送交者: eng 于 2006-7-14, 03:20:41:
回答: I bet you haven't actually seen a system actually used by the military :). 由 steven 于 2006-7-14, 02:09:07:
Let's look at a very simple example:
In Windows, the default installation grants the user administrator privilege, so when the user needs to install a program, he can just do it.
On my MacBook, the default installation gives me less privilege, so when I want to install a program, sometimes I need to enter a password.
On most UNIX systems, a normal user cannot install anything system wide. He needs to either ask a system admin to install for him, or he can only install it in his home directory and run it with whatever access right he has.
Which of the system is more user-friendly? Can a military computer allow the kind of user-friendlyness as in the first case?
This example is perhaps over simplifying, but the same principle applies to other things. The thing is, the more things you allow a user (or process) to do, the more user-friendly (or more precisely "usable") the system can become, and the less secure the system is. The most secure system is a system where no one can do anything, isn't it?
Back to what you mentioned. Once you have all the policies and protocols, aren't they making the system less usable by a normal user, in the sense that he cannot just do whatever he wants to with the system? I guess what you are saying is that what users are supposed to do still can be done very easily. That I have to agree.