Hey, I've been thinking about this and I feel NT is a better OS base than UNIX. Notice how I didn't say "Windows", I'm talking about the system architecture and not Microsoft's implementation. Think of how much UNIX would suck if there were no clones and you could only get it from Bell Labs. I would imagine it would suck and that's how I feel about Windows, but this is what I like about NT.
User groups: There are higher level users than Admin, but you can get most things as admin.
No sudo: Sudo is a horrible security hole, but that might be the implementation. In Debian, (not ubuntu) you need to go through a lot of work to use sudo
Driver Model: I think HAL is a better way to go than in-kernel drivers making it easier for rollback or messing with init scripts for kmods -Standard Driver ABI: I've seen people run Windows Server 2k Drivers in Win 7 32-bit and that Voodoo 5 would still work fine. -New(er) Technology: Well, it is what it say, "New Technology". When MS made it, it was designed as a re-imagination as a multitasking and multiuser OS
I feel NT is a better OS design on paper, however, the MS implementation leaves more to be desired.
security hole? Maybe. If thats the case, then just stick with one root user who is the only one with control on the system, don't have a sudo group, but other groups for tasks.
I do not know enough about HAL vs in kernel but a quick wiki revealed this:
HAL is now deprecated on most Linux distributions and on FreeBSD
Since about 2010, so thats a had a pretty good laugh. Maybe someone else could explain that.
This is too vague. An example would be nice.
That is a good statement for pretty much anything they do now a days.
I can't contribute much to this conversation, since I have little experience with non-Unix-like systems, but I can say that sudo is actually quite simple and quick to set up. Install the package and then comment-out the line in /etc/sudoers that matches the sudo group and lastly add the user to the sudo group and you're done.
The default sudo implementation in Ubuntu is shit. There's a time out and during that period, (could be a 5 minute window) you don't need to put in your password the next time you use sudo. In Debian, you need to add your user name to the sudoers file and if you try to use sudo without being in the sudoers file, you'll be rejected. But I like that implementation, it's more secure, it makes sure only people that know what they're doing can use sudo.
That is exactly the same in Debian. The only difference is that the first user account which you create during the installation becomes a member of the sudo group right away. And of course that line I mentioned in /etc/sudoers is already active and not commented.
Edit: I forgot to add, that you can remove that time period in which it doesn't ask for your password, if you wish.
Well okay, the first thing is true, you need to add the mentioned line in the configuration and add the user to the group, but from there it's identical. If you add another user in Ubuntu (the same of course for Debian), you will not magically be able to use sudo without having added the user to the sudo group or alternatively added him to the /etc/sudoers file manually.
The fact that sudo is not already installed and set up for the first user you set up during installation is not a security benefit. In fact, it's for the most part a much better practice to use sudo instead of switching to root and doing all the things there.
Better practice yes, but it's still a security hole. Any plain DAC setup is far from secure, or rather, there's only /one/ credential to steal or one priv escalation bug to abuse and the whole system spreads its legs.
On Fedora it's the same thing. From my experience sudo is already installed there and members of the wheel group are given sudo rights. This property is also connected to the user role "Administrator" during setup.
@Baz I wasn't saying anything about the general security but just the fact that sudo is easy to set up and pretty much the same across most Linux distros. ;-)
WTF. No, really, WTF. Are you comparing out-of-the-box sudo configs? You do know you can always change them however you want, don't you?
Compared to UAC's "press one button to allow any program to do anything to your system" popup which nobody reads or takes seriously, even the basic Linux/BSD DAC is a secure bunker, and using MAC (selinux) and separating services into sandboxes (jails, containers, whatever) makes it a fucking Fort Nox.
This is an incorrect implementation. Or i guess to be more specific is it correct, but not the standard/right way to do it. Sudo should be used with the wheel group and that group added to people who need it.
The default implementation is almost always to have some timeout after the first use.
I just noticed @comfreak literally wrote what i was about to finish writing.
But yeah, UAC is kindof somewhat like sudo, except not really. People usually make admin users in which UAC will just ask them to confirm. Very rarely do people use windows with a non admin account.
Oh, another "UNIX/Linux vs NT" thing. Remember inetd-The-Superserver? Well, you can still use it, but you really shouldn't. And it was used only for network services in Linux/BSD, and you always had a choice to run service through the wrapper or as a standalone daemon. Now, if you have Windows, open your task manager and look at svchost. Just. Look. At. THIS. SHIT! A dozen of processes, each of them representing multiple services. If one of these services misbehaves and your svchost suddenly eats all your RAM or CPU time, it's a nightmare to troubleshoot.
DAC still has a huge weakness; root is the king of the hill, just one bug and a process has access to the whole system. Not very secure. RBAC where UIDs doesn't mean jack should be defacto pretty much everywhere. Ofc it's not bullet-proof, but still another layer in the onion.
I think the sudo system is a logical implementation but could do with updating ( don't ask me how) .
I agree that installing drivers rather than kernel driver installation is a better method but at the same time with drivers being in kernel they are tested and known not to interact with anything. I very much doubt Microsoft are installing top 1000 drivers on the same system to see if there are any interactions.
Lemme address this by saying that linux has come a long way from the ald windows v linux comparisons there used to be so anyone who wants to do those they don't apply anymore. Second, while NT is great, it has flaws built in that cannot be easily reversed like they can in linux. I can't speak for BSD because I don't use it outside of OSX and that doesn't really count.
So linux has a kernel base that has most of the system built in, for sure if you have SystemD. No HAL anymore, that caused so many problems and wreckages it was a mess. When I joined on the ubuntu train the driver system was a shit storm because most of that was out the door already and the in-kernel hooks were being tested still. So it was left to Xorg to figure it out, which worked as far as I can tell but on my systems the drivers would die after about an hour. Wasn't great. When the in-kernel stuff was finished nothing ran better! Not even windows. Well... DOS would, but thats not a main OS.
User Groups in linux are much more interesting than in NT. Where as in NT you have your level of permissions outright, in linux the permissions are leveled, but the text attached doesn't really matter outside of what is labeled by those labels. If a general user is under %wheel, then most apps that user installs is also under wheel. Wheel could be Root, could be david, doesn't really matter that much. And if root becomes a security hole, it doesn't really mess anything up to lock root off and make it do nothing.
Driver ABI is pretty flexible in linux. Has to have some changes in the headers but most of the time I can use my voodoo3 in ubu 16.10 just as easy as I can in windows, possibly easier.
And just for note, changing drivers out all the time is my memo, but theres no messing with init or anything thats all just detected.
I'm saying if there was a more fully cooked implementation of NT than ReactOS, I think it will be like what the GNU Project did for UNIX. Imagine how bad UNIX would be if you could only get it from Bell Labs. I think clones would lead to better implementations even on the MS side because they would have to compete with "Red Hat Enterprise NT" at that point and prices and licensing would get a lot better.
Honestly, unix could very well have been better off for staying with bell labs.
Pretty much everyone at bell labs was a fucking god, and I would have much rather seen the infrastructure at bell labs grow to support a better mass market model for their OS.
But instead we have these hacked together piles of shit. Sooooooooo yeah.