94% of Microsoft Vulnerabilities Can Be Mitigated By Turning Off Admin Rights

An anonymous reader quotes Computerworld: If you want to shut out the overwhelming majority of vulnerabilities in Microsoft products, turn off admin rights on the PC. That's the conclusion from global endpoint security firm Avecto, which has issued its annual Microsoft Vulnerabilities report. It found that there were 530 Microsoft vulnerabilities reported in 2016, and of these critical vulnerabilities, 94% were found to be mitigated by removing admin rights, up from 85% reported last year. This is especially true with the browser, for those who still use Microsoft's browsers. 100% of vulnerabilities impacting both Internet Explorer and Edge could be mitigated by removing admin rights, Avecto reported... Windows 10 was found to have the highest proportion of vulnerabilities of any OS (395), 46% more than Windows 8 and Windows 8.1 (265 each). Avecto found that 93% of Windows 10 vulnerabilities could be mitigated by removing admin rights.
Of course, the stats are based on vulnerabilities announced in Microsoft Security Bulletins, but there's an overwhelming pattern. Turning off admin rights mitigated the vast majority of vulnerabilities, whether it was Windows Server (90%) or older versions of Microsoft Office (99%). And turning off admin rights in Office 2016 mitigated 100% of its vulnerabilities.

100% of Microsoft Vulnerabilities

100% of Microsoft Vulnerabilities Can Be Mitigated By not using Windows

Re: 100% of Microsoft Vulnerabilities

Wrong. They still get you. I'm getting ms venerablilities in my soup now.

Re:100% of Microsoft Vulnerabilities

[michaelmalak]

Don't forget opening Word macros from OpenOffice https://www.openoffice.org/sec...

Re:100% of Microsoft Vulnerabilities

[tepples]

How so? If I access my Hotmail account through Firefox on a GNU/Linux PC or through the Outlook app on an Android/Linux tablet, I'm still vulnerable to any vulnerabilities in Microsoft's servers.

Re:100% of Microsoft Vulnerabilities

Couple of questions:

How is Hotmail exploiting a vulnerability in your non-Windows PC?

Hotmail, really?

Re: 100% of Microsoft Vulnerabilities

Yep, no real change since DOS3.1

Re:100% of Microsoft Vulnerabilities

[tepples]

How is Hotmail exploiting a vulnerability in your non-Windows PC?

It isn't. The vulnerability to which I refer is in Microsoft software that runs on a device other than my PC.

Hotmail goes through Microsoft's server. If the Microsoft software running on Microsoft's server has a vulnerability, the data stored on said server on behalf of its users is affected, even data stored on behalf of users who do not run an Windows operating system. Therefore, shunning Windows will not protect users from all vulnerabilities in Microsoft software.

Hotmail, really?

Unlike Google with respect to Gmail, Microsoft promises not to use the text of emails stored on a Hotmail user's behalf as part of Microsoft's interest profile on a user.

Re: 100% of Microsoft Vulnerabilities

Unlike Google with respect to Gmail, Microsoft promises not to use the text of emails stored on a Hotmail user's behalf as part of Microsoft's interest profile on a user.

Oh goodie, a promise from Microsoft. If there's one multinational corporation I trust to keep a promise, it's Microsoft.

Re:100% of Microsoft Vulnerabilities

Yes, you're fucked if you're using Hotmale, you should be using Hotfemale instead.

Re: 100% of Microsoft Vulnerabilities

[tepples]

If there's one multinational corporation I trust to keep a promise, it's Microsoft.

Unless Microsoft wants to stop doing business in Europe, there's at least one organization with the power to hold Microsoft to its promises.

Re: 100% of Microsoft Vulnerabilities

Lol, the EU would be on its knees if the USA just said nope. Europe has been irrelevant since Hitler died.

Enjoythe mosque across your street btw lol

Re:100% of Microsoft Vulnerabilities

I wish this was true. In truth, avoiding Mircosoft vulnerabilities is not as simple as not using windows.

Re:100% of Microsoft Vulnerabilities

Why can't web browsers be run in their own Virtual Machine? Even with Linux, the web browser seems to need a bizarre desire to need to connect to the root window of the GUI system, and refuse to run under a different user name from the owner of the display system.

Re:100% of Microsoft Vulnerabilities

[ctilsie242]

Windows 10 Enterprise has that functionality coming up.

I do this anyway... have a VM just for running the browser under. This way, if/when it gets nuked, a rollback to a snapshot cures it. Running ad blocking software doesn't hurt either.

Re:100% of Microsoft Vulnerabilities

[MerlTurkin]

You stole my line. Almost word for word! Nice!

Re:100% of Microsoft Vulnerabilities

[Coren22]

I'll just leave this here:
https://developer.microsoft.co...

It doesn't help with Chrome and Firefox, but at least it is a VMed Edge already built for you.

Admin?

What? Who the hell still runs as Admin?

Re:Admin?

[tepples]

Both Windows and GNU/Linux separate "running as root" from "running as a member of the wheel group". Even if you're a member of the wheel group (which may be called Administrators under Windows or sudo under GNU/Linux), you still need to elevate in order to do any tasks that require superuser privileges. But perhaps creating two accounts, one in wheel and the other not, and doing work other than software installation as the user not in wheel would make it harder to social-engineer users into elevating.

Re:Admin?

[Alain+Williams]

Even on my Linux boxes I do not run my web browser or email client as root. To do so is just asking for trouble - even on a Unix system.

Re: Admin?

Yeah I know! How lame.

I run as SYSTEM.

Re:Admin?

[minstrelmike]

What I found most interesting is that I _cannot_ load most linux software as a non-root user, even tho that is recommended. seems like there's always some package that wants to be root. It's actually gotten better over the years. I know I read a lot of bragging about how much more secure linux was but it seemed as if every software package I loaded needed to be root which made me think all those "developers" were just running as root and hoping to stay lucky.

Re:Admin?

[Alain+Williams]

Eh ? I don't understand. To install software (is that what you mean by ''load'') you generally need to become root for a short while since you typically need to create files in /usr/bin/ & similar. This is very different from the program needing superuser privileges in order to run -- only a very few do. Most packaged software needs to be installed with superuser privileges but if, however, you build it yourself you will run ./configure and can put the software almost anywhere - usually.

Re: Admin?

Do you use Chrome? I found out that the sandbox in chrome automatically runs as root

Re:Admin?

You need to be root to install. As for running the program you better not be root, in fact some programs will refuse to start if you run them as root.

