Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Windows Operating Systems Software Security Unix IT

Longhorn to use UNIX-like User Permissions 697

destuxor writes "After years of Windows users abusing administrative accounts out of necessity, Microsoft promises that Longhorn will make better use of user permissions in what sounds exactly like what UNIX/Linux users have been doing for years. Hopefully this will fix the long list of applcations that cannot be run by a Least-Privilege User Account (LUA) while giving a much-needed security boost. Too bad "MS-root" can't watch over your grandmother when she opens emails."
This discussion has been archived. No new comments can be posted.

Longhorn to use UNIX-like User Permissions

Comments Filter:
  • Logo Program (Score:3, Interesting)

    by ShepyNCL ( 740977 ) on Friday April 08, 2005 @10:47AM (#12176635) Homepage
    Whilst this is a step in the right direction, Id be willing to bet that Microsoft will put a hefty fee on the LUA Pricniples program, putting it out of the reach of a lot of smaller software houses.

    If this is the case, then users will once again become used to just allowing any old piece of software to install with higher privileges, totally defeating the purpose of this.

    How many people do you think abort the installation of unsigned drivers, even when XP warns them that they are unsigned. I'd presume it is a very high percentage.

    You can lead a horse to water, but you cant make it drink.
    • Re:Logo Program (Score:5, Informative)

      by maxwell demon ( 590494 ) on Friday April 08, 2005 @10:50AM (#12176679) Journal
      How many people do you think abort the installation of unsigned drivers, even when XP warns them that they are unsigned. I'd presume it is a very high percentage.

      I guess you meant it's a very low percentage ...
    • Re:Logo Program (Score:4, Interesting)

      by gl4ss ( 559668 ) on Friday April 08, 2005 @11:10AM (#12176933) Homepage Journal
      *How many people do you think abort the installation of unsigned drivers, even when XP warns them that they are unsigned. I'd presume it is a very high percentage.*

      I prefer to continue installation and have a functional system with the latest drivers than to run a ms certified box(driver certs never guaranteed them to not bsod either).
    • Re:Logo Program (Score:5, Interesting)

      by nine-times ( 778537 ) <nine.times@gmail.com> on Friday April 08, 2005 @11:17AM (#12177030) Homepage
      How many people do you think abort the installation of unsigned drivers, even when XP warns them that they are unsigned. I'd presume it is a very high percentage.

      The percentage might be higher if the signed-driver thing didn't seem to be used for Microsoft's anti-competitive purposes. Or does no one else remember the fiasco where Windows would complain when you tried to install certified drivers from Nvidia, and instead direct you to install a Microsoft-altered version of the driver with crippled OpenGL?

  • 'User' attitudes (Score:5, Insightful)

    by Jumbo Jimbo ( 828571 ) on Friday April 08, 2005 @10:47AM (#12176637)

    I think that it's a good start and may well make a big difference in companies which use Windows as their desktop platform and have system administrators who can control user accounts.

    This section from the article seems to have a good point: A strictly enforced LUA model could make it harder for worms and viruses to take over Windows systems. But Microsoft may have a tough time changing user and developer behaviour, even with new features that support the LUA regime in Longhorn, experts warn.

    On home systems, we still currently have enough problems trying to convince people not to open dubious attachments, or with people giving sites permission to install practically anything on their machines. It will take a big shift in attitudes (or Microsoft forcing the user to jump though hoops) to make many home users have anything but admin-privilege accounts.

    • Home (Score:5, Insightful)

      by MisanthropicProgram ( 763655 ) on Friday April 08, 2005 @10:56AM (#12176759)
      I'd like to add that I hope that some of the software developers will start to consider that people will be running their software under another account other than "owner". I have a game, that no matter what I do to the permissions, will not run under any account other than the owner/administrator.
      I'd also like to point out that I've been following all of the suggestions and tips on /. regarding Windows security and permissions and I haven't had my machine corrupted - yet (knocks on head) Knock on wood.
      Thanks guys!
      • Re:Home (Score:5, Interesting)

        by Queer Boy ( 451309 ) * <dragon,76&mac,com> on Friday April 08, 2005 @11:11AM (#12176941)
        I have a game, that no matter what I do to the permissions, will not run under any account other than the owner/administrator.

        I'd return the game to the manufacturer and tell them that was not one of the requirements on the outside of the box and you do not have access to play the game under an admin account. There's no reason a game should have free reign of a system.

        Incidentally none of my games on OS X require superuser or even an admin account. Although they require it for installation if you install anywhere else but ~/

        • Re:Home (Score:5, Funny)

          by Quarters ( 18322 ) on Friday April 08, 2005 @11:46AM (#12177426)
          "Incidentally none of my games on OS X require superuser or even an admin account. Although they require it for installation if you install anywhere else but ~/"

          Would that game be Breakout, SuperBreakout, or Photoshop?

