• 0 Posts
  • 24 Comments
Joined 1 year ago
cake
Cake day: June 21st, 2023

help-circle


  • runas is trash, to be honest. I’ve been waiting 30 years for an OS-native tool that allows me to delegate specific commands for specific users to run with specific parameters as admin. Something I can do with sudo (well, sudoers) in 5 minutes is outright impossible on Windows. I’d like to believe that Microsoft will implement this part of sudo, but I’m not gonna hold my breath









  • Creating an AD domain carries a substantial amount of extra overhead that they might not want to deal with. The basics of setting one up are simple enough but actually building out/maintaining the infrastructure the correct way can be a lot of extra work (2 DCs for redundancy, sites configuration, users, groups, initial GPOs). There are also licensing and CAL considerations (bare metal and hypervisor, both different), domain and forest options that can paint you into a nasty corner of you’re not careful, and a whole host of other things to think about and plan around. I’m not arguing that a domain is bad, on the whole I agree 100%. I just like to set the record straight that building a new production domain isn’t as simple as a lot of people would have you believe, and OP might not have the time to go through all that.


  • I kinda disagree with the context comment though. That era of computing was inherently wild - nobody had figured anything out yet beyond the most basic and general strokes, and security analysts (such as they were) had what would be considered a childish understanding of IT security by modern standards. Heck, Windows95 didn’t even have the TCP stack enabled by default, so when these features were being designed, planned, and coded at Microsoft, there was no context for security on that kind of feature. Wikipedia says that Win95 was in the planning stage in 1992 - I take that with a grain of salt, but the concept is valid. Microsoft was writing the core features of Windows 95 before WAN was even really a thing. Like I said, I don’t disagree with the idea that AutoRun was a terrible thing among many terrible things Microsoft is responsible for, but given the era in which AutoRun came out, it was a reasonable trade-off between security and functionality for the lowest common denominator of user. The whole thing should have been disabled (on 95 and 98) when Windows 98 came out since they should have known better at that point.


  • I don’t disagree with this statement in general. That days, I don’t know how old you are and whether or not you were really around the home PC space when the auto run feature first came to be. I can sort of understand what Microsoft was trying to accomplish with it… the mid-90’s were a wild, lawless time with regard to personal computing. There was a lot of heartburn on the end user side because things were changing so rapidly. Getting them to understand that what a “drive letter” was, how to get there, and how to run an application from it (let alone what an application even was) proved challenging even under the best circumstances. The ability to insert a CD into the drive tray and have it “just work” (also a big theme in Win 95/98) was a godsend for a lot of publishers.

    Of course, in today’s world, we look at that kind of feature and rightly say “yo, that’s fucking crazy, why would you do that?”, but in the old days it really did help. At the end of the day, it was a useful feature that, like a lot of windows legacy crap, was left in the OS after its usefulness had gone and just became another attack vector.