|Home » Learning Curve
Yours Mine & Ours
Personal computing isn't personal anymore, and the personal computer isn't personal either. What's mine isn't necessarily yours, or even ours; if it was, it might be no one's.
Once was a time when knowing if a file was read-only was all you needed. The world of Microsoft was limited to a total of six file attributes and one of them was the volume label in the root directory. Cutler's NTx introduced ownership but few use it and it's still not user-friendly.
Shouldn't this say 'our computer'?
In the world of the Mac there was a single program running in a single folder and everything was 'insanely great'. The Finder showed icons and could mark files read-only but there was no ownership there either.
Whoever got access to the computer owned it.
Today's Finder in its most esoteric format shows Date Modified, Date Created, Size, Kind, Version, and Comments [sic] - no permissions and no ownership.
Associations between file types and programs to open them are system-wide in Windows. And although the OS X launch services can set up individual associations, when a direct association is made with a specific file, it's stored in a resource fork, and that fork governs everyone on the entire machine.
User A has a file in a shared area but wants to edit it with a program found in his own home area. His home area is otherwise marked with '700' so that no one can enter.
User B tries to access the shared file. OS X can do a number of things, but none of them are particularly good.
- Do not permit User A to associate the file with a proprietary program (best choice).
- User B gets told he'll have to choose a new program as the associated program is out of bounds. User B picks a different program, but his home area is also marked off with '700', so when User A logs back on a tug-o-war gets underway.
- The system overrides the protection on User A's program to let User B access it with the current settings. This defeats the purpose of ownership, is an intrusion, and might be a focal point for exploitation of the system.
On Windows the same thing happens. Sally opens her RTF files with Word, but she is the only Word licence holder on the machine. Sue uses WordPad because she doesn't have a Word licence. Every time Sue comes in to work she has to re-associate RTF files with WordPad, which of course pisses Sally off, and Sally immediately reverts the settings when she comes into work, which makes Sue nasty too.
It's a no-win situation with a slight lead for Apple.
Personal computer users are not used to seeing who owns what anyway. They look at files through their folders with BIG ICONS and see next to nothing. They can call up info dialogs to get the lowdown but rarely do. They still surf their local disks thinking they own everything.
Great shot - but who owns what? Do you know?
Even a single-user machine has more than one login. OS X has daemon, mysql, nobody, root, smmsp, unknown, and www. Windows NTx boxes have at least one member of Administrators and the 'SYSTEM' account.
OS X users who want to go into root areas have to be members of the admin group and escalate by submitting their password. NTx users can take ownership of SYSTEM resources and then go anywhere they please.
As soon as an intruder gets on your box the game is half over. The intruder might have to wait for the right opportunity, but he's already inside the compound. How well you fare depends on what security you have at that point. If all you have is perimeter control, what help is that when the intruder is already inside?
Weak systems like Windows try to out-guess the intruders. Which is a hopeless case scenario. The intruder has to show up on the perimeter again or he'll not be found out. Earthlink tested over one million PCs and counted an average of over twenty-eight intruders on each.
Who owns it? Who can access it? How can they access it?
Awareness of the importance of ownership and security inside the compound is weak. File browsers like the Microsoft explorers and the Apple Finder are focused on depicting the file in an attractive fashion, giving at most its size and when it was last updated. File listings on both platforms conveniently side-step the question of ownership in their most common settings.
OS X is Unix, and because it's Unix the ownership of items determines what the protection mode means to you. Apple don't like their users wandering outside their home area - Panther tries to make it impossible - yet tens of thousands of files are out there on a typical 10.x disk. If your intruder can get there but you can't, what chance do you have?
Microsoft NTx was designed as a server. Cutler had no idea, when accepting Microsoft's offer to bring his Prism cross-town, that they wanted a workstation version. The NTx security model is oriented towards system administration - it uses access control lists. You put users in global groups, then you put global groups in local groups, and then you attach resources. It's the kind of mind-blowing and painful exercise meant for an admin who's being paid to suffer - it's not the kind of thing ordinary users are going to engage in to limit access by other users.
The Unix model has the power to control access and to keep security high within the perimeter, but for the model to work every user must understand why it's important and implement it.
The GUI experience in the world of Linux is handled by the two most prevalent 'desktops' Gnome and KDE. Gnome has its File Manager and KDE has its well-known Konqueror which also doubles as the web browser - Safari is based on this latter code.
Following are screenshots of the Gnome File Manager and the KDE Konqueror with both icon view and detail view.
Both systems can offer big icons as default, but both systems offer an opportunity to 'audit' the system - something that's impossible with the OS X Finder.
Finally there's a screenshot of Xfile for OS X - the only Unix file manager available for the platform.
Viva la différence.