25 Mar
2012
25 Mar
'12
12:24 a.m.
On 03/23/2012 07:15 PM, David Robillard wrote:
Windows, on the other hand, traditionally had users running with
complete access to the system. Add to the mix notoriously flaky
low-quality code, slow moving development, and a core system built from
numerous layers of piled legacy crap, and it'd be shocking if exploits
*didn't* run rampant.
Anyone claiming that any system would have been as badly affected in
Windows' situation has no idea what they're talking about. The system
essentially didn't have any form of security whatsoever. The security
model wasn't flawed, it *wasn't there*. You didn't have to exploit the
system to get viruses and malware on it, you just had to get the user to
run something.
In all fairness... the situation in Windows is getting better while the
situation in Linux is getting more relaxed. When it comes to the user
experience, Win7 and Ubuntu now have more or less the same security
model WRT doing administrator tasks (asking for a password, sudo-style).
And even in Windows XP you *could* do it right (don't run as admin),
but several applications forced people to do it wrong... and the default
was to run as admin.
So now the difference is mainly that *nix has execute permissions on files.
Everything else is converged or converging.(*)
-gabriel