        • Re:Home (Score:3, Informative)

          by freak4u ( 696919 )
          As the way it should be. This is the reason why I and I'm sure a lot of other people don't run windows. In Windows, anybody can muck up your system. In *NIX, it's a lot harder. Hell, the run as service doesn't even work very well in Windows. Speaking of, does anybody else notice how Windows is reverting back to UNIX? There is speculation that NT is based on VMS (VMS -> WNT is incrememnting a letter, check the safemode stuff with disk0/part1/ nix type stuff). further reading [jmusheneaux.com]
          • Re:Home (Score:5, Insightful)

            by n0-0p ( 325773 ) on Friday April 08, 2005 @12:30PM (#12177913)
            There's no speculation at all, it is a fact. Windows NT is heavily derived from VMS; the lead architect for both is the same person. This is openly referenced in MS literature even. Why try to make it sound like a conspiracy?

            As for the rest, no it is not harder to muck up a *nix system than windows, it is just much harder to configure and run a Windows NT/2K/XP system with multi-user priveleges. This is not due to the base OS, which has all the necessary support. It has been bad policy on MS' part by failing to standardize, promote and enforce these requirements in applications. Because of this, application developers (MS included in many cases) take the easy way out and build software that requires admin privs.

            Please, do some basic fact checking in the future. Your entire post was very deceptive.
        • Re:Home (Score:3, Interesting)

          by l0perb0y ( 324046 )
          Yes, but how many games run SetUID root in OSX? (don't have a clue, just wondering)

          Games like Abuse do this in Linux and it's always getting new exploits. How many game developers are dedicated to tightening down the security of their code?
        • Re:Home (Score:5, Insightful)

          by sconeu ( 64226 ) on Friday April 08, 2005 @12:30PM (#12177919) Homepage Journal
          Unfortunately, "The Sims" and "Mavis Beacon Teaches Typing 15" actually have that requirement (on their website). I think the Sims has it on the box, too.

          Will someone tell the reason why on G-d's Green Earth that a typing tutor requires Admin?

          The only thing I can think of is sloppy programming, writing to Program Files or to HKLM, instead of C:\Documents and Settings\{user}\Application Data or HKCU
      • Re:Home (Score:3, Funny)

        by badfish99 ( 826052 )
        I'd also like to point out that I've been following all of the suggestions and tips on /. regarding Windows security and permissions and I haven't had my machine corrupted.
        As one of the most common /. suggestions is to use Linux instead, I'm not surprised.
    • by Cosine Jeremiah ( 1871 ) on Friday April 08, 2005 @11:03AM (#12176846) Homepage
      Macintosh users adjusted rather well to OS X's behavior, which basically mimic's a GUI sudo whenever root privs are needed. I think if application installers start popping up the password prompt, people will figure out what to type in there.

      On the other hand, perhaps people will end up getting too used to typing in the password whenever it's presented.

      "Installer? Check! Installer? Check! Virus? Check!"
      • by AvantLegion ( 595806 ) on Friday April 08, 2005 @12:03PM (#12177625) Journal
        But asking for the password is better than nothing. And the password pops up at predictable times - when installing software, changing system settings, etc.

        Were it to pop up at an unusual time, I'd think a decent number of people would be suspicious. And for those that weren't, it would at least give them something to reference back to as to "where they went wrong". Problem with Windows is that the "security" fails silently, and soon you have a compromised system and no idea how it got that way.

      • by Coryoth ( 254751 ) on Friday April 08, 2005 @12:59PM (#12178227) Homepage Journal
        On the other hand, perhaps people will end up getting too used to typing in the password whenever it's presented.

        "Installer? Check! Installer? Check! Virus? Check!"


        I think the more disconcerting possibility is a shareware or other program that mimics the password dialog and sends the results off somewhere. People have a remarkable tendency to use the same password for everything. This could be a boon for password farming.

        Jedidiah.
    • by nine-times ( 778537 ) <nine.times@gmail.com> on Friday April 08, 2005 @11:10AM (#12176939) Homepage
      It will take a big shift in attitudes (or Microsoft forcing the user to jump though hoops) to make many home users have anything but admin-privilege accounts.

      And I think that, right there, that's the problem many of us have with Windows' security (you know, when you hear all the MS-bashing about bad security?). Microsoft has sought to appease users/developers who don't understand/care about security measures, and so they've left out the hoops you would have to jump through in order to accomplish things. However, this means that viruses/worms/trojans/spyware/whatever have to jump through fewer hoops as well.

      Personally, I'd like to see Microsoft be brave, risk alienating their customers, and do things the right way. The question is, has the bad press about security made Microsoft feel threatened enough to take that risk.

