Longhorn Troubles: Does Anybody Care?

[Tony Hill]

Do you know if NT/2000/XP have a SUID concept? I run as administrator
because I regulary use software that requires it and always selecting
"run as" is a pain in the arse.

I haven't looked into it too deeply yet, but they do have an
"effective permissions" tab under their Advanced Security Settings for
files and directories. I'm not sure if this will accomplish the same
thing as SUID/SGID bits or if it's something totally different, but it
might be worth looking into.

 

[AD.]

Not to mention, it took quite some digging to find where I could set user
groups apart from Administrator and Limited(or whatever was it). Then only
to find that after I created a new power-user group with the ability to
install programs... it tells me there ain't such a group when I attempt to
assign the user account. heck, even Win2K was smart enough to ask for an
Administrator login/password when a power user wanted to install
something.

Was that on XP Home?

Does this help?
http://www.tweakxp.com/tweak298.aspx

I haven't tried it myself though.

Cheers
Anton

 

[Alexander Grigoriev]

The problems start if you want to set any security options on XP Home. It
just either won't allow it (for example, I could not assign an user to more
than one group), or can only be done in safe mode or through a command line,
for example setting permissions on files. And there is no security policy
editor.

Use XP Pro.

 

[Alexander Grigoriev]

There is runas command line program. Or you can start a console window with
runas, then all the program started from it will run under another account.
There is a bug with runas and Run As..., though, it doesn't load some
environment variables for the new user.

 

[Carlo Razzeto]

message

Try 2Ghz laptop with 128MB of RAM pPp

--
L.Angel: I'm looking for web design work.
If you need basic to med complexity webpages at affordable rates, email me
Standard HTML, SHTML, MySQL + PHP or ASP, Javascript.
If you really want, FrontPage & DreamWeaver too.
But keep in mind you pay extra bandwidth for their bloated code

Just because you have a laptop doesn't mean you can't get your self some
more memory. I'm sure you'll be fine once you do that.. With 512 I can run 3
Visual Studio's, DreamWeaver, Outlook, chat program and several browsers
with no issues. Of course that doesn't mean my pathedic 15" monitor doesn't
have an issue with all that

Carlo

 

[The little lost angel]

Was that on XP Home?

Think so it was, pre-installed on laptop so I doubt it was a XP Pro

Does this help?
http://www.tweakxp.com/tweak298.aspx
I haven't tried it myself though.

Thanks for the link, though it's a wee bit late for my friend who's
currently a few thousand miles away overseas.... pPppp

Though the link returns a database error msg

--
L.Angel: I'm looking for web design work.
If you need basic to med complexity webpages at affordable rates, email me
Standard HTML, SHTML, MySQL + PHP or ASP, Javascript.
If you really want, FrontPage & DreamWeaver too.
But keep in mind you pay extra bandwidth for their bloated code

 

[The little lost angel]

The (apparent) read-only attribute on folders was nothing to do with
your problem. 'Read only' on a folder/directory is meaningless, and XP
uses that bit for some entirely different purpose, as a quick google
will reveal.

It was in MS KBE, there's a bug with the MS Office Installer that will
crap out on you when the installer folder has the Read Only flag. The
KBE recommends using attrib to set it because the tick in the
properties won't work (deliberate design they call it). I wasn't the
only one with the problem from my googling. For some the attrib work,
for me and some others, it didn't.

Anyway, it's water under the bridge now, I told my friend to sell off
the Office and use the free version pPpp

--
L.Angel: I'm looking for web design work.
If you need basic to med complexity webpages at affordable rates, email me
Standard HTML, SHTML, MySQL + PHP or ASP, Javascript.
If you really want, FrontPage & DreamWeaver too.
But keep in mind you pay extra bandwidth for their bloated code

 

[The little lost angel]

You probably have to go into the Advanced dialog to set the
directory's read/write/execute permissions. It might be that the
permissions where being inherited from a parent directory, or it could
be that there are multiple sets of permissions.

Are you on XP Home or XP Pro? I'm beginning to get the feeling that
everything was so braindead is because it was XP Home and MS figured
you're either an Admin(parents/smarty pants) or Limited (kiddo/younger
brother)

I think the problem is that you're trying to make a Power User account
with *almost* administrator privileges. The easy way to do it is to

Erm, just try creating a new user group of any sorts, assign a user
account to it and see what XP says about your user now. The normal
ones have their user group under the name icon, the new one says

make just a regular user account for actual use and than have a second
administrator account that you use for all the elevated privilege
stuff. I'm sure this isn't the only way of doing things, but it's the
way I'm used to doing stuff from using Linux, so it sort of seemed
natural.

The regular user can't install programs... pretty much useless for
most normal users. It will just irritate the hell out of them that
soon they will just log onto the admin account anyway from boot. :/


--
L.Angel: I'm looking for web design work.
If you need basic to med complexity webpages at affordable rates, email me
Standard HTML, SHTML, MySQL + PHP or ASP, Javascript.
If you really want, FrontPage & DreamWeaver too.
But keep in mind you pay extra bandwidth for their bloated code

 

[The little lost angel]

message

Just because you have a laptop doesn't mean you can't get your self some
more memory. I'm sure you'll be fine once you do that.. With 512 I can run 3
Visual Studio's, DreamWeaver, Outlook, chat program and several browsers
with no issues. Of course that doesn't mean my pathedic 15" monitor doesn't
have an issue with all that

Hehee, I know that. My main point was the RAM would be the killer. My
home system used to be only 350Mhz with 768MB of RAM, I could do a lot
of stuff on it, much snappier.

My 128MB laptop keeps hitting the swap whenever I switch between
programs as simple as Excel and Browser. Irritating but no moola at
the moment to get another 256MB.

--
L.Angel: I'm looking for web design work.
If you need basic to med complexity webpages at affordable rates, email me
Standard HTML, SHTML, MySQL + PHP or ASP, Javascript.
If you really want, FrontPage & DreamWeaver too.
But keep in mind you pay extra bandwidth for their bloated code

 

[The little lost angel]

Lets make a contest - the slowest machine with Win XP on it.
I just got a laptop where admin freshly installed XP.
It is Pentium II 363 with 128MB.
To my surprize, it works reasonably fast as for regular office tasks. I could not
use 98 on it mostly because drivers for some unusual external devices (it is a test-control comp)
are absent.

Maybe our definition of fast is different? There are P3 128MB systems
in my school that runs XP and they are similar PITA like my laptop
(which at least have a faster CPU), switching between tasks takes
forever for Windows to swap. Doing .NET on it is more a test of
patience at times than programming skills.

--
L.Angel: I'm looking for web design work.
If you need basic to med complexity webpages at affordable rates, email me
Standard HTML, SHTML, MySQL + PHP or ASP, Javascript.
If you really want, FrontPage & DreamWeaver too.
But keep in mind you pay extra bandwidth for their bloated code

 

[Carlo Razzeto]

Hehee, I know that. My main point was the RAM would be the killer. My
home system used to be only 350Mhz with 768MB of RAM, I could do a lot
of stuff on it, much snappier.

My 128MB laptop keeps hitting the swap whenever I switch between
programs as simple as Excel and Browser. Irritating but no moola at
the moment to get another 256MB.

--
L.Angel: I'm looking for web design work.
If you need basic to med complexity webpages at affordable rates, email me
Standard HTML, SHTML, MySQL + PHP or ASP, Javascript.
If you really want, FrontPage & DreamWeaver too.
But keep in mind you pay extra bandwidth for their bloated code

I can sympathise with that. Since I've finally started working again I've
made a few improvements to my system, the 80GB hard drive was the nicest...
But still no cash to do a real upgrade.. Fustration!

Carlo

 

[Robert Myers]

The regular user can't install programs... pretty much useless for
most normal users. It will just irritate the hell out of them that
soon they will just log onto the admin account anyway from boot. :/

The Windows security model just isn't realistic for the average user,
and I don't know that M$ wants it to be. The trojans they want
invading your PC are the ones that keep the web splashy and flashy and
incomprehensible so that average users feel they have no choice but to
go the M$ route. Doesn't work without plugin A. Can't install plugin
A without having admin privileges. Plugin doesn't work properly other
than with IE, vulnerabilities and all. Install whatever they tell you
to, reboot when they tell you to, and have a nice day.

Since you're interested in Web design work, you know that the
sophistication of web-enabled multi-media advertising just keeps
increasing. Intel's ads in the New York Times online are impressive.

You can live without all that if you want to. You could probably get
most of what you really need to do with the web done with Lynx. But
if you're interested in how Joe average-user is experiencing the web,
you'd be missing alot. So you put up with a lousy security model, use
defense in depth that doesn't rely on Microsoft and hope for the best.

RM

 

[AD.]