Re:Admin?

Citation Please? Name three at least that aren't some specialized compile-on-run software that you need for your specific field.

Re:Admin?

[rsmith-mac]

But perhaps creating two accounts, one in wheel and the other not, and doing work other than software installation as the user not in wheel would make it harder to social-engineer users into elevating.

I've read TFA twice now and I still can't figure out if that's what the authors are trying to suggest, or something else entirely.

The entire point of UAC/sudo is to allow users to run in a standard context for day-to-day activities, and to quickly elevate certain applications/actions when it's required. Unless something has gone terribly wrong here, applications running un-elevated under an admin-capable UAC account have no more rights than an application running on a non-admin-capable account in the first place. Until elevation takes place, it's for all practical purposes a non-admin account.

So what is TFA trying to suggest, and what is their metric? Are they saying UAC is broken and applications are trivially executing privilege escalation attacks? (And if so, how are standard accounts not affected?) Or are they just saying that since users can escalate applications, the OS automatically counts as vulnerable to the attack? In other words, is the argument that we should be doing away with UAC/sudo?

Re:Admin?

[MrLint]

So herein lies the core of the issue, 2 actually.

1) social engineering. Under normal UAC, as part of the admins group you have to merely click-thru to elevate a process. As a non admin user, with a seperate privileged account you must provide credentials.This raise the bar of, in nothing else, user awareness, and prevents the sadly typical user behavior of just clicking on any button tat comes up without reading. Sudo still requires a password, so its not the same as the UAC standard setting.

2) escalation flaws. A user not in the admins group is not allowed to latest at all (probably). Thus if a malicious program does come along looking to exploit the a system component, or other program that has a flaw, the assumption that root access can be achieved will basically fail silently. For a non-windwos example of this see ShellShock on MacOS.

Re:Admin?

[dbIII]

Are they saying UAC is broken and applications are trivially executing privilege escalation attacks?

Not so much "broken" as in it was never enough to do what you suggest since it was about limiting SOME admin level activities for users with full admin rights.
Sudo is completely and utterly different because the *nix user model is very different to the MS one and much simpler. There is not really much point in comparing the *nix user model and the MS one. MS is about "flexibility" to put things politely, which is why there are so many things that do not behave in an obvious way if you are looking at it as if it was like the *nix model.

Re:Admin?

[Shoten]

Context here:

There are two different scenarios that have to be discussed, and they are very different.

One is enterprise users...that's people at work, using Windows. For them, Admin rights are really not usually necessary, and there is someone else (the admins, obviously) who can serve in the admin role when needed. This is where the biggest bang for the buck of reducing user rights comes in. Yes, there's software that requires admin rights...but in the enterprise market that is becoming increasingly rare, and there are often ways to hit a middle ground where that software will run without giving full local admin rights to a user.

The other group is home users. This is the sticky wicket. Yes, there's UAC...but as home users aren't really that technically savvy. So, when something asks them to click (assuming Windows 10 here) "Yes" or "No," they will often just choose "Yes" because it's what they've had to do a hundred times before to make something valid work correctly. And that 101th time...it's malware. And sure, you could have them using an account with no admin rights at all, but then who would be their admin?

So, as you debate TFA and its message, keep these two scenarios in mind. They both have a lot of users in them, even the same users when you think about it...but they work in very, very different ways.

Re:Admin?

[AK+Marc]

Everyone who wants to be able to run anything. I have about 50% of my shortcuts on my work machine (where policy prevents logging in as local admin, but one can use local admin), set up to run applications as local admin, because so many things still require it. Windows may have made it possible to run applications without local admin, but that doesn't mean all the application writers have kept up.

Re: Admin?

Does not have access everywhere, that's why I run as trusted installer.

Duh?

Who runs with full admin rights?

Re:Duh?

[TechyImmigrant]

Who runs with full admin rights?

Define 'full'.

I run with admin rights on my Windows 10 machine because it's the default and it's a pain in the neck to run without. "Sorry you don't have permissions to set the clock".

Re:Duh?

[Gadget_Guy]

I run with admin rights on my Windows 10 machine because it's the default and it's a pain in the neck to run without. "Sorry you don't have permissions to set the clock".

Have you also turned off UAC prompts? Because when I set the time it prompts me for the admin password and it works fine. I don't ever see the message that I don't have permissions to set the clock; I just see the icon on the button to set the time which shows that it will perform an elevation (prompt for password) to run it.

Re:Duh?

[bmorency]

one thing I run into is that I install a program for a user and it will create a desktop icon. For some reason windows will ask for the admin password to delete it. Why does windows ask for the admin password to get rid of an icon?

Re:Duh?

The desktop shows the contents of two folders. It shows your personal desktop at "%userprofile%\Desktop", which you can add and remove icons and files from freely, and it shows the contents of "C:\Users\Public\Desktop" which needs admin rights to create or modify stuff by default since it affects all the users. The stuff that needs an admin password to remove is in the public desktop and is shown on the desktops of all users.

Re:Duh?

Windows still runs the GUI as part of the kernel?

Re:Duh?

[Gadget_Guy]

Why does windows ask for the admin password to get rid of an icon?

Because those icons are stored in the shared desktop folder (default: C:\Users\Public\Desktop). Any file or icon here will be visible on the desktop of every user. If you shared a computer with other users, then you might not want the other people to be able to edit the icons that appear on your desktop because they could alter them to run malicious software instead. If you ran a program where you needed to login with a password, then they could write their own mock version of the software that logs the passwords and change the desktop icon to run it instead.

If you don't share the computer with other people, then you could grant write permission on the shared desktop folder to all users. Then you could delete and update automatically created icons to your heart's content.

Re:Duh?

[tsa]

Me too. It's just too much of a hassle to switch admin rights off. Maybe it's better now but knowing MS it will not have changed much since 2000 when I tried using my computer as a normal user. "You can only run that program in administrator mode," it would tell me, or it would just refuse to do the simplest things. I gave u in frustration. I do use my Mac as a normal user, which works fine. It only asks for administrator passwords when doing administrative things like installing programs and changing global settings.

Re:Duh?

[TechyImmigrant]

Why does windows ask for the admin password to get rid of an icon?

Because those icons are stored in the shared desktop folder (default: C:\Users\Public\Desktop). Any file or icon here will be visible on the desktop of every user. If you shared a computer with other users, then you might not want the other people to be able to edit the icons that appear on your desktop because they could alter them to run malicious software instead. If you ran a program where you needed to login with a password, then they could write their own mock version of the software that logs the passwords and change the desktop icon to run it instead.

