Slashdot Mirror
Windows Users Ignoring LUA Security
blankify writes "eWeek is running a story about the least-privilege, no-admin option available in Windows (2000/XP/2003) that has been mostly ignored by end users. From the article: '"To the average user, the notion of non-admin is abstract and obscure," said Michael Howard, a senior security program manager in Microsoft Corp.'s security business and technology unit. "Most users just don't know they can set up least-privilege accounts in Windows today, and that's just a sad reality."'"
If their software doesn't work in least priveleged mode doesn't it defeat the whole purpose of the system?
Users ignore it, because it's a horrible pain to use XP using a normal user account.
There are numerous games that cannot be installed without admin rights, and plenty who cannot even be EXECUTED without admin rights. All because the devs are lazy morons.
Same goes with numerous applications.
Not to mention the fact that in many case applications break in random ways, without actually telling why they break.
So right now if you actually want to use XP, you pretty much are stuck with admin mode (or you have way more patience than I do in using 'run as..' or switching users)
I'm sure the default setting of creating an admin level user with no password at install time, and then having it set to automatically log them in has nothing to do with it...
I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
Too bad you posted as AC because that's exactly why I don't use it.
A limited account in linux still allows you to do most things without a hitch. Plus, when you need root access, you can do that within the logged on account without logging off.
I also tried setting up my SO's account as limited but she ran into problems all the time. It is hard to explain (excuse?) something as a feature when it is such a pain in the ass.
Hopefully, they will get this one thing right in Longhorn.
The preceding message was based on actual events. Only the names, locations and events have been changed.
Or the fact that 1/2 the programs only work with Admin rights.
Lets not forget software just failing to work. Most third party applications simply will not run correctly in an LUA environment. Honestly, most MS software couldn't run this way before 2000. I run LUA and I have to use runas admin on far too many applications; how is that really LUA? And lets not forget that running IE with reduced rights will also cause many IE plugins and any IStream handoffs (like Media Player) to fail without explanation.
Of course, I totally agree that they claim of lack of user awareness when it is really a lack of MS support. Microsoft has also done nothing to simplify this issue for developers. There are no simple "test and prompt for elevation" routines. It's not a general Windows logo requirement; in fact it's buried in one paragraph in the enterprise logo. And to top it all off, aside from a few proactive devs making blog entries, there's been no attempt to educate users.
Way to go MS, blame user apathy for your own poor performance.
It's partially driven by software that won't install as a regular user (i can kinda live with that) and/or won't run as a regular user (unacceptable except for system utilities).
I can't even count right now how many clients I have running users with admin membership because of crappy software.
And the kicker is, it's not that hard a programming task to make software run in the regular user context! argh!
eric
Changing the screen resolution in Windows does not require admin privileges.
Half the spyware normal users get uses privledge escalation holes anyway so it does not keep that crap down.
Which ones ? Privilege escalation bugs aren't exactly common.
Anyway, I have been told (but have not tried) that making the "temp" folder trees "Everyone" read/write explicitly, and adding each account explicitly fixes most of the "run as admin" problems.
You've been told wrong. For starters, every user on the machine can create new files and modify existing files that belong to them in C:\Windows\Temp. Secondly, most all apps (even the badly written ones) use the per-user TMP variables that point to directories within the users profile (that they have "Full Control" over).
Most programs dont do much registry editing, but a lot need scratch space and if they use the temp folders, they need access to them.
No, in fact the most common problem is applications that try to store things that *should* go in HKEY_CURRENT_USER in HKEY_LOCAL_MACHINE. Bugs like this are actually a good indicator of the developer's lack of interest in updating their product, because per-user registry hives were introduced to Windows 9x back with Windows 98 (they've always been in NT AFAIK).
The second most common problem is stupid developers trying to write to files (often user or application preferences) in either their program's directory or the Windows directory (DOOM 3 has this problem).
Try it yourself some time. Running windows without admin rights is a nightmare. About 2/3 of my programs won't operate (I'm a software developer) at all. I've fixed almost everyones computers that knows me (I hate being free tech support but anything for a friend) and stupid programs like a damn cat breeding program this one girl had wouldn't run without admin rights (after fixing her computer 3-4 times I tried the No Admin route to no avail).
Until programs run without being admin this whole arguement is pointless.
OS X does it perfectly.
When I first installed Windows on my new system, I tried creating a seperate non-admin account that I'd use for my day-to-day computing. Shortly thereafter, I added it to the Administrators group because I just couldn't take it anymore.
Installing applications was mostly a non-issue, with Windows prompting me for my Administrator password when I tried to install something that needed Administrator permissions.
However, almost everything else was a giant pain in the ass. If I wanted to use any of the control panels, I either had to log out/log back in as Administrator, use Terminal Services to connect to localhost and log in as Administrator, create yet another shortcut to run it as Administrator, or use the runas command. None of those options are nearly as slick as Windows Installer asking me for my Administrator password. Why they couldn't use the same model is beyond me.
It's not only the control panels that I had problems with. If I wanted to use Windows Update, I had to be Administrator, and it gave me no easy way to become Administrator. If I wanted to develop and debug something in Visual Studio, I either had to be Administrator or be in the debuggers group, which essentially gives you free access to poke at the system any way you like. And of course, numerous applications and games have copy protection systems that require system drivers and services to work.
Of course, LUA doesn't do a damn thing against network-based attacks.
In the end, it's much easier to run as Administrator and drop priviledges when running certain applications.
Not to overdo the "sympathy for the devil" thing here, but I've been thinking about how screwed poor Microsoft is. Think about this; they've managed to paint themselves into a corner on security and stability issues, and they may not have any way to get out of it. Consider:
;)
1. They carried the same codebase forward from Windows 3.1, never completely scrapping it, always just bolting new parts on. This has caused Windows to end up like a Rube Goldberg machine, so complicated on the inside that "they" say nobody at Microsoft really knows what everything in there actually DOES.
2. They really pounded the nails in the coffin when they deliberately bound IE into the O/S to frustrate the DOJ during the browser wars. By binding so many things right into the O/S, they glued themselves to their codebase. Can they even separate their GUI from the underlying O/S anymore?
3. Given that this monstrous, mammoth codebase is a hideous nightmare to try and "fix", obviously the smart thing is to pull a Steve Jobs: scrap the whole beast and glue a beaufitul, stable frontend onto a FreeBSD backend with a Mach Microkernel. This would turn Windows into a thing of beauty and stability, like the Mac O/S. But, CAN they? Is it even possible?
4. And, if they did that, they might face a revolt as virtually every software company, corporate IT department, and end user went completely ballistic. It could be suicide.
So, think this over: Microsoft is pretty much screwed, locked utterly into the codebase they've got. If they stick with it, eventually they'll be replaced by more secure, stable alternatives. If they try to save themselves the Apple way, the end could come sooner instead of later.
If YOU were Gates and Ballmer, what would YOU do?
Aside from spending the weekend on the yacht, I mean...
Farewell! It's been a fine buncha years!