    • by erroneus ( 253617 ) on Friday April 08, 2005 @11:19AM (#12177064) Homepage
      One thing that Microsoft can and should do is to implement the traditional "you can't/shouldn't run this as root" thing.

      Some programs refuse to run as root. Some will always warn you. This would be a VERY good thing. There are so many programs that shouldn't be allowed to run as Administrator and, really, should be the norm. User applications should always have this restriction in place. Wordpad can run as Administrator, but MS Word should not. MS Paint can run as administrator, but The GiMP, Photoshop or the like should not!

      This would represent a pretty major shift in the user experience, but that shift could be about the only practical way to dig Microsoft's reputation for terrible security out of the hole it's in now.

      I'd like nothing more than people to switch to my favorite OS, Linux, but in the mean time, I don't think it's worth all of the suffering that users experience in the mean time.

      I think the best mode of operation is for Microsoft to define a white-list of applications that are allowed to run as Administrator and make it a pain in the ass for users to make adjustments to that list each and every time. This would encourage users to run as a user... but again, the problem of developers not updating their coding practices to match will be the biggest hurdle.
      • Actually you made me think of an interesting point, if M$ wants the vendor to produce an summary of the permissions necessary for a program to run, would it be possible to have the program reduce it's own permissions to have the minimum necessary. For instance if you open IE as an administrator IE could immediately reduce its permissions to the absolute lowest level possible, this WOULD help quite a bit.
      • by flithm ( 756019 )
        This is absolute crazy talk. When I'm admining my server as root, I need to be able to run every application... and this is the way it is now. There's very few cases where something will refuse to run as root, and that's exactly the way it should be.

        They key here is that many applications drop their privilege level to some predefined state, ie on many systems this is nobody:nobody.

        A white list is no good, it'll just cause a whole bunch of people shouting "I need to run this as admin!"

        Just let applicat
  • Finally... (Score:5, Interesting)

    by TripMaster Monkey ( 862126 ) * on Friday April 08, 2005 @10:47AM (#12176638)
    From the article:


    Application developers who log on to their development machines as administrators when they write code create programs that assume that level of privilege but have trouble when run by a user with reduced permissions, according to Brown's work, which estimated that 90 percent of Windows software can't be installed without administrator access to Windows, and that 70 percent won't run properly unless the user is an administrator.


    It's about damned time this issue gets addressed. Every day at work I have to fight with this M$ limitation. Chief among the offenders are:

    - Kodak Share software
    - Autocad
    - Any serial port emulation program
    - PowerDVD

    Most users must be elevated to Power User status on their machines to allow them to do anything nowadays, while there are plenty of programs (like the ones listed above) that will malfunction or simply refuse to work with anything less than full Admin rights. Sometimes, I have no choice but to give a user full Admin rights...I grind my teeth as I do so, knowing full well I'll be called to disinfect the machine of countless spyware programs within weeks, if not days.
    • Thank God. I can't count the number of times I've had to deal with the stupid permission settings in Windows. Even for a simple thing like sharing files and folders over a home network. Their system is so convoluted and just completely stupid - pointing and clicking through various menus to set attributes... conflicting attribues... and all kinds of other crap. I was trying to set up access permissions on a home networked machine whereby it would authenticate against another machine on the same network. But
    • Re:Finally... (Score:5, Interesting)

      by Anonymous Luddite ( 808273 ) on Friday April 08, 2005 @11:04AM (#12176864)
      >> Sometimes, I have no choice but to give a user full Admin rights...I grind my teeth as I do so, knowing full well I'll be called to disinfect the machine of countless spyware programs within weeks, if not days.

      That's where I live buddy.

      We have a room full of people of varying ability who all have unlimited access because [censored p.o.s. software package] doesn't run otherwise. These guys surf a lot, clicking "yes" on every friggen dialogue box they see... literally can't go a full week without some exploit being loaded.

      zero user buy-in for security - When someone shows up to remove the exploit-of-the-week for them, they get is static about "touching my machine". It pains me to be in the same room sometimes...

    • Re:Finally... (Score:4, Informative)

      by zenray ( 9262 ) on Friday April 08, 2005 @11:06AM (#12176878) Journal
      We've had the same issues at work but we've found that if you examin the bad applications closely they mostly want write access for the user in the 'programs files' area or the windows or winnt area. Giving users of these programs the proper write access solves most of the problems. We found one program that required a registery edit to work properly with just 'user' privilages. It is a major PITA to find out all these details to tighten security but we are doing it.
    • Re:Finally... (Score:5, Informative)

      by Malc ( 1751 ) on Friday April 08, 2005 @11:09AM (#12176919)
      Can I recommend Aaron Margosis' blog [msdn.com]? It provides a lot of tips for running as non-admin. His PrivBar [msdn.com] is very helpful. He also talks about scripts that launch other apps with elevated permissions without having to log off - they change the user's permissions (give them admin rights), logon as that user, launch the app, and finally reset the permissions, all within the current user's session.

