[akira2501]

> it's a lot better than anything Unix side due to the ACL and security model.

Better is subjective. It's maybe more capable. It's also easier to create confusing DACL structures that do not do what you think they do or leave surprising gaps in coverage.

> and grew to a huge size and surface area and that is hard to fix retrospectively.

We added network cards to everything at the same time networks finished moving from being isolated to being permanently globally interconnected. Machines that had a multi user capability (that didn't cost thousands) fared this transition better than those that did not.

> Anything which can read ~ is a problem because there's where all my important shit is...

It wouldn't matter if it's ~ or not. The software runs as you and so can access anything anywhere you have rights to. Which is why chroot, namespaces and pledge all exist, and windows really does not have equally secure equivalents to these technologies. To the extent it does, commercially available software does not seem to take any advantage of it.

Then again, running an agent that actively screen shots your desktop periodically and then saves those unencrypted to any part of the hard drive is a bad idea regardless of the imputed confidence you have in the security of the operating system itself.

[cjk2]

> Better is subjective. It's maybe more capable. It's also easier to create confusing DACL structures that do not do what you think they do or leave surprising gaps in coverage.

There is nothing confusing about it at all. The problem tends to be poor understanding and poor default configuration in all these things. I mean the same can be said for the average linux user, who ambles on in and 777's everything.

We added network cards to everything at the same time networks finished moving from being isolated to being permanently globally interconnected. Machines that had a multi user capability (that didn't cost thousands) fared this transition better than those that did not.

I've run windows terminal services for about 20 years on and off. They did fine. Hell half our clients are still running citrix and terminal services.

It wouldn't matter if it's ~ or not. The software runs as you and so can access anything anywhere you have rights to. Which is why chroot, namespaces and pledge all exist, and windows really does not have equally secure equivalents to these technologies. To the extent it does, commercially available software does not seem to take any advantage of it.

Windows has full virtualization at service and process level if you want to have it. Device guard/credential guard and app-v for example. I agree with your last point that commercial software doesn't take any advantage of it, but neither does firefox which will quite happily shit on your ~/.profile...

Hey I rather like the idea of taking screenshots and dredging them for info. It'll immediately stop MSPs writing all their clients' passwords in a .txt file on their desktop (I've seen this several times)...

[akira2501]

> There is nothing confusing about it at all.

It comes up as an item in our internal corporate audits all the time. The fact that parent and child can have independent access is a surprising one in most mental models and a problem that just doesn't exist in the simpler unix model.

The ability to create permissions for things that don't even exist yet is another surprising thing that catches administrators up. It does not help that the windows GUI tooling is exceptionally inferior compared to the command line tooling.

This is on production servers in sensitive environments. That linux home users chmod 777 is one thing, but I don't see the same types of problems in professional linux environments; granted, you don't see as many comparable linux environments at all. Likewise, explorer makes it easy to just "give permissions to Everyone" and I've seen that just as much in home installations. In any case, these are probably not great comparisons.