If you don't share the computer with other people, then you could grant write permission on the shared desktop folder to all users. Then you could delete and update automatically created icons to your heart's content.

Or you could run with admin rights.

Re:Duh?

[TechyImmigrant]

I run with admin rights on my Windows 10 machine because it's the default and it's a pain in the neck to run without. "Sorry you don't have permissions to set the clock".

Have you also turned off UAC prompts? Because when I set the time it prompts me for the admin password and it works fine. I don't ever see the message that I don't have permissions to set the clock; I just see the icon on the button to set the time which shows that it will perform an elevation (prompt for password) to run it.

That was an exaggeration for emphasis. I could be more specific.. On a work laptop, I can write to my 'c:\Users\\Documents' folder, but if I try to access it via the various shortcuts on the left of the file manager, I am denied access. No UAC, even though I have the password for that. The permissions on the thing vary based on the path you access it by? That's messed up.

Re:Duh?

[tepples]

Likewise, GNU/Linux has kernel mode setting and the Direct Rendering Manager.* Isn't that also part of the GUI in the kernel?

* The latter happens to share initials with something more sinister.

Re:Duh?

[Gadget_Guy]

Maybe it's better now but knowing MS it will not have changed much since 2000 when I tried using my computer as a normal user.

What? Have you not heard about the User Account Control (UAC) that was implemented with Vista? It does exactly what you described happens on the Mac:

It only asks for administrator passwords when doing administrative things like installing programs and changing global settings.

Yep, that's exactly what Windows does. They really have done work on Windows in the last 17 years!

Re:Duh?

My wife is a gamer. I think she is well into 1500 or so games at this point. I run her computer at a lower priv account. I also run adblock. She does not use noscript as it is just to big of pita for her. I do however.

UAC is good enough for 99% of the sorts of things she has to admin on her box. For the remaining 1% I log in and do it.

Re:Duh?

[Gadget_Guy]

That was an exaggeration for emphasis. I could be more specific.. On a work laptop, I can write to my 'c:\Users\\Documents' folder, but if I try to access it via the various shortcuts on the left of the file manager, I am denied access. No UAC, even though I have the password for that. The permissions on the thing vary based on the path you access it by? That's messed up.

That's not an account type issue; something is seriously borked on your system. That doesn't happen normally even if you are a standard user. It sounds like the user folders have been moved, but the icons haven't been updated to reflect this. (It's possible that something like OneDrive has fiddled with the folder locations).

I assume that you are talking about the Quick Access section. If I were you I would right click on those folders and select "Unpin from Quick Access". Then browse to the folders and click on "Pin to Quick Access" in the Home ribbon to recreate the list. That should fix the problem.

Re:Duh?

[Gadget_Guy]

Or you could run with admin rights.

But that would be stupid considering how vulnerable your system would be (given the topic of this /. story).

Re:Duh?

[tsa]

Oh that's interesting. I will try it out tomorrow. Thanks!

Re:Duh?

When you make the decision to use windows, you are accepting that you are vulnerable. It's the discount Somalian brothel of operating systems. You're so desperate to run a piece of software or two that you'll subject yourself to a full-blown case of AIDS just to do so.

Re:Duh?

[Gadget_Guy]

When you make the decision to use windows, you are accepting that you are vulnerable.

But if you can make yourself 94% less vulnerable, it makes sense to do this. I wouldn't run as root/administrator as my general purpose account on ANY operating system. I also would not assume that ANY operating system would make me invulnerable.

Re:Duh?

Definitely is a "duh?" moment, but why is it more of a problem with Win10 than previously? Simple: full-time administrative rights are required if you log in with a Microsoft Account. If not - if you use local accounts in Win10 like in all previous NT-based versions of Windows - it works just fine for limited/standard users. Leave UAC alone and it will ask you for admin credentials when needed for something. Ordinary use works fine as a limited user once everything is set up. It's also true that there's a UAC-lite when running as admin that asks if you're really sure you want to do something that affects the system; is there anybody who actually stops and thinks before clicking YES?

It's true that by not logging in with an MS Account certain things (such as, but not limited to, syncing to OneDrive and using Cortana) don't work as intended by MS, but is that really a Bad Thing? I think it's actually a Good Thing: working as Windows (NT-based) was intended to. After all those years of pushing use of limited users and principle of least user access needed for a specific task, what ever possessed MS to reverse that with the MS Account Login debacle?

Re: Duh?

[bmorency]

Why can't windows just make a link to that icon and change the permissions on the link it makes on the users desktop so the user can do anything they want to that link and not touch the icon in the shared folder? That way they can delete it if they want.

Re:Duh?

[Gr8Apes]

It only asks for administrator passwords when doing administrative things like installing programs and changing global settings.

Yep, that's exactly what Windows does. They really have done work on Windows in the last 17 years!

Well, they've certainly slapped on a series of bandaids that make you think that's what Windows does. It doesn't really work that way - on UNIX you can elevate a security token with new privs via authentication and authorization, in windows, you have to start with the max permissions and then mask it to reduce permissions and only then can you unmask *existing* permissions within a process. Hint for the slow, that means essentially you effectively have all permissions of the process available at all times. That's entirely unlike unix. So no, that's not what windows does.

Re:Duh?

Doing your day-to-day work as admin is like logging onto a Linux box as 'root'. One does not do it. Well, at least not if one wants to have a hope of keeping one's machine secure. Running as root on linux is unwise. Running as admin on Windows is equally unwise. This is not rocket science here folks. And yes, I use Windows and I do all my work using a non-admin account for exactly this reason.

Re:Duh?

[Gadget_Guy]

I'm sorry, but I think that is completely wrong. Exactly how does Windows starting with maximum permissions actually manifest as a real world example?

If you start with a basic account, you don't have to whittle away its rights; it is low by default. If you want it to be a higher access account then you add it to the Administrators group. Then it inherits the additional permissions. This is the opposite of what you described.

Where you might be getting confused is that the permissions system allows for both Allow and Deny settings, but it is extremely rare to see Deny being used. For an example of how Deny works, if you wanted to create an account that could install software, but not edit the firewall settings, you would add the Administrators group to the account and then Deny edit rights to the firewall. Deny is only useful AFTER you have raised the account's permissions from the default low settings.

Re:Duh?

Definitely is a "duh?" moment, but why is it more of a problem with Win10 than previously? Simple: full-time administrative rights are required if you log in with a Microsoft Account.

