Vista SP2 and Windows 7 more Secure than Mac Leopard or Linux

[MetalheadGautham]

What about my question of fooling apps that demand admin access ? Some compilers and games for example do so.

 

[Cool G5]

Some Interesting Links :

*www.windowsvistaplace.com/is-gnulinux-more-secure-than-microsoft-windows/linux/

*forums.fedoraforum.org/archive/index.php/t-216227.html

*answers.yahoo.com/question/index?qid=20090305122356AAlzvc2

*www.builderau.com.au/news/soa/Ubun...d-Windows-Vista-/0,339028227,339287864,00.htm

*www.cyberciti.biz/tips/is-linux-really-more-secure-than-windows.html

Some articles are old, but I feel they still can be included here for a satisfying debate.

 

[Liverpool_fan]

BTW Has anyone tested SuRun on Windows 7? It worked great in XP and Vista. It Vista it felt less unobtrusive than UAC (except we had to enter password once), I'm unsure how well it works in Windows 7.

 

[desiibond]

^^ change your user mode to "Standard user" and try once

If it doesn't work, give me app names and I will try to find out a way to run them.
-----------------------------------------
Posted again:
-----------------------------------------
hmm. SuRun seems to be a good tool. let me try it out today after going home.
-----------------------------------------
Posted again:
-----------------------------------------

Apple's Leopard OS lasted 30 second, Windows Vista Ultimate lasted until the third day, but Ubuntu's Linux distribution alone was left secure at the end of the "Pwn to Own contest" at CanSecWest security conference held in Vancouver.

LOL. 30 seconds????

 

[Liverpool_fan]

hmm. SuRun seems to be a good tool. let me try it out today after going home.

You will LOVE it for sure, particularly in XP. It's sad though nobody knows about it though.

 

[Cool G5]

For those who are not aware of Surun,

SuRun eases working with Windows 2000 or Windows XP with limited user rights.

The idea is simple and was taken from SuDown (*SuDown.sourceforge.net).
The user usually works with the pc as standard user.
If a program needs administrative rights, the user starts "SuRun <app>".
SuRun then asks the user in a secure desktop if <app> should really be
run with administrative rights. If the user acknowledges, SuRun will start
<app> AS THE CURRENT USER but WITH ADMINISTRATIVE RIGHTS.
SuRun uses the trick from SuDown:
* Put the user in the local Administrators user group
* Start <app>
* Remove the user from the local Administrators user group

SuRun also installs a hook that appends "Run as admin..." and "Restart as
admin..." to the system menu of every application that does not run as
administrator. That makes it possible to accomplish tasks that you otherwise could not, e.g. setting the Windows clock by double clicking it in the task bar notification area would normally display a "Access denied" Message and exit. With SuRun you are able to click "Restart as admin..." and to set the clock.

SuRun integrates with the windows shell and adds "Start as admin..." to the
Shell context menu of bat, cmd, cpl, exe, lnk and msi files.

------------------------------------------------------------------------------
Why not use the built in "Run As..." Windows command?
------------------------------------------------------------------------------

*Windows loads the registry and environment for the user that you run as.
If a software is about to be installed, the installation program will see
the admins HKEY_CURENT_USER and may create registry entries there.
Also the software sees "C:\Documents and Settings\Administrator" as the users profile path.

SuRun uses the current user account, so all registry entries and file system
paths are the same as the user would expect.

*Windows asks for the user name and password directly on the users desktop
Any spy (or even the friendly Autohotkey) could get an administrator password.

------------------------------------------------------------------------------
Why not use SuDown?
------------------------------------------------------------------------------

*SuDown can very easily be used to spy your account password.
SuDowns password dialog runs in the users desktop and the password can be caught by any application that uses Windows hooks, even by autohotkey.
*SuDown puts every SuDoer, after he logged on, into the Administrators group.
Spying the password and using it in a call to CreateProcessWithLogonW
would make the spy running as administrator.
*SuDown starts any process as administrator without asking for permission for a couple of minutes after the user entered the correct password.
*SuDown does not work in a plain Windows 2000 because the windows function "LogOnuser" in Windows 2000 requires a privilege that only system processes have.

