Slashdot Mirror
Running Windows Without Administrator Privs?
javacowboy asks: "For a while now, I've been advising friends who run Windows to try running as a regular user, as opposed to running as administrator, which is the default setting. However, I switched to Mac a year and a half ago and I haven't run Windows since, so I'm probably not the best person to be giving this advice. Still, on a philosophical level, *trying* to run Windows as a non-admin, given the prevalence of viruses, worms, trojans, and spy-ware, seems to make sense. Have any of you tried to run Windows as a non-admin, and how did it work out for you? Are there certain tasks or certain software you need to be admin to run? How realistic is it to expect a Windows user to run their OS as non-root?"
Three years ago my girlfriend took her machine to a friend of hers to get it fixed. The guy installed a bootleg copy of XP on the machine, as well as an install of Norton AV.
When I had to clean the malware off, I noticed that there were no service packs, and the Norton had not been updated in over a year and a half.
I backed up all the pictures and work documents, then installed a legal version of Win2K Pro, Anti Vir, Clamwin, Firefox, spybot and Ad Aware.
The hardest part was convincing her to use her newly created user account. She did not like the idea of not having privledges on her own computer.
After alot of explaining, she agreed that maybe I knew a little bit more than she does about maintaining a computer. I had to give her the root password, but made her promise not to use it.
Now, the box has had no malware infections for over a year and a half. The only programs not useable by the user accounts are StarCraft, and Bit Commet. Neither of wich she cares to use.
The three different accounts all have different wallpaper, admin has a very large picture wich is predominantly red....signifying "stop", or "Danger". If she wants to start browsing, she checks to see if anything is running, and then shells out into her user account.
My user account has a wall paper picture wich is a green background with a Templar in blue and green hues...signifying "go", or "Safe."
Her account has a nice picture of the San Francisco wharf, taken from a boat. There is no way for her to infect this machine unless she does it maliciously. And even then, the I keylogger installed will probably help me figure out what she did, as well as when.
Today's show is brought to you by the number 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0: 25
However, modifying %ProgramFiles% is fine for us SysAdmins, but your average Joe User isn't going to have a clue on how to do it - The application will barf, and Mr Dad will say 'Sod it. I'll give myself Admin', because life is simply too short to faff about with these things.
Vista's approach, while not perfect does redress problem somewhat. If an app needs admin, Vista pops up a dialog asking for User/Pass of an admin account (a bit like an automatic SU) - I'm not sure if Vista knows each app and what it need via some list, or if code analysis is at play (I doubt it), but my experience of the Vista betas, seems to indicated that this system CAN work.
Now, the real question is, why can't MS add that functionality to XP ?
-Jar.
Together, We Can Make Slashdot Better. I Do NOT Mod ACs. - Check Me Out
www.vmware.com
Back it up when it's in a pristine state, then anytime they mess it up, delete it, restore from the backup.
Well, can't blame British Rail -- I mean, Microsoft -- for that! (And I try to blame nearly everything on Microsoft.) I'd like to say it's people who accept software that requires admin access to run, but unfortunately, it's just like with the unfair software licenses that are so common -- you feel like you have no choice. "What do you mean, I spent $500 for this digital camera, and I can't run the software because it's unsafe?" Stuff like this ought to be prominently highlighted in product reviews.
In the corporate world, it's a similar problem. You need a package that does X, and after a search, you decide on one. It turns out not to run under the locked-down environment that everyone knows is safe. The vendor, having cashed your company's check, won't fix it. Management, needing to get the work done that the software was bought for, decrees that the package must be installed, and the necessary accomodations made. So you're hosed.
Runas and sudo are great workarounds, but they're no substitute for properly thought-out software that is designed to be secure from the ground up.
"Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
I used to run a computer lab several years ago (Windows 2000 based) and one of the problems I found on more than one occasion was programs that would try to reregister all of their .DLLs when the program was started. The programmer was probably trying to make sure that their program didn't end up in .DLL hell, but I had to make sure all the requisite registry keys were writeable for all users. That's a real pain in the ass to do without opening the system up across the board. A lot of programs have gotten better about running as a normal user on XP.
I should also like to point out that I tried the user vs. admin thing. The software that made me switch back was Winamp (they should know better) and Logitech's driver for the Quickcam Chat (they should definately know better).
Winamp was annoying, but I suppose that I could ask for a refund of every penny that I paid for it, which was nothing.
Logitech, on the other hand, was more annoying. I paid good money for that product, and a company that size should check for this sort of stuff. The problem is that if you press the "picture" button, the picture gets saved in the documents directory of the preson who installed the camera. And if there is no write permission, explorer crashed. This is simply inexcusable.
But then again, I have been anooyed by Logitech's driver support before. Less than two years ago, I purchased a wireless keyboard/mouse combo for $80 -- pretty close to the top of the line. They have not released updated drivers in over two years, and their special keyboard buttons do not even support Firefox. You can check for yourself under the Cordless MX Duo page. Since Firefox is the 2nd most popular browser around, I would expect them to update their drivers to support it. But I guess that they figure that they already have my money. But they probably won't have it the next time. It is quite interesting, though. Logitech has excellent hardware, but the software/drivers are poorly tested and poorly supported. Point is: Logitech sucks.
"-1 Troll" is the apparently the same as "-1 I disagree with you."
While there is some truth to this, it's not the case that, say, "larn" or "hack" needs root access.
But it is the case that many (all of the ones I've tried) of those Disney game programs require administrator privileges. These are basically flash games, and they're being sold for children to use. But they simply will not operate without administrator privileges.
(This isn't even remotely unique to Disney, by the way.)
I called up Disney when I found this out because, frankly, I think it's insane that a 3 or 4 year old is given an account with administrator privileges. They knew about the problem, certainly, but weren't even remotely interested in fixing it. They suggested I could either run as administrator or return the software. Nobody accepts the return of opened software, so there you go.
Some people blame this on the ISVs, and it's true they could try harder. But frankly speaking they are testing their software on standard configurations. If you want security to work you have to turn it on all the time so the ISVs don't have any choice but to write with it in mind.
We know that works, even with consumer software, because the Mac has been successful at it.
It's also true that NT had the capability of doing exactly this right from the start. In fact, I built a simple tool to secure NT systems (and presented it at WinDev, even) back in I think 1996. But with the improving backwards compatibility we saw in NT4 came a host of software that simply wouldn't work in secure mode. Microsoft's prime mission was -- had to be -- to get people off of the Win9x platform and onto something modern. Backwards compatibility was paramount. WinXP would have never been accepted if half or more of the applications people ran on Win9x didn't work. So it had to ship open, at least until the market shifted to the new platform.
Vista really marks the first opportunity Microsoft has to fix it, the first time they could realistically shove security down everyone's throat. I don't have to like that fact but I do have to recognize it.
Meanwhile my daughter's whole computer is considered expendible (and the rest of us use Macs almost all the time).
jim frost
jimf@frostbytes.com