The Artima Developer Community
Articles | News | Weblogs | Books | Forums
Artima Forums | Articles | Weblogs | Java Answers | News
Sponsored Link

Agile Buzz Forum
Vista: Insecure by design

0 replies on 1 page.

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 0 replies on 1 page
James Robertson

Posts: 29924
Nickname: jarober61
Registered: Jun, 2003

David Buck, Smalltalker at large
Vista: Insecure by design Posted: Feb 13, 2007 7:07 PM
Reply to this message Reply

This post originated from an RSS feed registered with Agile Buzz by James Robertson.
Original Post: Vista: Insecure by design
Feed Title: Cincom Smalltalk Blog - Smalltalk with Rants
Feed URL: http://www.cincomsmalltalk.com/rssBlog/rssBlogView.xml
Feed Description: James Robertson comments on Cincom Smalltalk, the Smalltalk development community, and IT trends and issues in general. 		Latest Agile Buzz Posts
Latest Agile Buzz Posts by James Robertson
Latest Posts From Cincom Smalltalk Blog - Smalltalk with Rants

Advertisement

Whoa - so much for the security refresh in Vista - it's broken by design - installers run with admin privileges, even if the account they are running from doesn't have them.

"[When] you try to run such a program, you get a UAC prompt and you have only two choices: either to agree to run this application as administrator or to disallow running it at all. That means that if you downloaded some freeware Tetris game, you will have to run its installer as administrator, giving it not only full access to all your file system and registry, but also allowing it to load kernel drivers! Why should a Tetris installer be allowed to load kernel drivers?," Rutkowska asked in a post on her Invisible Things blog.

So that's just astonishing - I can disallow an installer, or I can pray that it does nothing wrong - but I can't run it in limited access mode. That's just stupid, and it makes the rest of Vista's security fixes fairly worthless. If I'm happy with a "trust the source" method of security, I may as well let my browser run anything, on the theory that I won't visit untrusted sources.

Technorati Tags: , ,

Read: Vista: Insecure by design

Topic: Cut Your Car Refueling Costs in Half Previous Topic   Next Topic Topic: Create them, let them grow healthy and shiny and then replace them with droids
Sponsored Links


Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use