On Tue, Apr 3, 2012 at 11:56 AM, Christopher Browne <cbbrowne@gmail.com> wrote:
> It's pretty typical for MacOS applications to require "enter your
> password; I need to su to root to install this!" in plenty of places
> where the UI does not actually tell you what is being done as root.
> After enough iterations of "enter your password so my process can do
> undisclosed admin stuff," I'm not sure that you've got anything more
> secure than you'd have if /usr/local was writable by the desktop user.
I think that's somewhat true. Part of the reason why Windows is so
crufty is because of lousy privilege separation -- MacOS and even
Ubuntu are now busy copying that design, but realistically people do
need to install software, so short of educating users better or
creating a walled garden it's not clear how much better you can do.
However, Windows has another problem, too: there are so many ways that
you can hook into the system and get control that it's basically
impossible to remove spyware and crapware without its cooperation. I
mean, you can get rid of some of it, but finding all the little fiddly
pieces that have to be ripped out is basically not doable. You just
reinstall the machine.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
