Slashdot Mirror
Windows Users Ignoring LUA Security
blankify writes "eWeek is running a story about the least-privilege, no-admin option available in Windows (2000/XP/2003) that has been mostly ignored by end users. From the article: '"To the average user, the notion of non-admin is abstract and obscure," said Michael Howard, a senior security program manager in Microsoft Corp.'s security business and technology unit. "Most users just don't know they can set up least-privilege accounts in Windows today, and that's just a sad reality."'"
How about, embracing and extending good practice...
Deleted
Could it be "the sad reality" because Windows up until XP (ignoring 2000 and NT) there was no user-priviledges differences?
Maybe MS should start educating the population and force them to create passworded least-priviledged accounts and choose a password for the administrator account when installing or booting an OEM for the first time. Maybe also the administrator should be blocked out of surfing the web and playing games so that people just don't use the admin account for everything.
most likely because this option breaks most applications
This is why most people don't know about it; developers and vendors barely understand Windows security, so it's ignored. The users instinctively know this and they play along, ignoring the existing capabilities.
The Microsoft platform is closed, poorly designed, obscure and ambiguous. Side effects are common and difficult to prevent or correct. Frobbing things that vendors aren't paying close attention to is a good way to invent new breakage.
Go ahead, be the first on your block to harden Windows with naive LUA. Spend the next two years chasing down truly arcane breakage. Teach Microsoft and third party vendors how to promulgate securable products. Meanwhile, I'll be using software on platforms that figured out most of this stuff a decade ago.
Lurking at the bottom of the gravity well, getting old
I think you're over-simplifying this. The Windows NT kernel and core services were designed with security in mind. The real issue is that the shell, UI, and API's do a really poor job of enforcing and providing convenient access to that model. MS made a tough choice when they created they Win32 API; they kept developer compatability and convenience but made security a whole lot harder. There are too many default behaviors in Windows that are just dangerous.
Look how CreateProcess will progressively search for an executable at each space delimited chunk in an unquoted path; that makes a great trojan attack. Consider the shatter vulnerability and associated dangers that result from simple window input; that's why services have to be run on a seperate ACL'd desktop to be safe. Consider how trivially a power user can escalate to admin; look at how many apps need at least that privelege. Look how much code you have to write to set a simple multi-user DACL on an object.
The fact is that security is very hard to do properly in an MS environment, and historically MS has done a very poor job of promoting and simplifying it. I audit security software now, but when I wrote software I had a ton of homegrown libraries to handle things shouldn't have been necessary. So while I agree the tools are there, you almost have to be a security expert to use them properly.
Yeah? That's because Unix type systems have had multiple users since, well, ever.
/'s, she's only going to take her stuff out, and maybe other people who share her group.
You have to accept the fact that certian people shouldn't do certian things on computers.
The fas is that it should be dead simple for a grandma so able to do so, to install a card game in her home directory, without bothering anyone else on a system--a unix system. It goes there, and, what? There's no issue. Quake 3 has the ability to install into a non-root privlidged user's account. If grandma rm -rf
In Windows land, that card game may well have a fit if it dosen't get installed to c:\program files\bullshit cards. If it dosen't work that way on any system, the program is b0rked. Written by an idjet. It dosen't help that MS has programmed people and software writers to behave this way since, well, ever.
****EVERY**** MS home directory should by default have a My Programs folder, and software installed by that user should end up there--unless it really, really does need administrator access, or it needs to be shared by multiple users. Otherwise, who cares if grandma installs bonsai buddy, it's only going to affect her account and not spread to administrator--where everything can be gleefully cleaned.