That's not entirely true, but it's not entirely wrong either.
If you do a Win 10 install taking the defaults and configure it to use a Microsoft account, you'll wind up with administrative rights.
You can make the Microsoft account have only user-level rights, after install, or you can not take default and make your MS account logon not have admin rights.

What bothers me is that it is not obvious to the average user that they're admin and at great risk, and it is not obvious how to configure the account to have only user-level permissions.

Re: Duh?

for non computer users like yourself that's great advice. For the majority on here that is not possible.

Re:Duh?

I run with root on my linux machine because it's the default and it's a pain in the neck to run without. "Sorry you don't have permissions to set the clock".

Changed the computer type so you can see how silly you are being.

MS's ACL system is actually *very* good in many ways much better than linux security subsystem and in many ways worse. Don't fight it and use it for your own good. Or make snarky comments on the internet and wonder why you got your box rooted by yet another virus.

I set my fathers computer to run a lower privileged user. He picks stuff up all the time because he uses craigslist to buy and sell things. Cleaning his computer is usually very easy. Running linux usually is mostly just security through obscurity due to lack of desktop usage. It gets you the same effect but also gives you a false sense of bravado. The crazy stuff is now starting to show up. IoT has fallen in love with linux. I know I made 3 boxes with it. Every TV/DVD/camera/router/NAS has some form of it. Most of them will be fine because they do not really need network access. But they are still insecure.

If you want to secure a windows box the easiest method is these steps.
1) lower priv user. Most viri die when they can not get to windows/system32.
2) disable java
3) disable flash
4) run noscript and ublock for the web browser

Do those 4 things and if you still manage to pick up a virus you are really trying.

I personally have to skip step 1. As I am a software developer I need to regularly get at the nitty gritty of windows. But if you are 'just playing games' you do not really need it much. Almost all games in the past 10 years will run in a lower priv standard user account. On the computers where I am not doing any dev work? I run as standard user. Then pop into the 'admin' type user to do ADMIN things. Just like how linux does the same thing with sudo/su.

Do yourself a favor. Run lower priv.

Re:Duh?

It's easy to use Linux with a non-root account. Windows? Not so much. That installer is going to run with elevated privileges, no matter where you actually want it to install.

Re:Duh?

As I am a software developer I need to regularly get at the nitty gritty of windows.

That's insane.

Re: Duh?

That's all well but why would you want Windows ? Assuming you have the choice.

Re: Duh?

It is not that silly. Running root on Linux is something you need very seldom even if you are a developer. Running admin on windows is unavoidable.

Re:Duh?

[SQLGuru]

I don't see how it's a pain. It's much less of a pain than cleaning an infected system. I haven't had an Admin account as my normal account since the XP days. If I'm prompted to enter an admin password and it wasn't something I was intentionally doing, I know something's up --- immediate shutdown (full, not just a restart) and scan my system on boot up.

Re:Duh?

Why the hell are you setting the clock so often that you're getting annoyed by it?

Re:Duh?

[SQLGuru]

I'm a DEV, too. My *account* is a limited account. But (depending on the project), I can launch Visual Studio with Admin rights. Some projects are just fine without them, so I don't use them. Other projects require admin rights, so I launch either through Shift-Right-click on the icon and select "Run as Admin" or I create a second shortcut and set the Admin flag. I get the UAC prompt when I launch it, but that's usually only once per dev session, so it isn't *that* annoying. But only Visual Studio is running as admin, the rest of my system (i.e. my browser) is still "protected" by using a limited account.

Re:Duh?

[FictionPimp]

Not only that, but you can always run as. In my day to day job I run as a standard user. I frequently launch server manager as a domain admin users for admin related tasks. I have not ran as a local or domain admin on windows 10 ever.

Re:Duh?

On a work laptop, I can write to my 'c:\Users\\Documents' folder, but if I try to access it via the various shortcuts on the left of the file manager, I am denied access. No UAC, even though I have the password for that. The permissions on the thing vary based on the path you access it by? That's messed up.

I realize this is Slashdot and we have to hate Microsoft and Windows, but what you described doesn't happen on a normal system. It's like the users on this site become complete Luddites when dealing with a Windows machine.

Re: Duh?

[Gadget_Guy]

That's all well but why would you want Windows ? Assuming you have the choice.

Because despite what people around here say, Windows is simply good enough. I have a mix of different operating systems, and have no problems switching between them because they all offer the same basic facilities.

Re:Duh?

It wasn't an exaggeration for emphasis, it was a lie.

Re:Duh?

That's not an account type issue; something is seriously borked on your system.

Um... so "Borking" is the process of rejecting as unqualified as qualified nominee during the US Senate confirmation process because you disagree with their politics. It derives from Supreme Court Nominee Bork, a Yale Law professor and Federal Circuit Judge whose attempted appointment started the hyperpartisanship that has been a hallmark of many confirmation hearings since.

Re: Duh?

Didn't answer the question. Why would you want windows? Certainly not because "it is good enough". Other systems are good enough too, so why would you want windows specifically?

Also, windows aren't good enough - it is not secure. Might be good enough for some if it didn't have these security issues. . .

Re:Duh?

[benjymouse]

Windows still runs the GUI as part of the kernel?

No. The GUI runs under the logged-in users non-elevated account, i.e. even if you log in as an administrator, the administrator privileges are stripped from the user token that is used for the desktop (GUI) process. (the explorer.exe process).

On the driver level, graphics drivers are split in two: A (hopefully) smaller kernel part as well as a user-mode part. This split is for reliability and security. By keeping the kernel mode small, the developer can limit the attack surface and maximize reliability. A memory corruption bug in the user-mode part can at the most cause the specific application to fail.

Re:Duh?

[prunus.avium]

Many, many people. Especially anyone who plays games.

Even my kids have admin access now since online games require patches be downloaded and written to system locations.

Re:Duh?

[Gadget_Guy]

That's nice, but the Swedish Chef predates Supreme Court Nominee Bork by a decade. The Muppet Show had a greater worldwide impact than some parochial bit of politics.

Re:Duh?

[Gr8Apes]

I'm sorry, but I think that is completely wrong.

And you'd be wrong.

Exactly how does Windows starting with maximum permissions actually manifest as a real world example?

It's the root of all buffer overflow, DLL injection, and any other type of attack. IOW, this is not hypothetical, but a real world issue. You should also note that Windows last I looked suffers from the largest number of severe or higher level security issues. That would be the type of security issues where the machine can be compromised. Most of those don't care about what user account you're running from, precisely because of this problem.

