They’re very much not, that’s the point. There are things that require the NT AUTHORITY\SYSTEM account permissions. Admin can do a lot in Windows, but not everything.
EDIT: also, Windows throws the UAC prompt around much less than Linux asks for the root permissions. ANY software update on Linux needs root. Even regular users are starting to get that if they see the UAC prompt, something big is about to happen.
You do have a point—Linux does not warn users against running superuser commands constantly and naggingly. Also not the beginner-friendly distros like Zorin, Mint and Ubuntu (as far as I know).
To me that’s fine, because I know not to just run any command, but my grandma who gets an email from a trustworthy-sounding person telling them to run “sudo install this keyboard logger and Rustdesk scripted installer” will not know better.
So then that begs the question, given you seem to know something about it: how should this be addressed? (I assume you know something about this—I don’t even know what an UAC prompt is.)
On the other hand: How does Windows stop users from running the .exe file a trustworthy-sounding person emailed them? You could argue that’s easier to ask people to do than to open the terminal and write a command in there.
That’s basically the equivalent of the root credentials prompt in Linux.
So then that begs the question, given you seem to know something about it: how should this be addressed?
I’m not sure it can be addressed. It would require completely redefining how permissions work in Linux, I think.
The way Windows handles it is that if updates are coming in through “secure” channels (official OS updates, Store application updates, updates to applications that do not touch any protected areas), administrator permissions are just never required. For example, a browser update just happens in the background. You open your browser, use it, you close it for the day, you open it the next day, and it’s the new version already.
I don’t think this could ever work in Linux due to the fundamental difference in how software is installed. In Windows, applications have their own folders, in Linux everything is dropped, based on type, to just a couple of “centralised” folders, right? So, every app must have access to those folders, which prevents this kind of “if you don’t touch this, you won’t need admin” approach.
Maybe things like Flatpacks could solve it, since the apps (to my understanding) are more self-contained, a bit like UWP apps in Windows.
On the other hand: How does Windows stop users from running the .exe file a trustworthy-sounding person emailed them?
The UAC prompt has a very specific design and will warn you with an orange colour band if the application is not signed with appropriate certificates. If it’s a suspected dangerous application, the band will be red.
You could argue that’s easier to ask people to do than to open the terminal and write a command in there.
You can send them an .sh file for the exact same effect. Bah, you can send them a .pdf file that’s actually an executable script in Linux.
The way Windows handles it is that if updates are coming in through “secure” channels (official OS updates, Store application updates, updates to applications that do not touch any protected areas), administrator permissions are just never required.
As far as I know, that works the same in Linux. Updates come in through the official repository, and you can easily set it up so that no password prompt is needed to have the update install. I imagine many user-friendly distributions do that. Of course, you will need to really get it into the head of new users that they only install things through the package manager and never through the command line.
The UAC prompt has a very specific design and will warn you with an orange colour band if the application is not signed with appropriate certificates. If it’s a suspected dangerous application, the band will be red.
Well, that sounds like something that shouldn’t be too hard to set up on Linux. Something like “you’re installing something that’s not from our official repo… You sure bro?”
in Linux everything is dropped, based on type, to just a couple of “centralised” folders, right?
I’m not so sure if that is true, actually! Sandboxed applications are very much a thing in Linux, and immutable distributions are an extra protection against unwanted tampering.
(I’m not sure if sandboxed is the term here, I’ll be honest. But you know the concept I mean.)
As far as I know, that works the same in Linux (…) I imagine many user-friendly distributions do that
None that I have used. Ubuntu, Kubuntu, Tuxedo OS and now Garuda Linux all require root permissions to apply any sort of updates.
you can easily set it up so that no password prompt is needed to have the update install
Yeah, that’s part of the problem right there. I think it should be the default setting and you should be able to set it up so that root is needed, not the other way around. But, I don’t know, maybe there are distros that do this.
Sandboxed applications are very much a thing in Linux
Yeah, but they’re few and far between. What is there? The generally hated Snap, Flatpak, and AppImage. Three solutions to the same problem, each doing it differently, each having it’s own issues… One of which is that a lot of applications still don’t support them.
(I’m not sure if sandboxed is the term here, I’ll be honest. But you know the concept I mean.)
I know what you mean, yeah. And, at least in the case of Flatpak, that’s very much the correct term.