      There's a lot that can be done to enable software to play nicely under a limited user account. Sometime's it's not worth the effort, but in some cases changing permissions on select registry keys and NTFS folders can get things working.
    • Re:Finally... (Score:5, Interesting)

      by Rycross ( 836649 ) on Friday April 08, 2005 @11:17AM (#12177026)
      We run all of our users as users at work. Some of the programs which don't work can be made to work by fiddling with file permissions and the security policies. For programs that just won't work without admin priveledges, we provide an admin account which has been modified so that you cannot log into it (by having a script that logs you out as soon as you log in). The users use the "Run as..." option, and run their programs using this administrator account. Thus they can't do everything as administrator, but programs that require the permissions can be run.
    • Re:Finally... (Score:5, Interesting)

      by Spy der Mann ( 805235 ) <spydermann.slash ... com minus distro> on Friday April 08, 2005 @11:24AM (#12177131) Homepage Journal
      Chief among the offenders are:

      - Kodak Share software
      - Autocad
      - Any serial port emulation program
      - PowerDVD


      Shouldn't Microsoft Logo certification do something about this? I mean, isn't there a clause saying "Thou shalt let users run thy program withoust being administratorths" or something?
    • Re:Finally... (Score:3, Interesting)

      by jd142 ( 129673 )
      I wonder how many of the programs on the list don't necessarily require admin access once they've been installed, it's just that one person installs the app and then it doesn't work at all under another user.

      I know that we use PowerDVD here. We install it under an accout that is a member of the administrator's group. Then we log out and log in as administrator. We copy the profile for the install account to the default user. After that, any one who logs into the machine can use PowerDVD, even though th
  • Memories (Score:5, Interesting)

    by FreeLinux ( 555387 ) on Friday April 08, 2005 @10:47AM (#12176640)
    Microsoft also proposes application manifests, which allow developers to define the permissions an application needs to operate properly

    I recall a few years ago when all applications even MS Office came with this type of documentation so that Netware administrators could install the software and configure the "rights" properly.

    I had recently encountered a few Windows applications where permissions were a problem and I was reminiscing about just that. Serendipity?
    • by tepples ( 727027 ) <.tepples. .at. .gmail.com.> on Friday April 08, 2005 @10:57AM (#12176766) Homepage Journal

      But here's something that worries me more about manifests:

      Microsoft also proposes application manifests, which allow developers to define the permissions an application needs to operate properly and can be signed by independent software vendors to ensure integrity. Deployment manifests, signed by IT departments, will allow network administrators to dictate how much trust an application should have on the network, according to the documents.

      Based only on this part, it appears that an application manifest must be published by an entity that can afford three figures USD per year for a code signing license. Developers of free software and proprietary freeware often cannot afford this annual fee. My worry is that Longhorn Home Edition may not permit users to install customized deployment manifests, locking users into using only programs with an application manifest, that is, proprietary commercial software.

      • Based only on this part, it appears that an application manifest must be published by an entity that can afford three figures USD per year for a code signing license

        Not necessarily - I assume that the certificate an IT department uses to sign code will only need to be trusted within the company network. Windows Server is shipped with a certification authority software, and it is a (relatively) trivial task to create certificates that are trusted by all machines in a domain.
  • Of course... (Score:5, Insightful)

    by Anonymous Coward on Friday April 08, 2005 @10:47AM (#12176642)
    The permissions will permanently be set to 777.

    The problem has never been a lack of permissions in NTFS, just that no one uses them well.
    • Re:Of course... (Score:5, Insightful)

      by Koiu Lpoi ( 632570 ) <koiulpoi@gma i l .com> on Friday April 08, 2005 @11:04AM (#12176856)
      And there's a plethora of windows programs that require Admin rights just to run. The most bizzare one, in my opinion, is Battlefield 1942, although there are plenty of others, like PowerDVD. Just trying to use permissions properly in windows is a huge pain, if not impossible. I hope Longhorn fixes this, but I've got a feeling that it's just a re-routing of the current problem.
      • Re:Of course... (Score:3, Informative)

        by Minna Kirai ( 624281 )
        The most bizzare one, in my opinion, is Battlefield 1942,

        It's not really too wierd- it's actually a preview of the "remote attestation" features you may get from "Trusted Computing" next decade.

        Battlefield 1942, like all online games using the PunkBuster anti-cheating library [evenbalance.com], needs admin rights so that it can examine every other program you are running, in case any of them is meant to help you cheat.

