Domain: threatcode.com
Stories and comments across the archive that link to threatcode.com.
Comments · 7
-
Re:They will try anything...
You've obviously never worked in business IT.
There are entire websites devoted to business apps behaving badly.
-
Re:What OS?
For starters, below is a list of programs that require total or some form of local admin access. You will notice many of them are common real-world business applications in use today. So yes, I *have* to admin machines that require badly written applications to be installed and used on a daily basis. CRM and accounting programs seem to be the worst. Also worth mentioning is geoscience programs such as MapInfo, Global Mapper, Surfer, OIC, SMT Kingdom Suite and just about any program that requires a hardlock USB dongle.
While it may be ideal to have a bullet proof network that's locked down from end to end, it's not going to happen on a shoestring budget. Not this year or the next. That's for damn sure! I guess I should still be lucky to be employed and that companies can afford to pay for my professional services. At least a n00b (such as yourself) would be cheap enough for any company. But you know what they say...you get what your pay for.
-
Re:Stop perpetuating the myth ...
-
Re:"Unusual practice" ... wtf.
Just out of curiosity, what applications are we talking about here?
Here is a list someone compiled. Personally, I gave up running as a non-admin both for myself and for the other users in my working group because we were waiting for IT to respond at least once a week, because something was broken or we needed to install or update something. Further, Windows XP seems to become unstable more often in regular user mode. The particular applications that stopped us ranged from Adobe productivity apps to some functions of MS word (using macros). Worse, for some reason regular users can't even install applications in their own, restricted space, and running a VM, just seemed absurd.
yet it seems that the indigenous MS stuff (Office, IE, Outlook) works just fine, along with the third party CAD/CAM/CAE packages.
I think AutoCAD is one of the culprits, running only in admin accounts. As for MS built apps, I know office has issues with some functions, using network printers and shared printers usually won't work, and media player won't run at all. I admittedly haven't tried since service pack 2, but a lot of people have and the problem is not fixed.
-
Re:Because it makes things work.
I can list tons. The reason people don't give out lists of programs is because there are so many that it just seems obvious. Kind of like saying "Fire can burn you" and then listing a bunch of newpaper articles about people getting injured from burns. I've run my Windows box as a limited user for a long time now, and if administering Windows wasn't what I do for a living, then I probably would be completely lost trying to get things to work.
* Crimson Editor (a code editor - saves config to program directory)
* WinTV2000 (for my Hauppauge TV Card - saves config to program directory)
* WintV Scheduler (for my Hauppauge TV Card - saves config to program directory)
* DVD Movie Factory 3 (Came with Hauppauge TV Card - loads a device driver when run)
* Plextools Professional (App for my Plextor DVD Burner - needs direct access to hardware + saves config files in program directory and/or HKEY_LOCAL_MACHINE\Software)
* Trillian - writes config files to program directory
* Win AMP - writes config files to program directory
Now these are just apps I either use right now, or have used recently that either break completely or don't fully work without admin rights. Almost all of the programs can be fixed with simple file permission changes (simple if you use XP Pro. With XP Home it's not so simple), but a couple are not so simple. Nero Burn rights has to be installed to make plextools work, and the WinTV apps were fixed by giving users rights to a reg key in HKLM\SOFTWARE. What's perplexing about the WinTV apps is when monitoring it, they never actually wrote anything to the key I had to give access to. It just checked to see if they could write to it and died if it couldn't. As for DVD Movie factory, I haven't been able to get it to work as a non-admin. It loads some sort of driver on startup and even when you give users the right to load and unload device drivers it doesn't work. For it, I use the hack linked to in my sig.
If you only use MS products, then running as a non-admin isn't that hard, because MS if pretty good at writing their apps to work as non-admin but when you delve into the world of third party software in Windows, apps that break are very common.
The most frustrating part is that it's not that complicated to write a Windows app that works properly as non-admin. In 99% of cases, you can get by following two rules - 1) Don't write to the program directory after install and 2) Don't write to HKLM\Software\ after install. That's it.
Here are some more links to software that break as admin....
http://www.threatcode.com/admin_rights.htm
http://www.pluralsight.com/wiki/default.aspx/Keith .HallOfShame
It seems to be getting better now. Five years ago, programs that work as a limited users in WIndows were almost non-existant. Now it seems the majority of new products that come out work jsut fine - but there are still offenders out there that ruin it for everyone. -
Re:Yikes
Avoid software that needs to be run with administrator privilages.
Like, just about anything that runs on Windows.
Like what? MS Office works fine; All the IM programs work fine. Even Visual Studio will run as an LUA, though you do need enhanced privileges to debug a running process (as you should).
Sure, a lot of games don't run well under a non-admin account. But that's pretty much it. Oh, and QuickBooks. See the Threatcode website for a proper list of what won't run as LUA. -
Re:Why is this necessary?
Susan Bradley, a Microsoft MVP, has created a "Hall of Shame" for Windows-based software that requires Admin/Power User privilege to run, or that has other serious security flaws. The list is still short (and sort of disorganized), but she's trying. A good many big-name vendors are on her list (and she's not afraid to add Microsoft products).
Nominate your favorite offenders! Tell your friends! If Threatcode.com catches on (she's a server guru, so maybe she can survive a slashdotting), maybe at least a few companies will respond to the bad publicity.
I know, I've got a Pollyanna attitude, but I keep hoping...