Discussion in 'OT Technology' started by $nails, Sep 22, 2006.
just got this message from a friend who works in IT
Its immunity will last only as long as its obscurity.
very true. so until that day.
But on Linux it's immunity is virtually limitless! UBUNTU FTMFW!!
That makes perfect sense actually. The obscurity of Firefox * the obscurity of Linux = so close to zero as to be virtually meaningless.
I use firefox and Opera, Opera takes more resources to run, but it definely gets the least attention from attacks.
To an extent I would agree without a doubt.
But it doesn't change the fact: probably very close to every day since it's inception, Firefox users have been safer on the net than IE users.
Obscurity has killer benefits.
The design flaw of IE 6 is based on the fact that its integrated with the OS - they've done away with that in IE 7 because they've finally grudgingly admitted that removing potential threats is a lot easier than fighting fires.
Heh.. When security in browsers used to come up in forums I use, someone would always mention that IE is unsecure because it integrates with the OS, and then if we're lucky enough to have a windoid in the house he/she'll explain that the (minor?) way in which IE is integrated isn't unsafe at all.
And now this..
I think the biggest flaw is with Windows: hundreds of millions of newbies everywhere are running as root 100% of the time - browsing the web, as root. As soon as the web-browser's compromised, or the IM program, or the mail program.. Crackers can install rootkits or whatever the fck they want, "integrated" or otherwise.
Add to that the inherent security in Linux (that non-super users can't access any system files) and it makes even more sense. There's a method to my madness...really.
That is true - I'm more than guilty of that practice despite knowing the dangers of it. But some of the previous flaws did not depend on the current user's access level - it could use a service's access level and because some service accounts make themselves Local admins we're back to square one.
I've recently removed myself as a domain admin at work and I can't believe the number of things I do on a day to day basis that require me to have admin priv and not just on my local computer. I use remote desktop with an admin password but for some other things I don't necessarily want to hop on a RD connection to change a file folder permissions. Or move a backup file around. Or re-run a scheduled task on a server. So do I add my new group back to each individual area that I want access basically negating my security demotion or stop being lazy and remote desktop whenever I need to do something that is domain admin related?
I hope not many of them.