        By running a game like that, you are not only giving that software full control of your computer, but al
  • by thundercatslair ( 809424 ) on Friday April 08, 2005 @10:47AM (#12176644)
    This might not change much, windows users are generally lazy. I see most people will just log in as an administrator and stay that way forever. The article didn't mention how easy it would be to switch to an administrator either like unix's su. No matter what microsoft does security will always be a huge problem, users don't want to change they like it easy.
    • by PPGMD ( 679725 ) on Friday April 08, 2005 @10:59AM (#12176787) Journal
      It's already easy to run software at higher permission levels, you right click an executable, and select Run As, there is also a command line version of it as well.

      The ability is already there in XP to run at lower permission levels for most applications, it's just that few developers have properly coded for it, as they assume the user will be administrator. I would say that 20-30% of this problem is the developers fault, because the tools are there.

  • by buckhead_buddy ( 186384 ) on Friday April 08, 2005 @10:48AM (#12176657)
    No the Microsoft permissions in Longhorn will be different from Unix permissions...
    They'll be patented. :-)
  • by badmicrophone ( 858946 ) on Friday April 08, 2005 @10:51AM (#12176694)
    well, it will once MS finally patents them like they did sudo.

    http://taint.org/2004/08/20/024522a.html [taint.org]

    --
    Check out my music video! [mp3unsigned.com]
  • LUA? (Score:5, Informative)

    by JabberWokky ( 19442 ) <slashdot.com@timewarp.org> on Friday April 08, 2005 @10:51AM (#12176696) Homepage Journal
    I realize it's hard to come up with simple names, but it's going to be annoying trying to Google for stuff about Lua [lua.org] soon.

    --
    Evan (Really nifty language)

  • Years? (Score:3, Insightful)

    by Anonymous Coward on Friday April 08, 2005 @10:54AM (#12176728)
    in what sounds exactly like what UNIX/Linux users have been doing for years.
    I think you mean decades, not years.
  • by Anonymous Coward on Friday April 08, 2005 @10:54AM (#12176732)
    The permission mechanisms in Windows NT/2k/XP are pretty flexible. Unix is only just migrating from the old user/group/world permission set to access control lists, something that is readily available for just about everything in the Windows operating system, from files to individual registry entries.

    The problem with Windows permission management is that a) it is completely hidden from the casual user, b) there are no guidelines how applications can be made to work with restricted privileges and programmers are too lazy to figure it out themselves and c) the default XP install makes everybody an admin, so there is very little incentive for application programmers to get it right.
  • by Antyrael ( 855796 ) <travisw@nOSpAM.wmpub.ca> on Friday April 08, 2005 @10:56AM (#12176753)
    While this has been a long time in coming, problems are bound to accompany a change of this large a scale. I see the biggest problem being older apps that do the job, but aren't under development anymore. As well, it would be great if MS could implement something that follows along the same lines as the su command for *nix. Just a quick userswitch at the command line, install a program, and bam, done.
  • Years behind (Score:3, Insightful)

    by Sebby ( 238625 ) on Friday April 08, 2005 @10:57AM (#12176771)
    I find it odd how microsoft tries to say it's innovative when they adopt methologies that have been in wide use already for several,several years, but only implement them several, several years later.

    I guess what they'll have to be innovative at is implementing it in such a way that it'll be secure, without breaking old software, but breaking old user/developer habits which caused the mess that requires them to implement this now.

    • by RLW ( 662014 ) on Friday April 08, 2005 @11:15AM (#12177012)
      You forgot the read the fine print.

      M$FT is innovative in the realm of the MS Windows OSes. It does a better job of adding new innovative features to various MS Windows OSes better than anyone else does.

      It's a very narrow scope.
  • UNIX-like? (Score:5, Insightful)

    by ryanvm ( 247662 ) on Friday April 08, 2005 @10:59AM (#12176786)
    After reading the article *gasp*, I wouldn't say Microsoft is moving towards a UNIX-like security system. Rather they are moving away from a stupid security system.

    There's nothing inherently UNIX-ish about not giving normal users administrative privileges. Unless you're defining UNIX as any multi-user operating system. The idea of limiting normal users is standard in any decent multi-user operating system.
  • by foo fighter ( 151863 ) on Friday April 08, 2005 @11:00AM (#12176807) Homepage
    This isn't Windows switching from their ACL model to a UNIX permission model.

    One, they are pushing for 3rd-party developers to finally stop requiring simple apps like kid's software and low-end desktop publishing to be run with escalated privileges.

    I mean, these application developers have had since '98 or '99 to work this out. But Window's lax defaults and lack of user education didn't force the issue. Microsoft is finally, /finally/, forcing the issue.

