Lack of communication
Some time ago, I’ve found the atypical fashion of managing permissions. In my job, I was trying to make SecureW2 – a software that provides TTLS to Windows systems – works on Windows Vista. During about a month I was breaking my head against the wall, trying to figure out why on most laptops SecureW2 was failing.
It’s ok, I must admit that I don’t like Windows. At home I use Linux, at work most of the time I use Linux too. You can say that I am a stupid when I tell you why SecureW2 was not working on Vista. SecureW2 was not working because most of users run software as a non-privileged user. So the solution was to click with right button of mouse and then clic in Run as administrator…
What a weird way of security approach, but the worst to me is the strange way of communicate to users. If an action needs more privileges, I thing the right thing is tell the problem to the user and not depend of telepathy. Because of this, I like so much Linux. Linux it’s not a perfect OS, but it tell you when you must run either root or take more privileges.