Differences between Linux, Vista, and OS X security models?

[Dominus Atheos]

Specifically the differences between the privilege escalation systems. The only comparison I've found between them is this Wikipedia article, and it barely has any info on OS X. But from what information it does have, they seem exactly the same except that by default, Vista only requires you to click continue, while *nix and OS X require you to enter your administrator password, though there is a setting in Vista that changes that.

But besides that, they all use the principle of least privilege, and they all pop up in the same circumstances, like program installation, making system-wide changes, and modifying files and folders the user doesn't own or the system thinks the user shouldn't be modifying. Is that correct?

[Beowulf]

Pretty much. The difference is mostly that Vista has to support brain-dead programs from Win95, that assume they're always running as administrator, which OSX and Linux don't have to.

[Praxis]

they seem exactly the same except that by default, Vista only requires you to click continue, while *nix and OS X require you to enter your administrator password, though there is a setting in Vista that changes that.

If you're talking about UAC, though, there's a pretty huge difference.

With UAC off, Vista won't prompt you for anything. You just hit continue.

With UAC on, Vista stupidly prompts for EVERYTHING. You can't rename a folder full of word documents without Vista asking for your password. Seriously. To the point that it trivializes the process of entering your password, removing any real security.

Meanwhile, *nix and OS X only do it if you're modifying system files. You can add applications to your applications folder and rename folders and do all kinds of stuff without ever entering your admin password. Only if you're installing an application that dumps stuff in the System folder will it ask you for your password.

[Dominus Atheos]

they seem exactly the same except that by default, Vista only requires you to click continue, while *nix and OS X require you to enter your administrator password, though there is a setting in Vista that changes that.

If you're talking about UAC, though, there's a pretty huge difference.

With UAC off, Vista won't prompt you for anything. You just hit continue.

With UAC on, Vista stupidly prompts for EVERYTHING. You can't rename a folder full of word documents without Vista asking for your password. Seriously. To the point that it trivializes the process of entering your password, removing any real security.

Meanwhile, *nix and OS X only do it if you're modifying system files. You can add applications to your applications folder and rename folders and do all kinds of stuff without ever entering your admin password. Only if you're installing an application that dumps stuff in the System folder will it ask you for your password.

What in the fuck are you talking about? Have you ever even used Vista, or are you just going by what you've read off of Slashdot? I rename folders all the time, and UAC never prompts me for my password, unless the folder is in the Windows folder or the Program Files folder. Every other folder allows me to do whatever I want to it.

And what the hell does any of that have to do with Vista's default setting of the privilege escalation dialog box only requiring you to hit a button instead of requiring you to enter your password? Shut the fuck up and stop trolling.

[Resinence]

And you don't have to hit continue with UAC off, the UAC dialog doesn't come up AT ALL. Just like XP.

The main difference is that the Vista default account is an administrator while linux and OS X give you a "user" account. It's not a huge deal since UAC pops up anyway, but I have UAC off and run a normal account with a separate admin on my box, I'm used to it. The whole UAC box infinity bullshit has been blown out of proportion by dimwitted idiots who are used to doing whatever the fuck they want on the god damn system drive without even having to enter a password.

[MJ12 Commando]

IIRC UAC only comes up when you're doing anything which requires admin privileges. It actually isn't all that aggravating... most of the time.

I have it off, but I could live with it even with it on.

[Dominus Atheos]

And you don't have to hit continue with UAC off, the UAC dialog doesn't come up AT ALL. Just like XP.

The main difference is that the Vista default account is an administrator while linux and OS X give you a "user" account. It's not a huge deal since UAC pops up anyway, but I have UAC off and run a normal account with a separate admin on my box, I'm used to it.

Why? When running as an admin, UAC comes up in the exact same places an admin dialog box does when running as a user, but instead of having to go through the hassle of typing in your password, you only have to click a button. You get the exact same security as when running in user mode, but with some added convenience. And you lose all the other nifty things UAC does, like file and registry virtualization and IE7 protected mode.

[Resinence]

Um, like I said, I'm used to it. I've run my windows installs like that since win2000. And I'm not a big fan of virtualization or the boot-time performance hit that the LUAFV virtualization driver for UAC creates (minor issue though really). ALso UAC still has some slowdown issues, especially with large setup's where UAC can take up to 15 seconds to pop up, and when just logging in and trying to start a program that pops up UAC causes it to basically lock up UAC for several minutes. I haven't moved to SP1 yet though, so it might be fixed in that. I'm not at all saying "lol UAC is crap and buggy", I've just had some issues with it when I tried to start using it.

EDIT: When UAC off you don't get a popup at all when attempting admin stuff in a normal user, it just tells you that you don't have sufficient privileges like it always has. It also allows me to be better organized, with all admin stuff in one account, in one place.

[Praxis]

What in the fuck are you talking about? Have you ever even used Vista, or are you just going by what you've read off of Slashdot? I rename folders all the time, and UAC never prompts me for my password, unless the folder is in the Windows folder or the Program Files folder. Every other folder allows me to do whatever I want to it.

I worked on a Vista computer a friend of mine had set up and I swear to you that UAC prompted me when I tried to rename folders. It was driving me nuts.

[Xon]

Um, like I said, I'm used to it. I've run my windows installs like that since win2000. And I'm not a big fan of virtualization

Virtualization is the only way to get some apps working. In general, it also has an on-demand cost too.

or the boot-time performance hit that the LUAFV virtualization driver for UAC creates (minor issue though really).

The LUAFV boot performance hit only occurs if you disable UAC, and even then the overall boot process is vastly limited by how crappy a harddrive you are using. Also the self-tuning of the boot process code pre-fetch makes those types of tweaks fairly worthless without considerable number of test.

And who gives a shit how long the OS takes too boot, it doesnt take very long and doesnt occur often. The User login process takes easily can take much longer on Windows. My WinXP Desktop boots in ~30-45 seconds(once past the BIOS), but takes upwards of +45 seconds to login.

ALso UAC still has some slowdown issues, especially with large setup's where UAC can take up to 15 seconds to pop up,

This probaly has actually existed since MSI bundles where first introduced. You can easily see this by running a large msi file off a network share, or any large exe file with a digital signature. It needs to hash the entire file to make sure the digital signature is valid to ensure the file hasnt been tampered with.

UAC must verify the digital signature to ensure the file is trusted, or is one a known list of bad signatures (revoked certs).

This is why proper installers have a small MSI/exe and then the actual data in external CAB files or similar. Blame the stupid venders.

and when just logging in and trying to start a program that pops up UAC causes it to basically lock up UAC for several minutes. I haven't moved to SP1 yet though, so it might be fixed in that.

Explorer launches startup apps serially nad only launches the next one when it detects they are responding to messages or a timeout occurs. No kidding UAC causes the process to grind to a standstill.

You can get around this by schedualling tasks to start on logon, and skip the whole UAC thing to begin with.

I'm not at all saying "lol UAC is crap and buggy", I've just had some issues with it when I tried to start using it.

Windows has changed a fair bit since Windows 2000. You might want to update how you use the damn thing.

[Xon]

I worked on a Vista computer a friend of mine had set up and I swear to you that UAC prompted me when I tried to rename folders. It was driving me nuts.

That would be because anything created by an administrator in a directory owned by the administrator group is actually owned by the Administrator group.

UAC works by stripping the Administrator group token and other permisions from the user token the process has. When blessed by UAC, these abilities are restored.

What was happening in your case should now become self-evident. Basicly; user-error.