Stopp-Seite schlieen und weiter - Close and continue
Hi,
many of you know we don't even support multiple Users at all, but I made some thoughts these days what way would be the best. I looked at the Linux and Windows ways and see pros and cons in both. Lets Compare them.
Linux uses one root account with all rights you can get and as much restricted ones as you want. This has the problem that you need for some apps root rights to get them install/run and as soon as these apps have these rights, they could easily kick your ass and kill the whole PC. So here I miss the softer differences between accounts. A root/User separation is not enough, we need steps in between.
Windows has a System Account with full rights, Admin Accounts with rights almost anywhere, Normal Users Accounts which only have access to their own and shared files and the Guest Account with NO rights at all. This is already much better, but I see problems here too. IMO the System Account has to be usable too to get things done, which fails on normal Admin Accounts. (Know these funny non deletable folders and files?!) The Admin Accounts are alright in theory. All Apps run there, so lets keep them for now. The next Problem is the User Account. You can't install any apps there which need a bit too much access to files. This can be bypassed of course, but only over a Admin Account which gives you the rights. IMO a good idea would be a Sandbox for files a setup wanted to replace and has no right to. The setup gets its files in place and they even work, but no Files from the main System are replaced at all. The funny aspect is, all files are usable like on a real Admin Account, so a virus could even work there and force you to reboot the PC because it fails BADLY. But there's the good aspect of the sandbox. You go into a recovery mode and say, kill the sandboxed files and the virus is GONE.
This sandbox aspect could be enhanced in a billion ways. A backup system which makes a System files Sandbox every week and you can switch between them.
Make apps only use a Sandboxed Version of important Files you made. This prevents Viruses to kill the Originals.
etcetc. Of course its just a thought of me. We could just use a powerful access System, too. Some ppl still might know WinPooch Watchdog. This app makes it possible to badly restrict any accesses to files and folders and that in a really hardcore way. It hooks in some Kernel APIs and thus restricts file/registry and whatever access for specific apps and users. This would be a nice thing for our accounts too.
Source: http://dreimer.dr.funpic.org/sblog/ - thx dreimer!
10/03/2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment