[BigMike]

Actually on win XP. if you follow the recomended way to setup your users, you will have to have the Main users PW to be able to install anything. Thats how mine is set, Turn on the machine, it boots up, Its duel OS so i have to select my OS,<One for gaming one for all other> Then i select what user i want to be in and enter ther PW. If your logged into any other user than teh Main, it wont even let you start the Install program. From there you still have to retype the PW. So in reality Mac and PC are only as secure as teh operator wants them to be.

Interesting, I didn't know you could set it up like that. I guess because I always log in as myself, and I'm an administrator on my XP machine.

 

[merrrrjig]

I hacked it in 3 seconds (I entered in my password) Oh ya, and I did it to windows 98 too (I clicked the cancel button) ahhaha sad to say my mac is leaving me tonite Forever

 

[Ciaran]

Interesting, I didn't know you could set it up like that. I guess because I always log in as myself, and I'm an administrator on my XP machine.

I never set up users as admins, except myself. And that's only because I think I know what I am doing.

You can set up Win2k like that as well. Actually windoze has lot's of security features that no one ever uses. Windoze can be stable and secure IF it is set up that way from the start. And it takes a ton of set up too.

Also, there is a "run as" feature in Win. Run as another user...

 

[Toshi]

yeah, but outside of corporate environment no one runs windows as a non-admin user... and i don't recall seeing the authentication dialogs a la os x.

 

[binary visions]

yeah, but outside of corporate environment no one runs windows as a non-admin user... and i don't recall seeing the authentication dialogs a la os x.

Not sure if it's really what you mean by "authentication dialogues" but anyone set up as a non-admin user will get a prompt to enter the system's admin password if the program needs to make admin changes to the system.

As well as the "run as" feature that Ciaran mentioned, where you can manually do that.

 

[DirtyMike]

I never set up users as admins, except myself. And that's only because I think I know what I am doing.

You can set up Win2k like that as well. Actually windoze has lot's of security features that no one ever uses. Windoze can be stable and secure IF it is set up that way from the start. And it takes a ton of set up too.

Also, there is a "run as" feature in Win. Run as another user...

Yeah seting it up does take some time, but it is very secure, Oh and with keeping stuff from going online and things as such, the Extrust firewall that you can download free with xp does a pretty good job.

There is always going to be hackers that find ways to get in or around security programs, how do you think the Security programs were developed in the fist place, a bunch of hackers. When i was in highschool, we got a Whole new building and COmp network setup. I was one of the students that was asked to find a way in. Well, i did, And the next morning all the schools computers logged into the main server to get an update and load into german!!! Everyyear since they ask a new bunch of students to try and break into the system to find ebtter ways of keeping them out!

 

[Toshi]

Not sure if it's really what you mean by "authentication dialogues" but anyone set up as a non-admin user will get a prompt to enter the system's admin password if the program needs to make admin changes to the system.

As well as the "run as" feature that Ciaran mentioned, where you can manually do that.

that is what i meant but in a different context: on os x those dialogs pop up even when you're logged in as an admin. thus being logged in as an admin on windows and os x is different: on windows you or a program running as you can wreak all manner of havoc, while on os x such a malicious program would have to ask your permission first.

i'm not saying that there aren't clueless os x users who just type in their password blindly whenever such a dialog box appears, but there's no preventing that kind of stupidity.

 

[jimmydean]

But if you look at systems like Ubuntu, there is no "root" account unless you create one. Your normal user account has sudo rights, but there is no default root access by design. It's a good example of a secure model without additional configurations needed.

 

[Changleen]

Geeks.

 

[dfinn]

But if you look at systems like Ubuntu, there is no "root" account unless you create one. Your normal user account has sudo rights, but there is no default root access by design. It's a good example of a secure model without additional configurations needed.

It's identical to OSX. It uses sudo any time you need to do something as the root user.

 

[Ciaran]

yeah, but outside of corporate environment no one runs windows as a non-admin user... and i don't recall seeing the authentication dialogs a la os x.

Sadly, that is mostly true. Though I never set up anyones account as an Admin. Any windows tech worth his or her salt will do the same.

 

[sanjuro]

Not sure if it's really what you mean by "authentication dialogues" but anyone set up as a non-admin user will get a prompt to enter the system's admin password if the program needs to make admin changes to the system.

As well as the "run as" feature that Ciaran mentioned, where you can manually do that.

This is always a funny one for me. I understand limiting Admin access to your pc helps to protect it, lowering adminstration costs.

Of course, I want Admin access because I am going to install special apps, but can trusted not to click on that zip file with all the naked pictures of Anna Kornikova.

 

[Thrillkil]

A 15 digit, randomly generated (including caps) password, cracked via brute force (I realize rainbow tables aren't traditional brute force but the method is similar) in a half hour?

That'd be some serious computing power. I'm not sure that's something your average Joe needs to concern himself with, since the average person isn't facing a hacker with a Cray on his hands

Seriously, though, got any links? I've been out of the hacking loop for a number of years now, but I'd be shocked if a 15 digit random password could be cracked in any kind of reasonable timeframe by anyone with a normal amount of computing power. Rainbow tables can be enormous.

I don't have any links handy, but as I recall the table was huge, like 25+ gigs

 

[binary visions]

I don't have any links handy, but as I recall the table was huge, like 25+ gigs

I looked up a rainbow table for all alphanumerics plus special characters, and it was topping 45gb.

This is always a funny one for me. I understand limiting Admin access to your pc helps to protect it, lowering adminstration costs.

Of course, I want Admin access because I am going to install special apps, but can trusted not to click on that zip file with all the naked pictures of Anna Kornikova.

I agree with that... I think it'd make me nuts if I had to punch in my admin password every time I wanted to install something. Of course, I'm constantly tweaking my computer which is not normal for the average user. But I like my admin account, thanks - I did the same thing when I ran linux (I didn't enter the password as needed, I'd just log in as root for a while when I wanted to make changes).

 

[sanjuro]

From the emacs move-mail hack to Apache exploits, there are probably plenty of Mac applications which have not vetted for security. Keep in mind "the vulnerability he exploited has yet to be published and Apple has not released a patch for it"

For example, lets say you download a music player, and to speed up its playback, it reserves a block of register memory for cache. Lets say I figure how to write past the reserved block into system register space, allowing me to overwrite the system commands. So by downloading a song, I could access your system. This is how Robert Morris exploited the "finger" hack, btw.

I noticed this today:

Impact: An integer overflow in iTunes could cause a denial of service or lead to the execution of arbitrary code

Description: The AAC file parsing code in iTunes versions prior to 6.0.5 contains an integer overflow vulnerability. Parsing a maliciously-crafted AAC file could cause iTunes to terminate or potentially execute arbitrary code. iTunes 6.0.5 addresses this issue by improving the validation checks used when loading AAC files.

 

[DRB]

I noticed this today:

Impact: An integer overflow in iTunes could cause a denial of service or lead to the execution of arbitrary code

Description: The AAC file parsing code in iTunes versions prior to 6.0.5 contains an integer overflow vulnerability. Parsing a maliciously-crafted AAC file could cause iTunes to terminate or potentially execute arbitrary code. iTunes 6.0.5 addresses this issue by improving the validation checks used when loading AAC files.

So versions prior to 6.0.5 could launch the missiles?

 

[Secret Squirrel]

So versions prior to 6.0.5 could launch the missiles?

The King Missile......


Detachable penis.......detachable penis......

 

[DRB]

The King Missile......


Detachable penis.......detachable penis......

BWAHHAHAHAHAHAHAHA, I didn't see until I quoted it.