------------------------------------------------------------------------------
Why use SuRun?
------------------------------------------------------------------------------

*SuRun uses a secure desktop for sensitive user interaction:
SuRun uses a service to create a secure desktop in the window station of the users logon session. On that desktop it will ask the user for permission or the password. The desktop is not accessible by user applications. Keyboard and mouse hooks will also not work on that desktop.
*SuRun does not leave the user in the administrators group.
After creating the administrative process, SuRun removes the user from the administrators group immediately. So spying even out the password would not increase the chance that the system could be infected by malware.

Source : Another forum

To top it all, Surun is an Open Source Project 8)

 

[gxsaurav]

The fault with windows is the very nature of it, including the way you install apps.

What is wrong in it? Care to elaborate.?

Its simply much easier to trick a windows user into letting in a malware than trick a Linux user.

No it is not unless you are using 8 years old Windows XP SP0. You tell me a such scenario how the user can be fooled?

You need to log in as administrator for simple actions. Windows needs something like SUDO to become safer.

Its there, call UAC in Vista. And do tell me what simple actions r those for which windows needs Admin access

As for Vista SP2, I am giving it time.

It doesn't matter if you give it time or not. You r not an analyst & your opinion hardly matters.

BTW I've been using Vista SP2 Beta for 5 months now and it's very safe but you can't call it more secure than the likes of OS X or Linux.

Why not, please stop believing in word of mouth, learn something from the Mojave Project & state why u think Windows is not as secure or more secure then Linux.

I need to log in as administrator each time I need to alter files which are write protected against normal users.

If they are system related files, then it will ask your for admin access which is logical. The same happens in linux so why is Windows wrong when it does the same thing in a better GUI way instead of typing a command.

I need to run several apps only as admin or they fail to run.

Which apps r they? I am using Vista since it came & no app requires me to use it as admin.

you can change permission of a file even if you are not owner

Then it is a security flow in Linux. This way something can change access of a file without admin rights & make changes to the computer.

yet it yikes me to spend money to get an OS

It doesn't yikes to use the electricity, water for which you pay Bill so why does it yikes u to pay for a software which you use everyday of your life for many years to come whose return value is tremendous.

There is a difference here in Linux. I just need to fire up the terminal pressing one of the special keys on my keyboard and type a line to install an app using sudo. Basically speaking, I don't enter desktop of root EVER

Windows makes this task easier for you instead of your pathetic Linux way. Just enter the admin password. its better then typing a command

That's what I want to do in windows. I am forced to log OUT and log in admin mode.

No u r not, even if u r using XP/

And the run-as option is awesome, but I still can't do things like run filemanager in administrator mode, etc

You can, right click on teh file, go to compatibility tab in Vista -> Run as admin. Done.

In a nutshell, I don't ever want to have to look at the desktop of administrator user except in safe mode.

You don't have to. My sister's user in my PC is Standard user, when she tries to install an application UAC blocks her & asks for my user password as I am the admin. Once I enter my password, the software installs fine.

 

[iMav]

FUD alert! GX go to Delhi dude! The forums aren't any fun without the ghost of DRM.

 

[RCuber]

FUD alert! GX go to Delhi dude! The forums aren't any fun without the ghost of DRM.

lol

 

[axxo]

You don't have to. My sister's user in my PC is Standard user, when she tries to install an application UAC blocks her & asks for my user password as I am the admin. Once I enter my password, the software installs fine.

isn't the fact..you got to share the root password then? In unix sudo you still use your(user) password not the admin password.

 

[iMav]

Since I have nothing better to do this morning ....

