Re: Most secure mainstream OS? (was Re: QuickTime 7.1.6: Java vulnerability Fix)
- From: michelle ronn <completelyinvalid@xxxxxxxxx>
- Date: Thu, 03 May 2007 06:01:16 GMT
Some just off the top of my head:
* In Windows, lots of applications don't work correctly if you don't run them from a user account with administrative privileges. In Mac OS X, that is an *extremely* rare occurrence.
Fixed in Vista. Next.
* In Windows, there is only one registry, and any program can modify the registry, affecting other programs, for all users. Worse damage to the Registry can render a Windows system unbootable. In contrast, each user account in Mac OS X has its own preferences folder to which no other users have access, and even if the entire preferences folder is wiped clean, the operating system boots up fine.
Not completely true with Vista or Windows XP. Depends on the context, but it is a true statement in some contexts. OS X has an issue here as well. Once an application has been given admin privs, any other application can escalate to admin privs within a sufficiently wide window of time. To test this for yourself, do an sudo xxx on the command line in OS X. Replace xxx with your favorite command that needs sudo. You will have to give a password. Now, do it again for a different command. You will be able to sudo WITHOUT renewing your credentials. Yes, this is a security flaw by design.
* In Windows, most applications must be run as administrator, are installed by complex installer programs that have access to write to any part of the file system, and modify files in critical system directories. Uninstalling Windows applications, likewise, necessitates modification of files in critical system directories. In contrast, most Mac applications are simple drag-and-drop installs, do not need administrator privileges to work, and do not have access (or need to) modify critical system files. Also most Mac applications may be uninstalled simply by dragging the application to the trash and emptying the trash.
True of some Windows programs. Microsoft went after this in a big way with Vista, and now it has the same login feature of OS X, with one exception. It does not have that nice gaping admin window that I described above. This results in the constant pain in the rear end checking that the Mac ad makes fun of.
* Even non-admin users in Windows are able to modify critical system files. Ever try logging in without admin privileges and seeing if you can delete things in C:\Program Files\ or C:\Windows\? Try it sometime (back up first, of course). In Mac OS X this is simply not possible - non-admin user accounts are truly barred from harming critical files in the operating system. And even admin users are prompted each and every time a program attempts to modify important files.
I just checked an XP box. A user level account cannot delete system files. If an application is installed at a higher priv level, the user account cannot delete those either. Given, who runs XP and previous versions of Windows at less than Admin? (not many people).
* Windows' RPC reliance - nuff said!
There are lots more, but I'm short on time, so these are just a few off the top of my head. This is nowhere near an all-inclusive list.
.
- Follow-Ups:
- References:
- Prev by Date: Re: Audience abandons Microsoft¹s MIX 07 keynote
- Next by Date: Re: Commercials protraying PC 20 years ago
- Previous by thread: Re: Most secure mainstream OS? (was Re: QuickTime 7.1.6: Java vulnerability Fix)
- Next by thread: Re: Most secure mainstream OS? (was Re: QuickTime 7.1.6: Java vulnerability Fix)
- Index(es):
Relevant Pages
|
