Security features in ReactOS?

Here you can discuss ReactOS related topics.

Moderator: Moderator Team

Post Reply
stmok
Posts: 3
Joined: Sun Apr 24, 2005 3:43 am
Location: Sydney, Australia

Security features in ReactOS?

Post by stmok »

Granted, ReactOS is quite a while away from being used at a "production level", but I'm just wondering...

When ReactOS reaches to a usable level (Good potential candidate to replace Windows completely):

(1) Is there going to be a built-in firewall solution?
(Like Windows Firewall, but with a better, more friendlier interface like third-party solutions).

(2) Will "Limited" or "Standard" User Account be the default after when you first install?
(Under WinXP, being this user level prevents you from writing to C:\, C:\Windows, and C:\Program Files directories. You are also limited in what you can do with the Registry, and you can't stop/start Services...This is great for preventing most malware out there).

(3) Will there be a feature like UAC (but not as annoying)?
(Allows the user to escalate from "Limited User" privileges to Admin privileges when needed)

(4) Will there be something like "Software Restriction Policy"?
(Its only available in WinXP Pro and Vista (Enterprise, Business and Ultimate versions))
See here: http://www.mechbgon.com/srp/


The reason I'm asking is because I typically set up Windows boxes with a "least privilege"/"default-deny" approach as this greatly reduces the chance of system compromise. As such, I don't need to install lots of third-party anti-malware apps. (Too much bogs down the system).

I'm just curious if ReactOS will offer such abilities. Anyone know? Is it being considered?

kevintrooper
Posts: 549
Joined: Thu May 03, 2007 6:44 am
Location: behind you.
Contact:

Re: Security features in ReactOS?

Post by kevintrooper »

I hope so :D

Haos
Test Team
Posts: 2954
Joined: Thu Mar 22, 2007 5:42 am
Contact:

Re: Security features in ReactOS?

Post by Haos »

Its really too early to answer those questions. Personally, i`d love to see some integrated security features, like limited access accounts (with ability to grant admin rights temporarily), firewall/IDS, internal component access guard, like DEP/UAC combot as well as policy settings. Since nothing on the safety side of ROS has been done nor even planned, i reallyt have no usefull info. My only answer is - i hope so.

Logwad
Posts: 3
Joined: Mon Jun 23, 2008 2:39 am

Re: Security features in ReactOS?

Post by Logwad »

I've been a general lurker for a while, and was actually about to ask the same above questions myself with the addition of one, which would be "How will ReactOS handle rootkits and the like that use the power of the OS against itself?". They become more complex and tricky as time goes on, to the point of some of them being impossible to remove without drastic measures (up to and including reinstalling your OS).

However given Haos response, I should also like to make the comment I do hope security plans are going to be thought through. As vulnerable OS is a useless one. :\

(That said, this is one of my favorite open source projects. Good work guys)

coldReactive
Posts: 581
Joined: Sat Nov 10, 2007 10:42 pm

Re: Security features in ReactOS?

Post by coldReactive »

Well, seeing as ReactOS will be compatible as an NT4 OS... (WinXP is NT5)

1. Probably, but it may be as crappy as the WinXP one, but who knows. Ubuntu has a built in firewall, but it's crappy, since there's no GUI interface; plus you can't tell when something has been blocked by it.

2. The first user will probably always be "Admin" type, like with Windows XP Setup. Then later you can add another user and make it limited. But if this was Linux, then it'd be *ahem* "Standard with User-Admin Control via Sudo"

3. Probably

4. Restriction Policies? Who needs them when you can manually shut down the processes with another program? :?

Note: "Probably/Maybe," I'm not a developer. But I am more than welcome to tease :P

GoBusto
Posts: 579
Joined: Fri Jan 25, 2008 11:13 am
Location: UK
Contact:

Re: Security features in ReactOS?

Post by GoBusto »

Iyeru wrote:Well, seeing as ReactOS will be compatible as an NT4 OS... (WinXP is NT5)
I'm going to be annoying and picky and point out that it is Windows 2000 that is NT 5.0, with most versions of XP using an NT 5.1 kernel. Windows Server 2003 and Windows XP Professional x64 use an NT 5.2 codebase.

As for firewalls, something along the lines of Zonealarm would get my vote. A pop up baloon like:
"something.exe" is trying to access a trusted zone

[x] Remember this choice.

[Allow] [Deny]

coldReactive
Posts: 581
Joined: Sat Nov 10, 2007 10:42 pm

Re: Security features in ReactOS?

Post by coldReactive »

GoBusto wrote:I'm going to be annoying and picky and point out that it is Windows 2000 that is NT 5.0, with most versions of XP using an NT 5.1 kernel. Windows Server 2003 and Windows XP Professional x64 use an NT 5.2 codebase.
I forgot x.# entries count :?
GoBusto wrote:As for firewalls, something along the lines of Zonealarm would get my vote. A pop up baloon like:
"something.exe" is trying to access a trusted zone

[x] Remember this choice.

[Allow] [Deny]
Same here actually. (Obviously Norton is out since it doesn't even have an unlimited free edition, like ZoneAlarm or AVG AntiVirus.)

Post Reply

Who is online

Users browsing this forum: Semrush [Bot] and 4 guests