    Two, it is Microsoft finally realigning their default ACLs to be at once more secure and more common sense.

    It makes no sense for a home user to not be able to control their power settings or change their system time unless they have escalated privileges.

    Really, this isn't so much Windows following UNIX as it is Windows following OS X.

    Finally, and this is IMHO, going to a permission model would be a *huge* step backwards. I know UNIX die-hards will flame me for this, but it is my experience that ACLs are much more flexible and lucid than permissions.
    • a little clarfication on the os x permissions model. basically os x uses standard unix permissions right now. tiger's introducing ACL support. mac os x's good permissions model comes from well separated privledges, logical admin username/password prompts on actions that require escalation, and developers actually testing to make sure apps run/install without requiring admin privs. (heck you can install most apps in os x by just putting it in ~/Applications). technically windows has better permission control than most OSes out, it's just the defaults are total shit and the app developers don't take any responsibility to allow user-level installs and running.
  • About time (Score:3, Insightful)

    by n0-0p ( 325773 ) on Friday April 08, 2005 @11:02AM (#12176831)
    Seriously, the security community as been screaming about this for years just so MS could have parity with other multi-user systems. Of course, the big issue will be pushing other software vendors to compliance. Regardless, at least average users may finally not (by default) browse the web with an admin priveleged account. That should cut down on a lot of the malware issues that are encountered.
  • by mrogers ( 85392 ) on Friday April 08, 2005 @11:03AM (#12176837)
    What I'd really like to see is something more fine-grained than Unix permissions: instead of giving every program permission to access all my files, I'd like to have multiple "hats" per user. Each user would have a personal equivalent of /etc/passwd describing their different hats (web, graphics, work, music, etc). A few programs like the shell, the window manager and the file manager would run with the user's full permissions, while other programs would be restricted to their own directories (eg ~/.mozilla), plus any files passed to them by the file manager (this could be implemented using pipes, or the file manager could change the permissions on the file). The file selection dialog would be provided by the file manager so it would be able to "see" all the user's files, but the application would only be able to access files selected by the user.

    Just as the login process forks and drops its root privileges before running your shell, the file manager or window manager would fork and drop its full user privileges before running an application that was supposed to wear a certain hat.

  • by erroneus ( 253617 ) on Friday April 08, 2005 @11:03AM (#12176839) Homepage
    I'd love to blame Microsoft for their own operating system problems, but really, the blame is mostly on the third party developers.

    It has been this way from the beginning... as far back as I can see, developers skirted the BIOS because BIOS calls were too slow -- that was back when the BIOS was part of the OS. This is not a Microsoft problem, but it adds to understanding of how the culture evolved. "Forget about standards and interoperability, we need to deliver performance!" The error in judgement has been costly.

    Today developers continue to write code that uses and exploits bugs and irregularities in the MS Windows operating system environment. If I learned nothing else from reading the comments found in the Windows Source code scandals, I learned that Microsoft became obliged to add code to emulate bugs and irregularities for specific applications to continue to run properly. In a perfect world, the app writers would write code using the APIs as documented. (And when bugs and irregularities were found, Microsoft would FIX them to discourage developers from utilizing the strange or buggy behaviors)

    Developers should be mature enough to realize that any bug or irregularity found in an OS API should be considered subject to change and could break their software once it is fixed. It kinda bugs me that these "paid professionals" were and continue to be so short-sighted.... (meanwhile, these Open Source Amateurs rely almost exclusively on documented API functions and features simply because bugs and irregularities are often fixed quickly enough that to write code against them would mean they would need to update their code AGAIN.)

    I think this kind of speaks volumes about where the real weakness in commericial software development lies -- in the motivation.
    • Very few developers are exploiting Windows bugs, at least not knowingly. The problem is that the standards changed.

      When Win9x/FAT32 ruled the earth there were no protected directories and everyone, including Microsoft, tended to have writable files everywhere. A lot of programs saved their settings to files in their program directory, which seems bad until you realize that most of the rest wrote to an INI file in the Windows directory. But there were plenty of examples from Microsoft that did similar thing
    • developers skirted the BIOS because BIOS calls were too slow -- that was back when the BIOS was part of the OS. This is not a Microsoft problem

      It bloody well is a Microsoft problem. They had the ability to improve the performance of the BIOS, ANSI.SYS was frequently ten to a hundred times faster than the BIOS on a typical computer... all they needed to do was intercept the BIOS calls and perform the same operations they did with ANSI.SYS and they would immediately remove any need for people to go around them.

      But they didn't. So your choice was ANSI.SYS, or direct hardware access. I went with the BIOS for my terminal program and half my code was "curses" style optimizations to avoid making extra trips into the BIOS ... as if this memory mapped display was a 300 baud terminal!