If you start with a basic account, you don't have to whittle away its rights; it is low by default. If you want it to be a higher access account then you add it to the Administrators group. Then it inherits the additional permissions. This is the opposite of what you described.

Where you might be getting confused is that the permissions system allows for both Allow and Deny settings, but it is extremely rare to see Deny being used. For an example of how Deny works, if you wanted to create an account that could install software, but not edit the firewall settings, you would add the Administrators group to the account and then Deny edit rights to the firewall. Deny is only useful AFTER you have raised the account's permissions from the default low settings.

And this is where you're confused. How do you think you get that higher permission process? It's because you have access to calling a process with system privs as a regular user. But you don't even need that access to break security. Your regular "low-priv" user process still has the ability to inject DLLs. A simple DLL injection with a method overriding an existing DLL method that is called with a system priv process, which you can also accomplish simply with your "low-priv" user process, is all it takes to break out of the security sandbox. (This was actually a recommended process for having a true no privs process effectively elevate a security token within its process. This is a terrible hack, btw, and just shows how bad security in Windows really is) The approach we used was to create a separate service process that had privs setup to solely spawn a new process with the permissions we needed to effectively do what we needed to do without completely opening up the system to all sorts of potential escalation attacks. While somewhat clunky and spawning multiple processes and having to deal with IPC, this was still a better approach security wise than all other options under windows. AFAIK, those servers still haven't been hacked through our processes.

So no, the "non-privileged" user in Windows really isn't a non-privileged user in the sense of what they can do security wise, unless and until you completely lock down the machine to the point that it is effectively a kiosk with only a single directory available for read-write with limited applications available none of which have code execution capabilities nor network access capabilities. It really is that bad.

Re:Duh?

[Gr8Apes]

If you have the ability to run arbitrary code, see other post for details on how and why you're still not secure.

Re: Duh?

[Gadget_Guy]

Familiarity. I've been using Windows since Windows 3.0, so I'm very familiar with the interface and the way the systems works behind the scenes. Over the same time I have used Unix, FreeBSD, and quite a lot of Linux distributions. Because there was such a variety in the *nix side of things, all of which worked differently from other similar operating systems, I actually find that I am quicker getting stuff done in Windows. Windows 8 nearly ruined this with its stupid modern UI, but I have been able to ignore most of that and stick with the old desktop.

It's what I use at work, so programs that I use (and write) at work can also be used on my home systems. Also, when buying software (especially games), Windows is the better supported platform. For open source stuff, the situation is reversed, but I most of the software I use also has Windows versions too. I am gradually moving my standard selection of programs to cross-platform versions so I can one day migrate from Windows. The only reason why I would do this is because I don't trust the direction that Microsoft is taking these days.

PowerShell. This is one of the things that keeps me on Windows; I just love PowerShell. Sure, they released an open-source, cross-platform version, but to get the best out of the shell you really need to run it on Windows.

Despite what you say, security is definitely good enough. Since the release of Service Pack 2 for XP, every version of Windows has gained more security features. I haven't had any malware problems since I upgraded to XP (which happened after SP2 was released). It helps that I have always used limited user accounts (like this article says). Of course, I don't go running random programs that get emailed to me, but then I also wouldn't do that on Linux either because I don't just assume that it is that much more secure than Windows.

Re:Duh?

[cyberchondriac]

There are some apps that don't respond properly with UAC; I had to use admin for my son's computer (he only had user status as he was 13 at the time); for some things, I had to switch logon and login as administrator. Couldn't even "run as administrator". Pain in the butt.

Re:Duh?

[TechyImmigrant]

On a work laptop, I can write to my 'c:\Users\\Documents' folder, but if I try to access it via the various shortcuts on the left of the file manager, I am denied access. No UAC, even though I have the password for that. The permissions on the thing vary based on the path you access it by? That's messed up.

I realize this is Slashdot and we have to hate Microsoft and Windows, but what you described doesn't happen on a normal system. It's like the users on this site become complete Luddites when dealing with a Windows machine.

It's a work system. It has whatever IT did to it, which is a spattering of the usual anti-virus stuff. It happens. Should I think better of Windows because it doesn't happen to some other people?

Re: Duh?

[nosfucious]

I call bullsh*t.

Professional Windows Administrator (3000 boxes in 20 countries in EMA).

I maintain 4 Windows accounts, (1) my user account with "email" and "sip" account. This does not even have local admin on my box and I work just fine. (2) Administrative Account, but NOT Domain Admin account. This is account that will have admin rights on servers and some delegated AD permissions. This account only does "admin" activities, eg - user account creation, check event logs, and mostly by powershell script - on a server that I never, ever browse the internet on. This server has Internet Explorer locked down and only admin utilties on it. From time to time I need this account to log in to server desktops by RDP to get specific tasks done. This admin account is never used to do "user" type activities - eg open word files or fill in HR forms. (3) A Domain Admin account - 99% of the time this is changing DNS entries, and (4) Enterprise Admin - with 99% of the time is publishing a new certificate template, with 1 time per year upgrading the AD Schema.

No admin account has access to my email and vice versa. I show VIPs that not even I run as Administrator and the "but ... but, but I need it" arguments drop like flies.

Re:Duh?

[michael_wojcik]

I call it user laziness. I run both my work and personal Windows machines with UAC set to the strictest setting - prompt for credentials on the secure desktop - and I do quite a lot of work that requires occasional admin privilege (such as running builds that require local admin rights during the installation phase). It's not onerous.

People have been living with manual, explicit privilege elevation for decades: runas on older Windows releases (and add-ons for even earlier ones), su for UNIXy systems, operator terminals for mainframes, and so on. The modern era of minimal-effort click-a-button elevation is a trivial cost for significant protection. (UAC isn't a security boundary, but it blocks a lot of less-clever exploits). Anyone who can use a computer can quickly learn how to use it.

There's really no excuse.

Re:Duh?

[FictionPimp]

So every linux distro is also insecure with sudo and su?

Not viable on Windows 10

as it is on macOS. On W10, for some things it will ask you to identify as an admin, and proceed, and for other things it will just fail instead, either forcing you to relog as admin, or to enable admin for your main account. They couldn't even make this work.

Re:Not viable on Windows 10

[Alcemenes]

I think you hit the nail on the head right there. I've always felt the interface to gain admin on Windows has been clunky and inconsistent at best.

Re:Not viable on Windows 10

[aaarrrgggh]

It is very much on par with recommending not to plug the computer in to improve security. Too much of the system still requires administrative rights for it to be viable.