All right, so thinking in solutions here—sandboxed applications, no password prompt for updates, and a more alert-y warning when a password prompt is shown. Surely there’s a distro that does the first two things, already?
And also, if no password is needed for updates, the average user will never see a password prompt. Which would make a clandestine .sh file with a password pop-up inherently more worrying.
I’ll have a look-see at some modern distros, I’m pretty sure the no-password-updates is quite normal these days. Also, that does seem to remove some of the necessity of sandboxed applications, if all applications are installed though the official repositories.
They’re very much not, that’s the point. There are things that require the
NT AUTHORITY\SYSTEMaccount permissions. Admin can do a lot in Windows, but not everything.EDIT: also, Windows throws the UAC prompt around much less than Linux asks for the root permissions. ANY software update on Linux needs root. Even regular users are starting to get that if they see the UAC prompt, something big is about to happen.
You do have a point—Linux does not warn users against running superuser commands constantly and naggingly. Also not the beginner-friendly distros like Zorin, Mint and Ubuntu (as far as I know).
To me that’s fine, because I know not to just run any command, but my grandma who gets an email from a trustworthy-sounding person telling them to run “sudo install this keyboard logger and Rustdesk scripted installer” will not know better.
So then that begs the question, given you seem to know something about it: how should this be addressed? (I assume you know something about this—I don’t even know what an UAC prompt is.)
On the other hand: How does Windows stop users from running the .exe file a trustworthy-sounding person emailed them? You could argue that’s easier to ask people to do than to open the terminal and write a command in there.
That’s basically the equivalent of the root credentials prompt in Linux.
I’m not sure it can be addressed. It would require completely redefining how permissions work in Linux, I think.
The way Windows handles it is that if updates are coming in through “secure” channels (official OS updates, Store application updates, updates to applications that do not touch any protected areas), administrator permissions are just never required. For example, a browser update just happens in the background. You open your browser, use it, you close it for the day, you open it the next day, and it’s the new version already.
I don’t think this could ever work in Linux due to the fundamental difference in how software is installed. In Windows, applications have their own folders, in Linux everything is dropped, based on type, to just a couple of “centralised” folders, right? So, every app must have access to those folders, which prevents this kind of “if you don’t touch this, you won’t need admin” approach.
Maybe things like Flatpacks could solve it, since the apps (to my understanding) are more self-contained, a bit like UWP apps in Windows.
The UAC prompt has a very specific design and will warn you with an orange colour band if the application is not signed with appropriate certificates. If it’s a suspected dangerous application, the band will be red.
You can send them an .sh file for the exact same effect. Bah, you can send them a .pdf file that’s actually an executable script in Linux.
As far as I know, that works the same in Linux. Updates come in through the official repository, and you can easily set it up so that no password prompt is needed to have the update install. I imagine many user-friendly distributions do that. Of course, you will need to really get it into the head of new users that they only install things through the package manager and never through the command line.
Well, that sounds like something that shouldn’t be too hard to set up on Linux. Something like “you’re installing something that’s not from our official repo… You sure bro?”
I’m not so sure if that is true, actually! Sandboxed applications are very much a thing in Linux, and immutable distributions are an extra protection against unwanted tampering.
(I’m not sure if sandboxed is the term here, I’ll be honest. But you know the concept I mean.)
None that I have used. Ubuntu, Kubuntu, Tuxedo OS and now Garuda Linux all require root permissions to apply any sort of updates.
Yeah, that’s part of the problem right there. I think it should be the default setting and you should be able to set it up so that root is needed, not the other way around. But, I don’t know, maybe there are distros that do this.
Yeah, but they’re few and far between. What is there? The generally hated Snap, Flatpak, and AppImage. Three solutions to the same problem, each doing it differently, each having it’s own issues… One of which is that a lot of applications still don’t support them.
I know what you mean, yeah. And, at least in the case of Flatpak, that’s very much the correct term.
All right, so thinking in solutions here—sandboxed applications, no password prompt for updates, and a more alert-y warning when a password prompt is shown. Surely there’s a distro that does the first two things, already?
And also, if no password is needed for updates, the average user will never see a password prompt. Which would make a clandestine .sh file with a password pop-up inherently more worrying.
I’ll have a look-see at some modern distros, I’m pretty sure the no-password-updates is quite normal these days. Also, that does seem to remove some of the necessity of sandboxed applications, if all applications are installed though the official repositories.