      Similarly, the current mess with applications needing to write to %SYSTEMROOT% to install is Microsoft's fault, because for many years they recommended that applications do that... as near as I can tell so they could ship DLL updates through application vendors instead of coming up with their own update mechanism. The result of that? Administrator-level installers, DLL Hell, and viruses being REINSTALLED back into %SYSTEMROOT% by the system restore tools they created to try and work around the problems...

      Not Microsoft's fault? Like hell it's not!
  • by amichalo ( 132545 ) on Friday April 08, 2005 @11:05AM (#12176870)
    This doesn't solve all problems for Microsoft, just changes them.

    While this will be a certain benefit to corporate environments with IT security policies and IT departments to come install/upgrade software for employees while at the same time ensuring that new version of FreeCell you got from a friend doesn't infect the whole corporate network, the issues become more troublesome for home users.

    A home user will either end up running their system as an Administrator, thus circumventing the access permissions model, and/or they will become frustrated with the inability to install/update/access/delete files on their own computer.

    How many times has the home user faced a property configuration wizard that tells them to contact their "system/network administrator" for more information.

    My mother is not a "system administrator", but yet, to change her ISP, she had to put on that hat or call me to talk her through it.

    No disrespect to Linux, but Microsoft would do well to study Apple's model for system security on a home implementation. Apple has, successfulyl in my opinion, abstracted much of the user security model to allow the home user to know nothing about CHMOD while still providing appropriate security when needed - like entering an administrative password (SUDOing the application) for installations and upgrades.

    Last on the list of needed changes to the windows security model is to provide far more robust error/exception handling when a user does something like tries to rename a file that is open. Consider this closing argument:

    "The file cannot be renamed because it is in use by another application."

    versus

    "The file 'foo.doc' cannot be renamed to 'bar.doc' because it is opened by 'Word.exe' would you like to:
    - Cancel the renaming
    - Save the document changes in Word and rename the file
    - Discard the document changes in Word and rename the file"
  • by uncoveror ( 570620 ) on Friday April 08, 2005 @11:06AM (#12176883) Homepage
    After all, the next Windows will be a version of BSD, [uncoveror.com] a rip-off of Mac OSX. Claims of BSD's death are greatly exaggerated.
  • by gspeare ( 470147 ) <geoff@sh[ ]tt.com ['alo' in gap]> on Friday April 08, 2005 @11:07AM (#12176892) Journal
    The problem I've always had with Windows permissions is that it's damned-near impossible to debug permissions problems. After two or three attempts with completely uphelpful error messages, I don't have the time to figure the exactly proper config, so Full Control it is.

    If it were easy to tell what the problem was, it would be easier to have a secure system.
  • Not good (Score:3, Insightful)

    by Beatbyte ( 163694 ) on Friday April 08, 2005 @11:13AM (#12176984) Homepage
    I can easily see Microsoft patenting this technology once they have it implemented.

    This can only further limit other OS's.

    To me it feels more like a race between MS and OSS programmers to get the technology out there to be 'previous art' before we get shut out in the cold by our own legal system.
  • "Fixing Permissions" (Score:3, Informative)

    by Leebert ( 1694 ) on Friday April 08, 2005 @11:16AM (#12177021)
    The ones that annoy me the most are applications under Windows that, when installed using an administrator account, "Fix" the permissions on my filesystem for me. I believe the software that came with my old Canon PowerShot (A40?) did this so it could store pictures in the program directory. I mean, ferchrissakes, there's even a bloody "My Pictures" directory that's writeable by the user!
  • by bcmm ( 768152 ) on Friday April 08, 2005 @11:18AM (#12177048)
    "Given enough time and money, eventually Microsoft will re-invent UNIX."
    From a famous fortune cookie, can't remember which one.
  • by jayhawk88 ( 160512 ) <jayhawk88@gmail.com> on Friday April 08, 2005 @11:22AM (#12177104)
    ...but getting older programs working in XP was bad enough. Something like this is probably going to break 3/4 of the old Windows software out there, a nightmare for those of us in the corporate worlds. Cause, you know, Sue in Financials has 10 years worth of expense reports locked up in PeachTree Accounting 4.4 for Windows 95 and doesn't see why she should use anything else, and Doug in Facilities has a master key database in dBase 2.5 for DOS that nothing on the fucking planet can read any more.

    Ugh, I'm already seeing the problems.
  • Cowpokes (Score:3, Funny)

    by NateTech ( 50881 ) on Friday April 08, 2005 @11:25AM (#12177151)
    I think Microsoft needs a cattle prod for their Longhorn, to get it out the door.