Re:Not viable on Windows 10

[murdocj]

This sounds like BS. I used an ordinary user account on Windows 7, I'm an ordinary user on Windows 8, no problems. Hard to believe they broke it in Windows 10.

Re:Not viable on Windows 10

[The+MAZZTer]

Microsoft tried going further. They called it Windows RT. Nobody bought it. They're trying it again with Windows 10 Cloud. I have a feeling nobody will buy that either.

Re:Not viable on Windows 10

[MatthiasF]

AC is full of crap. Never had issues with Windows 10 and having a separate admin account (which is the best policy no matter the operating system).

As far as the article, I agree with Avecto's findings. On any computers I have setup for others, I have always setup a separate admin account from the working user account and made sure the latter did not have admin rights. For some people I simply made this account without a password or something very simple they could remember easily. In either case, simply requiring that extra 10 seconds of thought and the dialog not being a "yes/no" question will stop nasty stuff from happening.

Re: Not viable on Windows 10

In MacOS the constant prompts to type your admin password are extremely annoying. Windows does it right. You are just an Apple fanboy. Enjoy your one-button mouse and cartoon-like 1990s-style GUI animations.

Re:Not viable on Windows 10

[quonset]

This sounds like BS. I used an ordinary user account on Windows 7, I'm an ordinary user on Windows 8, no problems. Hard to believe they broke it in Windows 10.

They didn't. I have my dad set to a general user account on his W10 machine and he has zero issues. Every program runs perfectly, even the one in DosBox.

On those occasions something needs installed or updated, I log into the administrator account, take care of it, then log off. Not a single issue so far.

Re:Not viable on Windows 10

Not really a surprise here. Windows requires admin rights to do just about anything. And the worst part is that there is no way to mitigate or turn off the spyware that is built into Windows 10...M$ even finally admitted that! Even in the "enterprise" version, making it NOT HIPPA compliant!!

People even bought the BS that some of the spyware can be disabled, but even with everything supposedly turned off that could be turned off, the same amount of traffic is going to M$ servers, the settings make no difference. And M$ will not tell exactly what data is being collected, that makes it even more suspicious!

And some folks will scream BUT GOOGLE...or BUT APPLE... at least Google is more open that data is being collected , what is collected and what it is being used for, at least with a little research.

Re:Not viable on Windows 10

No you're full of crap, or you're just dumb. It's one or the other. The point that was made was that you can do it if you keep switching accounts, which is cumbersome, but the convenient way of always using your regular account and only identifying as admin when needed does not work. Is that simple enough for you to understand?

Re: Not viable on Windows 10

Windows does it right by forcing you to be admin at all times? Are you well in the head? It's a matter of convenience, regardess of what system you use, but this convenience is factually and definitely only available in macOS. W10 will FORCE you to either be admin with all the security issues, or keep logging between accounts, period.

And what has one-button mice and cartoon-like 1990-style GUI animations to do with anything? You're clearly not well in the head.

Re:Not viable on Windows 10

[tsa]

This. It just doesn't work.

Re:Not viable on Windows 10

Set the run as admin for those programs that don't trigger UAC for success in life. Set it in the program settings for permanence. Access them from the program icon for happiness.

Re:Not viable on Windows 10

[aaarrrgggh]

Generally it is an application specific issue rather than an OS issue (although the way it works in OS X basically assumes the user is an administrator). Some updates can be addressed by a domain admin, but it is still a mess with AutoDesk and Adobe products, along with many software packages that are not multi-user aware.

Re:Not viable on Windows 10

[Gadget_Guy]

Too much of the system still requires administrative rights for it to be viable.

That is utter nonsense. It is such a shame to see this modded as informative, because it is completely misleading.

I have use standard accounts since Windows NT 4.0. Now that was a pain, but every single version of Windows has made the process easier than the last. The biggest improvement was the UAC that prompts for the admin password when needed. Some badly written software can still cause problems like programmatically checking that the current user is an administrator and giving an error message if not. This means the UAC doesn't get a chance to kick in.

But those programs are few and far between, and you can usually manually launch the program as admin by holding the shift key down and right-clicking on the program (or just change the icon's compatibility settings to run as administrator if the program has been installed). It is incredibly rare that you ever need to actually log in using the administrator account. Temporary elevation is usually enough (the equivalent of *nix sudo).

Re:Not viable on Windows 10

[arth1]

AC is full of crap. Never had issues with Windows 10 and having a separate admin account (which is the best policy no matter the operating system).

I would argue that not relying on a tie between accounts and privileges is a better policy. It may take more work to set up something like selinux and capabilities, but not a lot of malware or Oracle scripts (but, I repeat myself) can deal with that.

Re:Not viable on Windows 10

[Gadget_Guy]

No you're full of crap, or you're just dumb. It's one or the other.

That's very rude, and especially funny since you are wrong.

The point that was made was that you can do it if you keep switching accounts, which is cumbersome, but the convenient way of always using your regular account and only identifying as admin when needed does not work.

You don't need to switch accounts. If you are changing a system setting or installing software as a standard user, the system prompts for a password. You do not need to log out of your standard account, you just type in the password and keep working as if you had logged in as an administrator account. It does actually work, and only takes a second to type in the password. Perhaps you should actually try it yourself since you obviously don't know how the system works.

Re:Not viable on Windows 10

[tepples]

I have my dad set to a general user account [...] On those occasions something needs installed or updated, I log into the administrator account, take care of it, then log off. Not a single issue so far.

Can you do that remotely on the home version, or do you need to be physically present? Because if it's Saturday evening, and your city doesn't run buses on Saturday evenings or Sundays (as Fort Wayne, Indiana, doesn't), it might be a long wait before you can be present at dad's computer.

Re:Not viable on Windows 10

What they're trying to say is that there are situations where this will not work, where Windows will not ask you for the password, but just fail instead, thus concluding that for some things your account MUST have admin rights.

Re:Not viable on Windows 10

[jader3rd]

I have had the opposite experience. Once I started running on Vista I created my account and a separate admin account. I have all of my extended family doing the same. It is very much doable. The only thing that I had to run, logged in as the admin, was a diagnostic tool from Dell. Besides that UAC prompts work.

Re:Not viable on Windows 10

[jader3rd]

Can you do that remotely on the home version, or do you need to be physically present?

You don't need to be present. UAC prompts work through Windows Remote Assistance.

Re:Not viable on Windows 10

How do you run a program as an administrator with a different account in windows 10?

