No Password Needed Nor Wanted (Solved)

[jchelpau]

Honest question, what does that in fact mean in practice? It certainly seems to be the case that I can definitively destroy a Windows 7 system through passwordless UAC.

Correct. Having a separate admin user on Windows and using UAC to temporarily elevate privileges using a password avoids this, much like having a separate user (root) on Linux you sudo as.

[rene]

Well, yes, but this leaves me wonder why you considered it worth noting that passwordless UAC is not considered a security boundary on Windows. However, if that's a fully Windows-specific answer/issue, never mind...

[gm10]

Someone once said to me I have a very strong Password on my Windows Computer and no one can open it...when I showed how easy it can be done his jaw dropped...the same thing can be done to a Linux Computer but the difference is...you can't change anything without a Password...that's the security of Linux.

Security on Windows is a joke...Microsoft could make Windows as secure as Linux but choose not to...for a good reason $$$$$

Not quite. On either OS you can locally bypass the login password. The only thing that protects you from a local login is encryption, and that works the same on both OS as well. However, since Windows UAC is sandboxed (on Always notify level which is, of course, the only legit setting) from user space applications it's actually safer than the Linux password challenges. Linux has no built-in protection against malware once it's on your system.

Obviously once you start removing password/UAC prompts then the little default security you've got on either system goes out the window, too. On Linux you can additionally try sandboxing everything with the built-in AppArmor or third-party tools like Firejail, but nobody does that.

[jchelpau]

Well, yes, but this leaves me wonder why you considered it worth noting that passwordless UAC is not considered a security boundary on Windows. However, if that's a fully Windows-specific answer/issue, never mind...

We're talking about security, right? UAC is not intended to be a barrier to stop malware running as admin.
Much like Linux, on Windows the best way to do this is to use a separate user account that requests privileges (through a UAC prompt) to run programs as admin.

[bob466]

Someone once said to me I have a very strong Password on my Windows Computer and no one can open it...when I showed how easy it can be done his jaw dropped...the same thing can be done to a Linux Computer but the difference is...you can't change anything without a Password...that's the security of Linux.

Security on Windows is a joke...Microsoft could make Windows as secure as Linux but choose not to...for a good reason $$$$$

Not quite. On either OS you can locally bypass the login password. The only thing that protects you from a local login is encryption, and that works the same on both OS as well. However, since Windows UAC is sandboxed (on Always notify level which is, of course, the only legit setting) from user space applications it's actually safer than the Linux password challenges. Linux has no built-in protection against malware once it's on your system.

Obviously once you start removing password/UAC prompts then the little default security you've got on either system goes out the window, too. On Linux you can additionally try sandboxing everything with the built-in AppArmor or third-party tools like Firejail, but nobody does that.

At least Linux Mint doesn't spy on you and collect your information and sell it to Governments or anyone with cash like Microsoft does. or have secret hidden Back-Doors where Microsoft Employees can access your System and look at or change/delete your files.

When you think about it...Security in Windows isn't an issue because there isn't any and a Password is only a small issue compared to the rest. So for me if I want Security...it's Linux Mint all the way.

[catweazel]

At least Linux Mint doesn't spy on you and collect your information and sell it to Governments or anyone with cash like Microsoft does. or have secret hidden Back-Doors where Microsoft Employees can access your System and look at or change/delete your files.

FUD

Where is the evidence that Microsoft "sell it to Governments or anyone with cash"?

Where is the evidence that there are "secret hidden Back-Doors where Microsoft Employees can access your System and look at or change/delete your files"?

[Moem]

Where is the evidence that Microsoft "sell it to Governments or anyone with cash"?

Where is the evidence that there are "secret hidden Back-Doors where Microsoft Employees can access your System and look at or change/delete your files"?

These are interesting questions, but they're off topic in this thread.

[catweazel]

Where is the evidence that Microsoft "sell it to Governments or anyone with cash"?

Where is the evidence that there are "secret hidden Back-Doors where Microsoft Employees can access your System and look at or change/delete your files"?

These are interesting questions, but they're off topic in this thread.

Oh, sorry. I didn't check what sub-forum I was in.