Thanks for the link, though it's a wee bit late for my friend who's
currently a few thousand miles away overseas.... pPppp

Though the link returns a database error msg

Yeah I thought the error was strange, but the body of the article seemed
to load ok a few seconds later.

Cheers
Anton

 

[Alexander Grigoriev]

But it saves them from installing spyware and other such stuff.

 

[The little lost angel]

But it saves them from installing spyware and other such stuff.

Unfortunately, most of them don't care. Ever tried informing any
normal John Doe or Jane Smith about these things? When I told friends
to avoid IE, avoid Messenger, use a free alternative like Trillian
non-Pro or GAIM, use OpenOffice, use Mozilla, or that they have got
spyware and such... the typical response after a moment of gasping
is... "but I need this! I like it this way!"

They don't care much if the Yahoo toolbar is also sending stuff to
Yahoo or to Microsoft or their cutsy new software is a trojan, at
least not until their system crashes.


Somehow, making them use the normal user and asking them to switch to
adminstrator for installs won't really help. The trojan will ask them
for admin privileges, they will switch over and let the trojan have
the admin password too

--
L.Angel: I'm looking for web design work.
If you need basic to med complexity webpages at affordable rates, email me
Standard HTML, SHTML, MySQL + PHP or ASP, Javascript.
If you really want, FrontPage & DreamWeaver too.
But keep in mind you pay extra bandwidth for their bloated code

 

[RusH]

[email protected] (The little lost angel) wrote
:

Ok, maybe I am stupider than I thought I was after all.

Sorry, but you need MSCE, MSCA and MS_other_crap_12_year_would_pass to
do that.


Pozdrawiam.

 

[Tony Hill]

Are you on XP Home or XP Pro? I'm beginning to get the feeling that
everything was so braindead is because it was XP Home and MS figured
you're either an Admin(parents/smarty pants) or Limited (kiddo/younger
brother)

XP Pro. I think you may be on the right track with the above, it
would seem that the differences between XP Home and XP Pro are larger
than I thought.

Erm, just try creating a new user group of any sorts, assign a user
account to it and see what XP says about your user now. The normal
ones have their user group under the name icon, the new one says
<unknown>

Hmm.. worked just as I would have expected for me, but again, this
might be a difference between XP Pro and XP Home.

The regular user can't install programs... pretty much useless for
most normal users. It will just irritate the hell out of them that
soon they will just log onto the admin account anyway from boot. :/

True, lazy people will still get annoyed by this sort of thing, but
then again, lazy people are always going to cause themselves problems,
regardless of the operating system

With the Fast User Switch thing though it takes only a couple seconds
to switch over to an Admin account, install the program and then
switch back to the regular user account to use it. You could also do
a "Run As" on the program installer, though I've heard rumors that
this can cause some problems.

 

[Tony Hill]

The Windows security model just isn't realistic for the average user,

Do you know of any OS where the security model IS realistic for the
average user? Apple's OS X seems to have got the best mix of security
and ease of use from what I've seen, though my experience with it is
VERY limited, so I'm sure that it has it's share of problems too.

 

[Robert Myers]

Do you know of any OS where the security model IS realistic for the
average user? Apple's OS X seems to have got the best mix of security
and ease of use from what I've seen, though my experience with it is
VERY limited, so I'm sure that it has it's share of problems too.

I'm sure you caught me blatantly M$-bashing, but, in this case, I
think the bashing is fully justified.

Microsoft talks out of both sides of its mouth. On the one hand,
there is much public hand-wringing and finger-pointing about security,
and on the other they have created, enabled, and encouraged invasive
software that cannot really be used safely by anyone, never mind by
the average user.

My only experience with OS X is from playing with it at CompUSA, so I
can't say much there.

The Linux security model is far from perfect, it requires some skill
to set it up properly, and Linux will be much better off when the
all-powerful superuser is gone for good. If Linux is beyond the
capabilities of the average user, it isn't beyond the skills of help
that can easily be obtained by the average user willing to make a
small investment of time.

RM

 

[Evgenij Barsukov]

With the Fast User Switch thing though it takes only a couple seconds
to switch over to an Admin account, install the program and then
switch back to the regular user account to use it. You could also do
a "Run As" on the program installer, though I've heard rumors that
this can cause some problems.

Could you elaborate a bit on the "fast user switch" - how is it
practically done in Win XP pro?

Regards,
Evgenij


--

__________________________________________________
*science&fiction*free programs*fine art*phylosophy:
http://sudy_zhenja.tripod.com
----------remove hate_spam to answer--------------