psychz wrote:
Even if you get access to the sam files, if the owner was smart enough and disabled the older ways to hash the passwords, you will not be able to crack them easily. And as i said before, erasing passwords automatically makes urecoverable any file crypted with the erased key, if the owner was smart enough to set up his/her computer security policies decently.
You do realize that the OP wasn't talking about encryption, but rather plain account password protection, don't you?
Well, if this is the case both *nix and windows are vulnerable to it. The same trick you can do with the SAM files you can do with the *nix PASSWD and Keyring files.
psychz wrote:Wtf has to do the security level with the kernel choice?
Opensource software (including, but not limited to the kernel) can be audited by both the developers and third-parties. Proprietary software uses more or less a "security by obscurity" approach. Both have their pros and cons. Depends on who/what you trust more.
But being opensource doesn't automatically make code secure as many people think, it has to be audited first and it has to be audited by people who know about these matters, so generally them are run by big companies in order to satisfy their customer requeriments, or paid by the community. Without an audit, Opensource code ins't more secure than any other code, and Heartbleed exploit shows it. There are many opensource components that never have been audited, or only certain parts have been audited.
There's also people who like to apply any patch found in the net to their software codes, without knowing what these things really do. Probably them aren't malicious, but them aren't audited, so them can introduce actually exploits without the creator or the user knowing it.
By contrary, at least in Windows case, since both desktop and server revisions share the same codebase, generally desktop users can benefit from the large and extensive security audits who MS applies to kernel and base components code, in order to fullfill their big customers requeriments. So, like with *nix, as soon as you're in the latest revision and patch level, your OS core components will be less vulnerable.
But even i recognize the advantage of opensource, even if i don't like *nix architecture OSs, so my support will go to ReactOS. Even if they go slow by matter of their project being absurdly big, they are still doing a great work every day to bring up an Opensource alternative based in the NT architecture. Form them i've learned how powerful and flexible NT architecture can really be. I can't wait for the end of GSoC season, many improvements are coming to them.
psychz wrote:Despite what linux/*nix crazers and evangelists say, NT isn't more or less secure than Linux/*nix.
Exactly, it's all a matter of configuration, and desktop Windows configuration out of the box isn't going to help a lot.
Because desktop OS objectives in this matter for MS are:
1- Friendly configuration and max program compatibility as default, even if they need trade security for that.
2- Is responsibility of their users set up their own security measurements, so them don't conflict with user workflow.
But any of them have to do with NT architecture at all, or even in some cases with windows code. That's my point.