[lsemmens]

Do you lock your house? Why? Back in the 1800s you might have gotten away without locks on your doors. Not so in the 21st century. Even now, to break into a house, a crook must first drive to your home and then attempt to break in. It is far easier with a bit of software to test every house in town for locks than for a crook to check each house,

[sanmig]

Nice heated Win(Mac)-Tux discussion where both sides have good points but don’t seem to try to understand the other side.
So let me add my brabel-babel:

Using the same hardware / protocols, the same basic insecurity is built into all of them. And all of them are old, glad to do 'something'.

Known and unknown bugs are plenty in each of them, but my uneducated guess would be that Linux is leading here (at least in the “years old known” category).

OK, Win is protected by a click, while Mac/Tux have a pwd ...
But Win/Mac are desktop systems, Tux never was (and never will be).


So that slight Tux pwd advantage is often lost because (esp. on a fresh system) one has to use it so often to tweak and install.

Just to open anything interesting you have to root, it’s ridicules.
And who knows what from where and why to install … (x requires y).

But, as I see it, this is also the remaining Tux advantage:
Because there are plenty of variants and dependencies, both, viruses and malware, have it hard to make a good job without going undetected.

Monocultures are always prone to fail badly.

[rene]

If anyone was ever at all interested in the technical aspects, I just added an [EDIT] to my above reply viewtopic.php?f=90&t=291521&start=20#p1618207, saying

Slight adjustment, no provision made for that on current Ubuntu (-based) systems but that seems due to it for some reason shipping a wholly obsolete version of polkit (0.105). Newer versions of polkit allow for polkit.spawn() of an external helper in JavaScript .rules files which could be used to implement UAC-like behaviour it seems.

[bob466]

Double post.

[bob466]

At least Linux Mint doesn't spy on you and collect your information and sell it to Governments or anyone with cash like Microsoft does. or have secret hidden Back-Doors where Microsoft Employees can access your System and look at or change/delete your files.

FUD

Where is the evidence that Microsoft "sell it to Governments or anyone with cash"?

Where is the evidence that there are "secret hidden Back-Doors where Microsoft Employees can access your System and look at or change/delete your files"?

Seriously it's common knowledge and has been for years and is much worse now...but since you asked...
https://www.gnu.org/proprietary/malware ... ft.en.html
https://www.youtube.com/watch?v=CrvKyR9DGUY

Sorry Mods it's a little off topic but he did ask.

[Marie SWE]

It seems you know very little about Linux...can you install Software...install Updates...Install Drivers...Roll Back a Kernel...or run a Command in the Terminal on my Computer ? No you can't because you need my Password...you can't even boot to my Desktop with out my Password that's Security...something you don't understand either.

You can't install that in windows ether without click OK on UAC
so to use your own words. You don't know much about windows.

Yes. Linux is my biggest weakness. 5-6 active month
Microsoft OS. 31½ more years of knowledge than Linux.. So a big yes I know very little about Linux in compare

You can't start my windows computers either. It requires passwords, it requires you to have my house key and it requires you to turn off my alarm

You do realise I don't need a Password to Boot to your Windows Computer Desktop and change/delete your files or install anything and it doesn't matter how long your Password is UAC or no UAC. Someone once said to me I have a very strong Password on my Windows Computer and no one can open it...when I showed how easy it can be done his jaw dropped...the same thing can be done to a Linux Computer but the difference is...you can't change anything without a Password...that's the security of Linux.

Security on Windows is a joke...Microsoft could make Windows as secure as Linux but choose not to...for a good reason $$$$$.

Anyway have a think on how I can do this and I'll tell you later...nothing illegal either.

Hi again bob466

I know this is an old thread, I haven't logged in here for a long time... But your claim needs to be answered.

I have no password on my windows or linux computers when i log in.
The only thing you can do IF you physically can access my computers at all, is to erase my hard drivs, so I have to run a recovery program to restore the hard drive from my server. I have no personal files on my computers because I have a HP server that store all my personal files and my computers recovery "disks".
So i don't need any passwords on my laptops or desktops. all my information is protected on the server which is encrypted and password protected.
Do you now understand why I do not need a password protected computer?

EDIT:
by the way. I can erase all your hard drives to, no matter how much passwords you have if I only get physical access to your computer. No password in the world can protect you from having your hard drive erased.
Bios passwords are easy to bypass, then I boot from a usb memory where i nuke your disk, or I just move your hard drive to another computer to access it .
Your data is only protected from being read if you have encrypted the hard drive with a strong encryption key.