX, etc all inherited the better approach. But MS seems to strongly dislike the idea, though I don't know why... it must add to much complexity for the casual user.

Microsoft is a company full of highly intelligent and highly skilled individuals who routinely, grossly underestimate the cleverness of attackers, who gain the most ground by exploiting undereducated, over-priviledged users. Their security model puts way too much trust in the user, which is by far the weakest link in the security chain.

If they applied direct pressure by protecting the OS from the user (block admin priviledges without an admin password), they might slow the hemhorraging, but instead they keep adding layer after layer of security band-aids. Bah.

It is impossible to change that security model now without breaking a *lot* of applications, that's the problem.

I thought the same thing at first, but upon examination, it seems one solution would be relatively benign... to mimic the functionality and behavior of Unix's SuperUser ("su") command.

Windows already has a relatively safe "Restricted User" security role in Windows XP, it just isn't the default out-of-the-box. By default, Windows has the user use a full Administrator account. So here's what MS oughtta do...

1) During Setup, prompt the user to create one or more user accounts for the computer (these are Restricted User accounts).
2) After creating those users, Setup should allow the user to set an Administrator password, with a blurb explaining the purpose of Administrator (only for installing software, advanced configuration, etc)
3) After installation, if/whenever the user tries to log on as Administrator, they see a warning that running as Administrator may compromise their system security, and are they sure?

Then, when the user needs to run a process with Administrator priviledges, either A) the user uses the already-present context command "Run As..." to run it as Admin, or B) they run the program, and when Windows determines they lack the necessary priviledges, instead of just saying "You can't do that," it says "This action requires Administrator priviledges. Please enter the Administrator password or press Cancel."

Then, only that process runs with Admin rights, and all of the modifications are limited to Windows behavior... no changes to the actual security model.

I oversimplify, perhaps?

yay, hot_pastrami's back, yay!

I don;t know what the fuck he just said, but Yay!

I have missed you SO MUCH.

*cough*

Heheh.