Main Area and Open Discussion > Living Room

Apple leads the charge: Root access is no longer root access

<< < (2/3) > >>

wraith808:
^ Yes, I understand that it's about taking control away from you and for no other purpose.  That was what I spoke of in the OP.  This is the first step, and a lot of it makes very little sense, other than if that was the point.

40hz:
It's not just Apple. Microsoft has a built in account (i.e. TrustedInstaller) that's a level above - or more correctly is an alternate admin level group/account -  on par security-wise what they're calling Administrator these days. If it creates a file or folder, you can't delete or modify it even if you are the admin (i.e. root) on your system. As if now you can still get around it. But it's a PITA (you need to take ownership as admin first) and for some odd reason doesn't always work the first time or two you try it. And sometimes, if you do take ownership away from TrustedInstaller,  any subsequent updates to those files and/or folders will fail. So it's not something you want to do lightly.

I think this has a lot to do with the cloud initiatives that are starting to be the norm. Any multiuser system is only as secure as the weakest vector linking into it. So nobody is going to allow the risk of some individual's machine compromising their network or service. Many company owned PCs have been "locked down" and remotely managed in a similiar fashion for the last tweny or so years. And with web-based services and cloud computing, if that means taking the "personal" out of personal computing, then that's the way it goes if people continue to tolerate it. And unfortunately, when polled, most end users say they don't see what the problem is. So it looks to be a done deal with things like OSX, Windows, and that complete perversion of FOSS that's called Android.

People in IT used to diss Stallman for being "alarmist" and "paranoid." Little did they suspect he'd turn out not only to be correct, but overly optimistic. Because our present computing and networking reality is an order of magnitude worse than Richard Stallman's worst case scenario.

So it goes.  :(

Stoic Joker:
I reserve the right to fix anything that I perceive as broken..

wraith808:
It's not just Apple. Microsoft has a built in account that's a level above Administrator now. If it creates a file or folder, you can't delete or modify it even if you are the admin (i.e. root) on your system.
-40hz (October 21, 2015, 11:17 AM)
--- End quote ---

I didn't know about that!  Do you have any links I can read up on in regards to it?

f0dder:
UEFI isn't exactly the same.  Imagine if you couldn't modify anything in the windows directory.  No installing unsigned assemblies to the GAC.  No installing unsigned drivers at all.-wraith808 (October 20, 2015, 10:15 AM)
--- End quote ---
You can't install unsigned drivers on (64bit) Windows unless you're running in TESTSIGNING mode.

It's not just Apple. Microsoft has a built in account that's a level above Administrator now. If it creates a file or folder, you can't delete or modify it even if you are the admin (i.e. root) on your system.-40hz (October 21, 2015, 11:17 AM)
--- End quote ---
Hasn't NT always had the SYSTEM AUTHORITY?

IMHO it's a very good idea to not let your OS admin account run as root/SYSTEM (just like it's a good idea to user a less-privileged account for your daily work!). But of course it should still be possible to elevate to root/SYSTEM rights, and I believe having to reboot to do this is a bit overkill...

It would seem quite likely that Apple is testing the waters wrt. garden-walling desktops and laptops, and it was certainly something Microsoft wanted to test when UEFI was introduced - if there hadn't been a lot of uproar about it, that might very well have happened by now, and I'd be surprised if we don't see more attempts in the future.

Navigation

[0] Message Index

[#] Next page

[*] Previous page