    Nice to see they're considering adding features added to other OS's 20 years ago, though.
  • by dpbsmith ( 263124 ) on Friday April 08, 2005 @11:32AM (#12177265) Homepage
    Microsoft is excellent at deflecting criticism by promising fixes, then delivering what are only modest improvements.

    When Microsoft software has an obvious problem that competitive software does not, the general pattern is that a) Microsoft claims the next release will fix it; b) the next release falls far short of a fix but is nevertheless a noticeable improvement; c) applause from Microsoft fanboys drowns out those would observe they still haven't achieved parity with the non-Microsoft state-of-the-art.

    Since Microsoft users live in a sealed universe--they're too busy keeping up with security patches, changes in API's, and evolving purchase and licensing plans to have the time to ever use any non-Microsoft software--Microsoft gets away with this pattern of "big promise, partial delivery"

    Complaints about Windows 3.0 instability were met by the assertion that you "would never see a UAE in Windows 3.1."

    Complaints about FAT fragmentation were met by assertions that NTFS would not require defragmentation.

    Comments that Windows 3.X was far less usable than the Mac OS were met by assertions that Windows 95 would be just as good as the Mac.

    Complaints that installing software under NT 3.x were met by assertions that NT 4.0 would not require rebooting....
  • by mrwiggly ( 34597 ) on Friday April 08, 2005 @12:02PM (#12177615)
    Those who don't understand UNIX are doomed to reimplement it. Poorly.
  • C'mon, Winamp!! (Score:3, Interesting)

    by Pionar ( 620916 ) on Friday April 08, 2005 @12:09PM (#12177685)
    This was why I had to drop Winamp. My choices were to either run Winamp as Administrator or not have access to the media library function.

    Blah. It's a good thing iTunes rocks.
    • Re:C'mon, Winamp!! (Score:4, Informative)

      by siliconjunkie ( 413706 ) on Friday April 08, 2005 @12:55PM (#12178196)
      This was why I had to drop Winamp. My choices were to either run Winamp as Administrator or not have access to the media library function.

      Winamp is a TOTAL pain in the ass [webdevlab.com] when it comes to running as a limited user, but there are a few ways to get it to work right without running as admin. The first, obviously, is to install Winamp to your user directory. This is not the most secure method, but with some care it can be (relatively) safe and certainly better than logging on as admin. The other way is a bit more complicated and involves a plugin and directions that can be found here [rosenkeller.org].
  • by JThaddeus ( 531998 ) on Friday April 08, 2005 @12:33PM (#12177946)
    Adding a meaningful permissions scheme will either kill many of my kids games, force a repurchase, or give me loads of headaches. When we got an XP box, I thought "Great, no crap installed by teenagers." Then I found that none of their games would play without write ability to the game directory in 'Program Files'. So guess what? They are administrators, too. We're not talking small stuff or fly-by-night companies. My kids have worked very hard to keep EA Games in business. I'm glad they will be out of my house when Longhorn comes around. Let the university's tech support sort it out with them.

    There were similar problems with Eudora which my wife uses for email. So, she's an admistrator, too. And Eudora had its own headache under XP--she and I could not share mailboxes as we had done under Win98, even if the mailboxes were in a shared directory.

    Good thing I have my own Linux box. When the kids and their games leave, I'm getting the Mrs. a Mac and shinning on we're-all-administrators-here Windows for good.
  • A downgrade (Score:3, Interesting)

    by jbolden ( 176878 ) on Friday April 08, 2005 @02:20PM (#12179168) Homepage
    I know I'm going to get flamed horribly for this, But I consider this a downgrade. The Windows permission system (which is essentially the VMS permission system) is far better than the one for Unix offering much better controls especially for large scale servers where administrative responsibilities are divided between teams. I think the real problem with Windows is that it didn't go far enough in implementing the VMS permissions model. On VMS its common for highly privileged users to run in an unprivileged state with few privileges except the power to grant themselves most privileges and then do the following:

    a) Run in an unprivileged state until they get a privilege error
    b) Determine if they really want to do the thing that caused the error
    c) If yes temporarily grant themselves permission to do this thing. This is sort of like sudo but only grants one particular type of privilege not everything at once
    d) Try again. If they get another permissions error on another permission repeat steps b and c.
    e) Once successful (or they decide not to complete the action) then lower their permissions back down to their normal level.

    The closest analogy for people haven't used VMS or a mainframe would be OSX when it asks you specifically before you do an administrative task.

    This is way safer than Unix's system of permissions. The problem is that applications just fail for lack of privilege and the interface doesn't make it easy to bump all over the place. Frankly I think adopting the Unix model with less fine grained privileges is a major downgrade to NT. The problem is with the applications (including those written by Microsoft) not the OS.

Someday somebody has got to decide whether the typewriter is the machine, or the person who operates it.

Working...