Slashdot Mirror

← Back to Stories (view on slashdot.org)

Users' Admin Logins Make Most Windows Malware Worse

Posted by samzenpus on from the protect-yourself-at-all-times dept.

nandemoari writes "A new analysis claims that over 90% of the Windows security vulnerabilities reported last year were made worse by users logged in with administrative privileges — an issue Microsoft has been hotly debating recently. According to BeyondTrust Corp., the result of the analysis of the 154 critical Microsoft vulnerabilities indicated that a full 92% could have been prevented if users were not logged into their systems with administrator status. BTC believes that restricting the number of users who can log in with these privileges will 'close the window of opportunity' for attackers. This is particularly true for users of Internet Explorer and Microsoft Office."

14 of 420 comments (clear)

  1. Cancel or Allow by Anonymous Coward · · Score: 5, Funny

    Would you like to install a virus? [Cancel/Allow]

    1. Re:Cancel or Allow by flowsnake · · Score: 5, Interesting

      "Polite", a virus for Microsoft Word, already did this back in the mid 90's! When you try to save a file the virus macro asks "Shall I infect the file?", and kindly refrains from doing so if you click say no.

  2. You mean... by laughingcoyote · · Score: 5, Insightful

    Not running as a fully-privileged user reduces your security risk? Who knew!

    This is not news. The question is why it hasn't been meaningfully addressed in Windows for such a long time.

    --
    To fight the war on terror, stop being afraid.
    1. Re:You mean... by Urd.Yggdrasil · · Score: 5, Insightful

      It would be a hell of alot easier of software developers didn't require administrative privileges when they really don't need them. I tried to run in a "user" usergroup when I replaces win2k pro with win xp pro but nothing ran correctly. I tried using the "run as" menu and a program called sudo-win which would elevate my privs temporarily then reduce them again. Nothing would install correctly, nothing would run correctly. Even programs that don't use any administrator functions or zones wouldn't work correctly. Realistically, running in a non-admin account is a pain in the ass.

    2. Re:You mean... by LoadWB · · Score: 5, Insightful

      Seconded. When you have mainstream applications like Peachtree, QuickBooks, Timberline, and even some of Microsoft's own products, requiring administrator access to a workstation, limiting rights is difficult.

      (Mind you, I speak from a purely XP-standpoint. We have had so many problems with Vista at sites which have tried to implement it that we do not use it. And others do not have the hardware to run Vista.)

      IIRC, I have also run into issues with AutoCAD, some network scanner drivers, and the like.

      Mostly, the ways around these requirements are convoluted or require in-house admin staff to handle minor requests which need immediate attention.

    3. Re:You mean... by Opportunist · · Score: 5, Interesting

      The question is why it hasn't been meaningfully addressed in Windows for such a long time.

      Because it would break compatibility. Actually, and I hate to say it, it ain't MS's fault. Or at least not only theirs.

      A simple example: In the good (bad) old days of 95 and 98 and the lack of sensible rights management, it didn't matter whether you use the HKLM or the HKCU registry branch. Both were equally unprotected, and since your software worked with every user (and you needn't care about such trivialities as watching out for a lack of reg keys), software vendors simply dumped their registry junk into the HKLM tree.

      The same applies to access to sensible system areas, like drivers (copy protection crapware) or code injection. Programmers simply assumed it is possible because hey, the system didn't really care about it!

      In comes Win2k and suddenly, when you are not logged in as admin, your games don't work. Now why the hell does a friggin' game need admin rights, you ask? Because it wants to load a copycripple driver, because it wants to write in the HKLM (or similar sensible) hives or because of other things that didn't matter earlier due to a lack of rights management and due to being the easy way out of a programming problem.

      MS is to blame to allow this for far too long. Users are to blame to put up with it and accept that they're "forced" to use admin privs to run programs. And most of all, programmers are to blame that took the easy way out and ignore rights. No, they needn't be able to forsee it (even though they should have). But since the practice still prevails (run a copy protected game without admin rights, see if you succeed), the blame is squarely on third party software. Not MS this time.

      I hate to say it, and I know it's unpopular on /. to "defend" them. But it's not MS that has dropped this ball.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    4. Re:You mean... by the+white+plague · · Score: 5, Insightful
      Anecdotal evidence sucks.

      Yes, but the user experience is what counts. All it takes is one video game to pitch a fit that it doesn't have admin privileges and hundreds of thousands of users have learned the lesson "just run as admin, it's less bother". The last couple months Fallout3 has been the popular game of the moment teaching users that security is painful to use.

    5. Re:You mean... by ShakaUVM · · Score: 5, Interesting

      >>which is hard to figure out because Windows won't tell you because you don't need to know.

      Yep. In Linux you get the rather common sense "permission denied" message when you try installing something and it tries to write to a directory you don't have rights to. In Windows, it fails silently most of the time. Drove me up the wall when a program I'd installed was working on a computer I set up for my mother, when it turns out even though she could see the program with her "mom" account, something or other needed admin privs, and it was dying silently.

