Monday, October 26, 2009

Windows UAC vs Linux vs Mac OS X

There have been may articles written recently and surely they have their merits and by no means is this an attempt to discredit.

Simply stated, below are my perceived difference in Windows XP vs Windows Vista vs Windows 7 vs Linux vs Mac OS X on the User Account Control (UAC) issue from the standpoint of one who has them all installed in production use:

1. Pre-XP and Windows XP – unmanaged default installations have administrative (root) privileges, not good as we’ve seen; you can create unprivileged accounts and system changes will require administrator login (with a right-click clue on what account has it);

2. Windows Vista – a total paradigm shift for users and perhaps too aggressive an introduction to UAC causing administrator-level-addicts to make themselves root and/or totally ignore all the prompts; also got released with very minimal device drive support and the rest is history;

3. Linux – by default you had to do a few hoops to become root and in the most recent variants alerts you that your password settings for root and sub-accounts are of what quality; for any system-wide changes you had to enter your root credentials similar to Windows Vista;

4. Mac OS X (Tiger, Leopard, Snow Leopard) – introduced simple lockdowns similar to unprivileged Windows XP user by default; any system changes will require administrative login (and no unprivileged user clue as to who has it);

5. Windows 7 – released with better driver support and is as forgiving as Windows XP in terms of outdated driver compatibility mode; UAC is set to be less of a nuisance and allows the user to concentrate on getting things done rather than police the system;

All in all, I think the current generations of whatever OS you have is running the same playing field in the UAC user experience. There are some nuances in terms of what system hardening has to be done by the initial user but all of this is by now well documented in every OS start-up guide.

There will be some changes as well in the “when to patch” paradigm and as I’ve said before gone are the days when hold holding off when to patch is considered a precautionary measure given the speed of malware attacks on new systems that do not sit behind some other patch management and/or firewall. Today's patches do not just deliver fixes but also much needed compatibility upgrades.

And yes, perhaps one thing that has made me move (and be confident) to Windows 7 (32-bit and 64-bit) is that when fixable compatibility issues occur it actually tells me if one is available from Microsoft or whether I should be contacting my device vendor to get a new one made. Nicely done!

No comments:

Post a Comment