Microsoft Hits Snooze to Google "Wake-Up Call"

"However up to XP the default was an Administrators account and the default NTFS file permissions were access for Everyone."

actually that's not true. when you create user accounts in XP Pro on first boot, only the username in the first slot is an admin by default. all other users below that (slots 2-5) are standard by default. at the time, home users were not considered to be a security threat, but also at that time, spyware and system hijacker software was not prevelant.

"I don't know if things changed that dramatically in Vista though (and I don't care so far)."

spoken like true ignoramous. cheers!

XP

@Waethorn:

If I recall well, in a WinInfo article one MS employee said something like, it isn't a security feature and if it gets bypassed, it will not be a security break.

I can imagine what MS recommends (not logging in as an Admin), and it makes sense. However up to XP the default was an Administrators account and the default NTFS file permissions were access for Everyone. I don't know if things changed that dramatically in Vista though (and I don't care so far).

"So if it is not a security feature, what exactly is it?"

it is and it isn't.

for standard users it is because it requires an admin's login and password, but for users that choose to assign themselves as "Administrator" (again, Microsoft recommends AGAINST this for regular users doing day-to-day operations) without knowing the consequences, it only warns them that the activity could affect other users on the system because they are global settings.

XP

@NateB2:
"I would strongly advise you *not* to log in as root. There is a *huge* security risk if you do that. Vista has 3 user permissions levels- Administrator (root), limited administrator (the normal mode for the first user in Vista), and standard (any accounts made after the initial one will default to this). The Administrator doesn't get any prompts, the limited administrator gets a dialog with "continue" or "cancel", and the standard user gets a dialog which prompts for an administrator password. Yes, you can disable that, but again, you could be at risk."

You are right, but I will state some facts: Being used to "log in" as administrator by default, since DOS 3.30, it obviously has become a very strong bad habbit, that I have to get rid of. :-) I am planning to log in as a normal user, after I have read some book on GNU/Linux administration, scripting etc. Regarding Windows, even in XP Pro I was logging as Administrator (with a password), although it was creating a new user account (belonging to Administrators group if I recall well) during setup. I had the new user account as a backup account, in case something happened. Anyway XP was about the same, as Windows before, we could say.

Regarding UAC, I recall I read in WinInfo that an MS employee said that UAC isn't a security feature and that it is employed above an insecure infrastructure and can be bypassed. So if it is not a security feature, what exactly is it? In any case, we should try to be as secure as possible, so disabling UAC should be avoided (unless it is much irritating, I haven't checked Vista RTM).

"Take it up with the editors of InfoWorld, not me. I didn't write the article, I just quoted it."

that tone makes you sound like you don't even believe them. wasn't it tayme who even said the exact same thing i did (in fact, i'm only repeating his original comment)?

"And they have a lot more experience with Enterprise-level IT"

one only wonders with a story like that.

XP