[ros-dev] dealing with insecure-by-inattention Windows software

David Hinz post.center at gmail.com
Fri Dec 16 18:27:27 CET 2005 

Maybe we should do it the unix/linux way, there is a root user, called 
administrator, he is allowed to do everything, but by default you 
shouldn't be able to login as administrator (the way it is on ubuntu and 
some other linux-distributions).
In addition to that, there could be another user, who is a more 
privileged user, but you can only login as him in setup mode. This is an 
option I would add to freeldr, it would boot ReactOS as usual, but 
deactivate alot of things like the network subsystem, most of the 
services, all autostarted applications and maybe some other things, so 
that the pc is more safe and is easier to repair, if something is broken 
or there  security holes, which can only be closed, if nearly everything 
is shutdown. After the user logged on with the password of the more 
privileged user, a window would popup and ask him, which of the shutdown 
things he wants to start, maybe he needs a network connection, who 
knows... but this concept is another topic.

Back to the ordinary user. He is limited, like an ordinary unix user. If 
he wants to acces something, he isn't allowed to do (like using the ms 
installer, or packetmanager, or changing specified registry values like 
autostart entries) a little window will popup and ask him for the system 
maintenance password (the password of the more privileged user).

And here is the difference between the administrator and the more 
privileged user: The administrator password can only be used in setup 
mode, when the user logged on as the more privileged user, the password 
of the more privileged user (who for example isn't allowed to format 
partitions) is the only password an ordinary user can use to gain some 
more privileges, he is only able to change very dangerous settings, if 
he booted in ReactOS setup mode, knows the system maintenance password 
and the administrator password.

With this method, it is nearly impossible to cause problems, the user 
didn't want to cause, as he really has to know, what he is doing to 
cause such things. No stupid virus will ever be able to cause really big 
damage and the best thing, this is more or less userfriendly.
Maybe additionally we could create different system maintenance 
passwords for every user or deny giving him the privilege of entering 
system maintenance mode, but that's something we shouldn't discuss at 
this moment.

Just my ideas on this topic...

Greets,

David Hinz

Dennis - Guardian schrieb:
> Jeff Smith wrote:
>> Sorry but I'm not familiar wit chroot, so I didn't catch all of that 
>> but why not have something where during the setup it'll ask you for 
>> the "system password" those would be used for the Administrator 
>> account first time logging in a window would appear, explaining the 
>> pro's and con's of the admin account and asks the user if he/she wants 
>> to create another account for his/her activities.
>>
>> this approach will do 2 things 1. secure the computer because ReactOS 
>> would automatically prompt the user about the security of the admin 
>> account and 2. educate the user with a little bit about how the 
>> computer works.
>>
>> "Every thing should be made as simple as possible, but not simpler." - 
>> Albert Einstein
>>
>> _______________________________________________
>> Ros-dev mailing list
>> Ros-dev at reactos.org
>> http://www.reactos.org/mailman/listinfo/ros-dev
> since I do software development and a little support for a living I 
> think I'm qualified to make this comment.  As much as we'd like to 
> educate people in this manner (no matter what software we write) most 
> users will not read it and if they do, they will not understand it.
> as much as choice is nice (and the open source way), it's probably 
> better to just have them use the secure way by default.  make it easy to 
> find and change the behavior for those that want to, but keep it out of 
> the way of the average user.  maybe something like an option in the 
> beginning of setup for 'let me choose everything' or 'just make it work' 
> and an easy switch between advanced mode/just work mode somewhere else 
> would be a good way to go?
> 
> Dennis

More information about the Ros-dev mailing list