Re: Card Reader

---

• From: Bryan Olson <fakeaddress@xxxxxxxxxxx>
• Date: Mon, 14 Nov 2005 21:23:42 GMT

---

Floyd Davidson wrote:
> As he said, it is /theoretically/ possible...  but note that the
> theory requires that a user not just be ignorant, but to also
> intentionally make an effort to assist.

Nonsense. I use some garden-variety exploit to get my
code running as the user; muck with his path so "sudo"
runs my script, which gives me root.

For a virus, getting root/admin on either Linux or Windows
is neither really hard nor really necessary. How it can get
user access; what it can do with user access; how it may
move up to privileged access: these are fundamentally the
same on Windows and Linux.

> Which is to say, those who think Unix could ever have the
> problems that Windows does with security, should read not only
> more, but *deeper*.  Get past the headlines, the FUD, and find
> out what the facts are.

Despite the flame-wars, Unix and MS-Windows (NT or better)
have quite similar security measures. At the O.S. level,
the biggest difference is NT's pervasive use of
access-control lists and security descriptors. The Unix
world has been slowly embracing ACL's, but Linux
distributions are still permission-bit based.

On the other hand, Microsoft has shipped software with
truly disastrous default settings. It's not a fundamental
flaw in the O.S., and they're getting better, slowly. They
stopped running e-mail attachments by default, but last
time I checked their systems still installed with CD-ROM
autoplay enabled.

[...]
> The fundamental differences are huge.

They're really, really, not.

> Small things that most
> people simply do not understand the significance of make all the
> difference.  For example, the GUI system for Windows is built
> into the kernel, which was necessary to provide adequate speed.
> That is *inherently* the wrong thing to do.

In both Linux and MS-Win, parts of the GUI system run
privileged, parts run non-privileged. Both OS's are designed
for platforms that intrinsically allow hardware drivers to
take over the system.

--
--Bryan
.

---

• Follow-Ups:
  • Re: Card Reader
    • From: Floyd Davidson

• References:
  • Re: Card Reader
    • From: Paul Allen

• Prev by Date: Re: About whitebalance
• Next by Date: Re: Enhancing Blurry Photos?
• Previous by thread: Re: Card Reader
• Next by thread: Re: Card Reader
• Index(es):
  • Date
  • Thread

---

Relevant Pages Client-side JavaScript weirdness with assigning a form element - in Windows / IE6 only. Any ... I have this snippet of client side code running: ... The alert is just in there for debugging. ... but doesn't work right in Windows / IE6. ... (comp.lang.javascript) Re: using directx in web development ... No becuase there is no 'safe' version of managed directX. ... code running in the browser runs in the most restricted security set and so ... Its possible, but very unwise, to change the security settings ... (microsoft.public.vb.directx) Re: Android LAN access problem ... One piece of code running on Windows works, ... consider that I'm trying to resolve the NetBIOS name of my laptop. ... Windows has ability to resolve NetBIOS names. ... (comp.lang.java.programmer) EnumSystemCodePages returns invalid numbers on WinCE?? ... I am enumerating the installed code pages using the EnumSystemCodePages. ... I have the same code running on Windows XP fine. ... But on WinCE, the code page ... (microsoft.public.windowsce.embedded) Re: Which font is used in dialog title bar? ... If you read the CreateWindowEx documentation, ... BTW I would advise you to do everything you can to avoid getting in the ... is very very sketchy and it seems like with each new version of Windows, ... Microsoft changes it slightly so to keep your code running you have to have ... (microsoft.public.win32.programmer.gdi)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

newsgroups.derkeiler.com  > Archive  > Rec  > rec.photo.digital  > 2005-11