this post was submitted on 11 Nov 2024
-34 points (22.6% liked)
Linuxsucks
176 readers
68 users here now
Shit on Desktop Linux and its evangelists here
No evangelizing for Linux
founded 1 month ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You might be interested to know, there are tools for managing fleets of hardware and virtual machines.
You seem to think it's a bad thing. The rest of the industry understands and benefits from it.
Sudo is a useful solution that Microsoft is working to build into Windows.
https://learn.microsoft.com/en-us/windows/sudo/
So, Microsoft is explicitely not doing the thing I have issues with in Linux's default sudo implementation.
It asks you for confirmation. It does not ask you for your password.
Because when you're logged in, the system already knows you know that password and doesn't need to ask for it again.
As it's been pointed out in this thread, you can reduce the security of your system by modifying the configuration file and adding the string that makes it perform similarly.
The windows implementation also is able to be used in the exact same configuration as sudo's more secure default configuration, on most distributions.
Windows doesn't pick the most secure configuration for a lot of things out of the box.
They're working on improving the security and balancing against making it useful for those who refuse to learn new practices.
I didn't see it mentioned, but several Linux distributions are configured exactly as you prefer. They aren't typically meant as enterprise implementations when configured like that.
You seem to be ranting that it's not set to your preferred less secure preferences or that you won't add a string to a configuration file to reduce the security.
It's your system set it how you like or adapt.
Windows is technically almost as secure though , since the confirmation prompt is displayed on a virtual desktop that even already elevated processes need extra privileges to access... still wont protect against someone else doing stuff on your computer tho
There are methods to use libraries to click that or completely silence it. If a user can escalate so can code that is run in their user space.
One example they claim to be a non issue, in link below. I searched "rce bypass windows uac"... I found lot of discussion on it, even some git repos.
https://www.darkreading.com/vulnerabilities-threats/exploit-chain-windows-uac-bypass