Without first logging in as that user

Re:Not viable on Windows 10

[Gadget_Guy]

What they're trying to say is that there are situations where this will not work, where Windows will not ask you for the password, but just fail instead, thus concluding that for some things your account MUST have admin rights.

And what are those unspecified situations? Because I can't think of anything right now, and especially not something that I would need to run often enough to purposefully undermine the security of my system by running as an administrator account all the time..

Re:Not viable on Windows 10

[Gadget_Guy]

How do you run a program as an administrator with a different account in windows 10?

If it is on the start menu right click on it, then on the pop-up menu choose "More->Run as administrator". If the program is an icon on the desktop or an executable file then right click on it and choose "Run as administrator". If you always want to run that particular program as an administrator, then right click on the desktop icon or program file and choose Properties. Under the Compatibility tab, select "Run this program as an administrator".

Re:Not viable on Windows 10

[aaarrrgggh]

That works for a limited set of applications, mainly for things whose rights were "broken" from standard behavior-- I can think of a few tasks in the command prompt that would fit in that gpcategory. Those changes by Microsoft were an improvement to security, hands-down.

But, about half the applications I use in Windows require administrator rights to work. Some of these center around DRM/Licensing controls, some are likely just lazy, and some are because the software was never designed for multiple user mode. With the latter category, an administrator often can "fix" the install so it works for an additional user, but only on a one-by-one approach.

So, at least for me specifically, a Windows box without admin rights ends up being as useful as an unplugged computer. I do not appear to be unique in this category.

Re:Not viable on Windows 10

[Gr8Apes]

They can't make it work. Windows core architecture is fundamentally broken and insecure. See MS's documentation about security tokens and permissions. You can only unmask permissions since 2008R2. This means that your process starts with max permissions and is masked to reduce it. Totally unlike the authentication/authorization and security elevation process in pretty much every other system out there.

Re: Not viable on Windows 10

Kindly explain to me how Windows is not HIPAA compliant? Oh wait, you can't because your just blathering utter bullshit. Which, praytell, of the 18 points of personally identifiable patient data that are part of the HIPAA security rule are being transmitted with the telemetry data? That's right, it's approximately nine of them.

You don't like the OS? That's fair. But when you just make up factually incorrect reasons why you don't like it then that just makes you look like and idiot.

Re:Not viable on Windows 10

[Gadget_Guy]

But, about half the applications I use in Windows require administrator rights to work.

You should probably name and shame those applications then, because they are the problem; not Windows.

I would add an extra reason to your list of why some programs require administrator rights: stupidity. The accounts software that we used for many years required administrator rights to run. It annoyed me because I could not see why it would be required. Upon inspection, I found a *.MANIFEST file in the install directory. It had a setting of something like userLevel=highestAvailable. I changed this to asInvoker and it no longer gave a UAC warning. It worked perfectly without those additional settings.

There is no need to shame them because they fixed this in a later version. But how stupid was it to insist that your accounting computers were more vulnerable to malware than they needed to be.

Re:Not viable on Windows 10

What they're trying to say is that there are situations where this will not work, where Windows will not ask you for the password, but just fail instead, thus concluding that for some things your account MUST have admin rights.

And what are those unspecified situations? Because I can't think of anything right now, and especially not something that I would need to run often enough to purposefully undermine the security of my system by running as an administrator account all the time..

I have seen badly written programs that required admin rights to run, but I can't recall any specific names.
We used sysinternals tools while trying to run the app as an ordinary user and were able to see what the program was dying on.
It was always some file or registry permissions that could be fixed to give the program what it needed to run as a user.
We never had to give any user local admin rights - we just fixed the app's environment.

We have had applications that required admin rights for the services that they installed, but the point of that is the service had the rights to do the work, not the user.

Re:Not viable on Windows 10

The biggest improvement was the UAC that prompts for the admin password when needed.

The biggest flaw in UAC is that if your executable is called setup.exe, you'll always get the UAC prompt and there is no option to cancel and run as regular user!

I found a way to disable with gpedit.msc but... FFS, Microsoft, what were you thinking?

Re:Not viable on Windows 10

[AC-x]

and for other things it will just fail instead, either forcing you to relog as admin, or to enable admin for your main account

Right click, select "run as admin". For the few system management apps that don't prompt for admin themselves that's all you need to do. No need to relog or change permission settings.

Re:Not viable on Windows 10

[rtb61]

I seems I must remind everyone. Windows 10 admin rights can not be turned off. Sure you can knock out your 'limited' admin rights but you can not shut down M$'s over arching admin rights which they demand and have basically implemented as a root kit implement, that is impossible for you to remove. So great big ole fat lie, you can not longer shut down admin rights, except your own, specifically 'limited' admin rights, as one you install windows 10, you surrender all your rights to M$.

Re:Not viable on Windows 10

How so? It functions exactly the same as older Windows in this regard.

Stop the FUD

Re:Not viable on Windows 10

[benjymouse]

They can't make it work. Windows core architecture is fundamentally broken and insecure. See MS's documentation about security tokens and permissions. You can only unmask permissions since 2008R2. This means that your process starts with max permissions and is masked to reduce it. Totally unlike the authentication/authorization and security elevation process in pretty much every other system out there.

No, your process starts with a *masked* token. The security subsystem creates *two* tokens when you log in: One with all of your privileges and one where "admin" privileges has been masked out. Switching from the masked token to the unmasked token is called *elevation*.

The desktop process (explorer.exe) and any process that you launch will *by default* use the non-elevated token. This means that by default none of your user processes have admin privileges, even if you logged in using a admin account. It is understandable that someone only familiar with the Linux/Unix model does not get this at first, because Linux/Unix do not have *tokens*. The *nix model can only describe the permissions of a process through an "effective user" - i.e, a reference to an account. No token.

On Windows, each process has a security token which by default is inherited from the parent process, but may differ. This is not possible on *nix where you need to refer to some user id to describe the privileges indirectly.

An executable's manifest may indicate that the it needs certain admin privileges when executed. In that case, Windows will look up to see if your *unmasked* token fits the required privileges. If it does, Windows will prompt you for consent to use the elevated token. If you approve, the new process is launched with the elevated token that was created and stored when you logged in.

Re:Not viable on Windows 10

[benjymouse]

What they're trying to say is that there are situations where this will not work, where Windows will not ask you for the password, but just fail instead, thus concluding that for some things your account MUST have admin rights.

