Safe browsing pointers
Re: Safe browsing pointers
Does this silence mean there will be no technical arguments in favor of the silent elevation?
Re: Safe browsing pointers
Silent elevation.. and i am sorry for not responding sooner is not by any means best practices.. but it is there if you want it..
Kinda think about it like this.. You have a virus scanner.. the virus scanner active monitoring is turned off or you have whitelisted and entire drive because the files will trigger it but you know nearly all of them are false positives.. but you do open your self up for something that is not.. it is a tradeoff to not get bugged by such warnings..
Though i know that isn't a 1:1 argument but it is better to have a virus scanner there even if it isn't preventing files from being opened on a particular drive..
Kinda think about it like this.. You have a virus scanner.. the virus scanner active monitoring is turned off or you have whitelisted and entire drive because the files will trigger it but you know nearly all of them are false positives.. but you do open your self up for something that is not.. it is a tradeoff to not get bugged by such warnings..
Though i know that isn't a 1:1 argument but it is better to have a virus scanner there even if it isn't preventing files from being opened on a particular drive..
Re: Safe browsing pointers
If something "is there" (i.e. is technically possible) it does not mean one should do it.Matt A Tobin wrote:Silent elevation.. .. but it is there if you want it...
It all depends.
What was not EXPLICITLY installed by an admin (assumed - after his full vetting/scanning/checking/setting-up) - that SHOULD NOT be allowed to run for a LUA. Ever.
Disabling UAC does just this: any attempt to run it fails with a clear OS's warning.
Re: Safe browsing pointers
I think we're talking about two different scenarios here, anyway.
For a normal user, the user is the admin. They are not two different people. "The worm is the spice; the spice is the worm"
As a result user elevation is a good middle ground between running an open system with free reign for malware and having to use a strict separation that has its own pitfalls (in the human factor when switching accounts is required, see my previous posts).
Using strict separation is a viable alternative, of course, but makes for a lot less convenience and ease of use. Ease of use is very important for computer users; a computer is supposed to be enabling and a tool, not restrictive. Strict separation isn't a requirement for safe browsing, but it is a possible way to go about it if you so choose. UAC is a just as viable alternative with a lot more convenience for the user, but obviously putting the task of more responsible use in the user's hands as opposed to just not making it possible and shifting that responsibility to separated maintenance sessions or different people (in a corp environment, for example).
The $10,000 question is therefore: Can you be a responsible user?
If yes, UAC is for you.
If no, a restricted LUA and someone else administering your computer for you is your solution.
For a normal user, the user is the admin. They are not two different people. "The worm is the spice; the spice is the worm"
As a result user elevation is a good middle ground between running an open system with free reign for malware and having to use a strict separation that has its own pitfalls (in the human factor when switching accounts is required, see my previous posts).
Using strict separation is a viable alternative, of course, but makes for a lot less convenience and ease of use. Ease of use is very important for computer users; a computer is supposed to be enabling and a tool, not restrictive. Strict separation isn't a requirement for safe browsing, but it is a possible way to go about it if you so choose. UAC is a just as viable alternative with a lot more convenience for the user, but obviously putting the task of more responsible use in the user's hands as opposed to just not making it possible and shifting that responsibility to separated maintenance sessions or different people (in a corp environment, for example).
The $10,000 question is therefore: Can you be a responsible user?
If yes, UAC is for you.
If no, a restricted LUA and someone else administering your computer for you is your solution.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
- Night Wing
- Knows the dark side
- Posts: 5174
- Joined: 2011-10-03, 10:19
- Location: Piney Woods of Southeast Texas, USA
Re: Safe browsing pointers
Moonchild wrote:"The worm is the spice; the spice is the worm"
Off-topic:
I know Muad'Dib (Paul Atreides of the House Atreides) would agree with on the planet Arrakis (Dune).
I know Muad'Dib (Paul Atreides of the House Atreides) would agree with on the planet Arrakis (Dune).
Linux Mint 21.3 (Virginia) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Re: Safe browsing pointers
I would not bring this to such extremities.Moonchild wrote:The $10,000 question is therefore: Can you be a responsible user?
If yes, UAC is for you.
If no, a restricted LUA and someone else administering your computer for you is your solution.
I am an admin on my PC, but this does not mean I sit under my admin's account 100% of my time.
I do not understand why so much fuss about having (and using!) a separate account - non-administrative one - for everyday jobs.
May be I' special, but do not constantly install/uninstall/tune/fix/hack my OS and/or software in it.
What I do everyday is:
- use OpenOffice for text documents;
- read/write e-mails;
- browse articles for my professional interests, search for informations in my field, for news, and so on;
- some SIP phone-calls.
It is each second Tuesday that is different - when I use admin's powers to install updates.
And very-very rarely I have to re-log-in to update my working set of software (browser update or OpenOffice new release, etc).
A quiet life is it.
PS
I forgot to mention that one has to set the OS to require digital signatures for drivers being installed.
I'm updating my initial post on that matters.
Re: Safe browsing pointers
Closing this thread, I think everything has been said on this matter that could be said. Anything more would just be even more rehashing than what has already been done.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite