[SC-L] how far we still need to go
Steven M. Christey
coley at linus.mitre.org
Wed Jul 25 11:43:53 EDT 2007
On Wed, 25 Jul 2007, William L. Anderson wrote:
> I am flabbergasted. When I first encountered Unix in 1983 I was taught
> that you always run as an ordinary user, and only use admin (root)
> privileges when needed. If OS X developers are running as admin, and
> building and testing their products as admin, well ... I'm still in
> shock. And I weep for the species.
Unfortunately, there's not much of a surprise here. The same problem
exists for lots of Windows-based applications. I regard it as a leftover
from the fact that these OSes were not designed to be multi-user, but the
threat landscape has changed such that multiple users (or at least
multiple roles for the same user?) are necessary. This will take a bit of
time before it registers with the everyday computer user or developer of
these mono-user systems.
- Steve
More information about the SC-L
mailing list