SOmeone talked abpout going into Terminal with a keyboard shortcut (the way he said it is like its soe magic & can't be done in any other OS) anyhoo... the point being ... go into terminal, type a long a$$ retarded command as if I was hacking into the power grid that was in Die Hard 4.0

I think a lot of people would rather use the mouse ... you see, its much more easier to click than remember & type commands. Plus it gives me that added advantage of choosing the installation directory! How awesome is that! Now I can install the app in a dual-boot environment but not have to waste extra disk space! w00t! Windows #WIN!

 

[gxsaurav]

isn't the fact..you got to share the root password then? In unix sudo you still use your(user) password not the admin password.

This is also the user which my friends use when they come to home & they are techies. There is no password on this user. Now, if it was sudo then my friends could install anything without my permission by just doing SuDo but with UAC no one can install anything unless I enter my password in the UAC prompt or I install the software from my user.

I don't have to share my password with her or anyone. She doesn't have to install anything new as everything is already there. If there is something she needs to install, I am first notified, then I either come physically close to the PC & enter the password manually or over remote desktop.

Like the other day she was installing PDF Plug-in for Office 2007 & UAC prompted her. I told her then that the plug-in is already installed.

 

[Cool G5]

Since I have nothing better to do this morning ....

SOmeone talked abpout going into Terminal with a keyboard shortcut (the way he said it is like its soe magic & can't be done in any other OS) anyhoo... the point being ... go into terminal, type a long a$$ retarded command as if I was hacking into the power grid that was in Die Hard 4.0

I think a lot of people would rather use the mouse ... you see, its much more easier to click than remember & type commands. Plus it gives me that added advantage of choosing the installation directory! How awesome is that! Now I can install the app in a dual-boot environment but not have to waste extra disk space! w00t! Windows #WIN!

Who said Linux requires you to remember long a$$ retarded commands? Everything a normal user requires can be accomplished with a GUI. Gone are the days when users needed to use CLI.
The CLI is only for power users
#Linux

 

[desiibond]

isn't the fact..you got to share the root password then? In unix sudo you still use your(user) password not the admin password.

What is the advantage of having login restrictions and permissions when the user has priviledge to switch to root (using sudo) at will. What is the need to have restricted login then.

Thanks to windows, if user want to do something that requires access rights, he/she has to beg admin/owner instead of sneaking in with sudo.

Sudo may be useful but it can also be exploited

 

[axxo]

What is the advantage of having login restrictions and permissions when the user has priviledge to switch to root (using sudo) at will. What is the need to have restricted login then.

Thanks to windows, if user want to do something that requires access rights, he/she has to beg admin/owner instead of sneaking in with sudo.

Sudo may be useful but it can also be exploited

you do not how sudo works, it doesn't give as u think every user the privilege to access system commands. There is a file called sudoers which controls the access and whom the access to be given. Also there will be a log file which gets updated whenever sudo is invoked.
oh..well if you want to protect the user from sneaking system areas protection is still available in the form ACL, RBAC, etc..
Now imagine iff 100 users are working on that system to run a program, owner/admin has to reach each of them and share his/her password..does that sounds any good?

 

[mehra.rakesh]

HAHAHAHAHAHA !!!!!!!! Lolerz ..... Windozzz Pista will be secure only the condition being that it is run in a terminal inside of NSA and to be doubly sure not used AT ALL .....

 

[iMav]

Who said Linux requires you to remember long a$$ retarded commands? Everything a normal user requires can be accomplished with a GUI. Gone are the days when users needed to use CLI.
The CLI is only for power users
#Linux

That is why I said that OS wars here are no fun anymore, people just don't read whats a reply to what

 

[Pat]

Haha..
@Manan: I miss those days

 

[MetalheadGautham]

WTF ? I wasn't here for 1 day and this is a gang war already ?

Anyway, I'm giving SuRun a try. Lemme see how it works.

Ontopic: Lets wait for the 2009 edition of the hacking the PC competition. Lets see how Snow Lepopard and Windows 7 fare compared to Ubuntu 9.04 then.

 

[ionicsachin]

Another boring OS war...