  3. What they need to do... by the1337g33k · · Score: 5, Interesting

    What they need to do is limit all users to not be administrators. They should create the admin account so that it can ONLY do admin tasks. It cannot run programs like office or games. It can only run security and diagnostic apps, adding-remove apps. If they restricted admin users from using their account for daily use and only for admin use, that would significantly reduce the attack surface for crackers.

  4. A Worthless Article by rsmith-mac · · Score: 5, Insightful

    Lame blogs aside, The Fucking Article is damn near worthless. Highlights include:

    • The study was done by BeyondTrust Corp. who is looking to push their Privilege Manager software, which shockingly is permissions-management software. Right off the bat we have a dubious study due to the conflict of interest and the sponsor.
    • The article makes no distinction among what OSs were used in the study. Was it Vista? XP? Server 2003?
    • The article also makes no distinction on if UAC was used, if Vista was used at all. Of course why would a company trying to sell security software want to tell people that just enabling UAC and/or setting your users as standard users would fix the problem?
    • The only quote is from the director of marketing.

    In conclusion: Running everything with admin privileges is bad, which is why Microsoft fixed this 2 years ago with UAC. It's a lame PR piece about an equally lame study from a company that wants to sell you stuff to do things that MS did years ago. If you are here reading Slashdot, there's nothing here you didn't already know.

  5. Study flawed by benjymouse · · Score: 5, Insightful

    Problem is that they assume that when the security bulletin says that successful exploitation will allow the attacker to run as the current user, this does not mean that the attacker will be able to run as admin, even though the user is an admin.

    Indeed (with UAC on) IE7 runs in protected mode which is a "sandbox" where the users' security tokens have very limited rights, thus intrinsically protecting the OS.

    The Vista protected mode effectively runs the process as a limited user, even though it preserves the users identity.

    Even if the attacker can somehow trick the browser or user into downloading a malicious file and start it, it will still need elevation (yes, the cancel/allow thingy) to assert admin privileges.

    So, another way to spin this would be "Vista UAC protects against exploitation of 92% of vulnerabilities".

    --
    Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
  6. Re:Microsoft Legacy is Microsoft's biggest problem by Tatsh · · Score: 5, Insightful

    I am sure this is not news to anyone whether you love or hate Microsoft. The fact is the coding practices commonly followed under DOS and then under Windows have been rather poor. The reasons for it are many, but largely because of a thirst for performance. But in order to keep people hooked on Windows, they have to keep supporting the mistakes of others as well as their own. This is what they call "backward compatibility."

    But there is a way out of it and for some reason they seem unwilling to do it. Write a new OS, virtualize old Windows for "legacy support" and eventually all the software vendors will port their code to work with the new Microsoft OS natively just as they did with Mac OS X. I can't imagine why Microsoft is unwilling to do that... got any suggestions anyone?

    I have been suggesting this for years. Enterprise (Microsoft's most important customer base), in general, does NOT want it. Seemingly they want the 'good ole' x86 to live forever and Windows to run programs written for DOS 5.0 even in 2009 and beyond. Ridiculous, but it is true.

    If you are a business who relies upon some certain software to get work done and do NOT have the time, money or resources to switch to something else, it is in your interest to demand your software vendor (in this case Microsoft) NOT to remove compatibility for X application.

    If you look at the Windows 2000 leaked source code, you can find plenty of comments about VERY specific application fixes. Yes, XP broke stuff. Vista broke more. But it probably did not break what the enterprises care about (Vista likely did break many things, hence why 7 is being rushed and so many enterprises skipped Vista and will go to 7 after some extensive testing).

    Today I experienced a game that does not work on Vista. Microids' Corsairs from 1998, made for Windows 9x. Tried compatibility modes, the latest patches, etc. It just kept crashing. Microsoft does not care about your 'classic' games at all. All they care about is the enterprises who actually buy the expensive volume licenses Microsoft is always trying to sell.

  7. It's going to take a moment... by symbolset · · Score: 5, Funny

    A Mac fan extolling the merits of the command line.

    It's going to take some time to get used to. Forgive me.

    --
    Help stamp out iliturcy.
  8. Steam won't run without admin privileges by XCondE · · Score: 5, Interesting

    But Valve will go after you for trying.

    My question:

    Customer 06/11/2006 04:15 AM

    I am not willing to play (and let other people play) HL2 using the Admin account on my computer because of the obvious security implications (I don't want my computer infested with malware).

    Is there any way to run it without admin privileges? I installed it using admin privileges and went back to my unprivileged account but turns out it needs to write data to the install folder (bad programmer - no donut for you).

    Which are the files STEAM tries to write to in the install folder?

    If it turns out to be too complicated I'll just download the no-steam version with BitTorrent ;-).

    Their response:

    Response (Josh) 06/13/2006 01:34 PM

    Thiago, It cannot be run without admin privileges. I know you were probably joking, but I would also encourage you to avoid any product that claims to get around Steam. We take cheating and hacking very seriously.