Oh you mean how apt-get will fail if I forget to run through sudo? Is that a Linux problem

Re:Not viable on Windows 10

[Bob+the+Super+Hamste]

I can think of some but that is usually really shitty software that does its own checks instead of using the OS checks. It then has a hard bail out and UAC never prompts to elevate privileges. There are a few programs that I have run into that do this but then I just right click on them and run as administrator anyway which then brings up the UAC prompt before the program starts and things work. It is most often installers of older software that have this problem and I haven't seen it in a while so I am forgetting the few that I have seen do this.

Re:Not viable on Windows 10

[Gr8Apes]

No, your process starts with a *masked* token. The security subsystem creates *two* tokens when you log in: One with all of your privileges and one where "admin" privileges has been masked out. Switching from the masked token to the unmasked token is called *elevation*.

What you describe is true for a user with admin privs. This is not privilege elevation of the type I'm discussing, where you can actually temporarily elevate a process's permissions to, for example, do 1 task as an admin and then drop back into normal priv level for the remainder. This used to be possible in windows prior to the 2008R2 release, albeit somewhat clunky and difficult. It is still possible if you drop into serious hacking, but you'll be working around system processes to do so. The recommended workaround is to use a separate process launching process to create a new process with the appropriate permissions, execute your task, and then said process ends.

Note that my processes that I'm discussing have significantly less than regular user permissions. I don't run wide open like a regular windows user.

Re:Not viable on Windows 10

[michael_wojcik]

I have use standard accounts since Windows NT 4.0.

Same here. In fact, I think it was even possible to do this in NT 3.5, though if memory serves only console-mode applications could be elevated in that release, and even that required a third-party utility (unless you wanted to write one yourself).

Re:Not viable on Windows 10

[elfprince13]

I've even had stuff where it asked me for admin credentials and then still failed.

Re:Not viable on Windows 10

You must have never used linux in the last 20 or so years. Linux not only has SE (Security Extensions) that provides granular security tokens, but even if you don't have SE installed, you can use capabilities. I've used them extensively for securing a system. For example, I routinely give a program (a service) access to CAP_NET_BIND_SERVICE. This flag allows a process to bind to privileged ports (ports 1024 and lower) WITHOUT having to give the program full root access. And unlike windows, these capabilities are actually per thread and not per process (although in linux, threads are just processes that completely share memory, they have a separate pid)

See: http://man7.org/linux/man-pages/man7/capabilities.7.html

Re:Not viable on Windows 10

And human beings are supposed to understand this -- how? Why does Microsoft make using one's own PC so arcane. Their designers have no UI skills or consistency whatsoever.

only one problem..

the way the MS system is designed: having no admin rights = a computer that's basically a paperweight.

Re: only one problem..

Lol. Guess you never worked at a company that uses windows. See they have this thing called a domain. And the windows pc is joined. Then they have this thing called a user. They let employees have this. Then when developers like me want to install anything I have to ask fuck face neck beard to do it.

But no vulnerability... besides the back of fuck face neck beards skull from the large pc case crushing it.

Re: only one problem..

LOL.

Re: only one problem..

[haruchai]

Lol. Guess you never worked at a company that uses windows. See they have this thing called a domain. And the windows pc is joined. Then they have this thing called a user. They let employees have this. Then when developers like me want to install anything I have to ask fuck face neck beard to do it.

But no vulnerability... besides the back of fuck face neck beards skull from the large pc case crushing it.

We have an AD domain & ~10,000 users 95% of whom don't have admin rights. But judging by the number of malware infections and re-imaging I see reported, they seem to be really, really good at finding the 6% of cases where Windows without admin rights doesn't work.

Re: only one problem..

You can mitigate most of that 6% by blocking things from running from %temp% and %tmp% via Applocker, FWIW. (This is what we've done where I work, a place with ~2,200 users and 6 admins.)

Re: only one problem..

Sounds like your admin team, by which I assume you are part of, is fucking incompetent.

Re: only one problem..

It's honestly give and take. Every place I've dealt with in my career is big enough to have some kind of IT department, and the machines are totally useless for developing. Then, they'll have some dev boxes that basically have no internet access (or access by proxy), but that the developers have full control over. This works fine as long as what you are doing doesn't actually require internet access: I suspect those programs have their own way of doing it.

Re: only one problem..

And that domain does it come with Norton anti-virus? Oh, it's for companies only and not available for home users with cheap laptops.

Just to be clear what that means

Most Windows vulnerabilities can be mitigated by removing admin rights.

Re:Just to be clear what that means

[arth1]

Most Windows vulnerabilities can be mitigated by removing admin rights.

Most vulnerabilities can be mitigated by removing ignorant users.

Re:Just to be clear what that means

[cyberchondriac]

But then you'd have no employees left. There really should be some level of basic training required/supplied, but most places just won't do it, even if took just an afternoon.

Re:Just to be clear what that means

[arth1]

But then you'd have no employees left. There really should be some level of basic training required/supplied, but most places just won't do it, even if took just an afternoon.

Unfortunately, getting people to switch to a critical and questioning mindset takes more than an afternoon. For many, I don't think it can even be done. This makes protecting the business from its own employees a necessity countermeasure, as long as you can't segment off the insecure users.

Re:Admin?94% of new windows users?

I would guess most general "users" just create the default account on their windows 10 box and leave it at that. Default account being,,,ummm,,admin..

Great if..

The company buys into this and supports implementing a system of packaging and deploying applications are updated in the background or that users can request and install with our being prompted for an admin user. And setting up processes and procedures for users to request non standard apps, have it approved, and can call a helpdesk to who can then remote desktop the system and type in an admin login to get it installed.

I've worked at one company that did this, and it worked well because they set out to do this properly. Every other place I've worked puts this into the too hard basket, and users are made local admins.

Also in the news

[Opportunist]

94% of all programs won't run properly without those rights.

Unfortunately for the longest time developers for Windows got away with not giving half a shit about security. To make matters worse, when MS finally decided to tighten the screws, they went overboard by a long shot. You cannot even install a simple program without elevated rights.

And to make matters worse, "elevated" means "full access, anywhere". There is no granularity, it's only "can't do jack shit" or "total control". You cannot open up the program files to install a normal program without also giving that program the ability to drop a low level driver into your system.

Then again, if that worked, a lot of people would probably notice just WHAT kind of crap their beloved games barf into the deeper intestines of their computers for the sake of the all holy DRM.

Re:Also in the news

I don't know if Adobe does it still... but at one point they were using "extra space" in the MBR to store part of their DRM...

It isn't just games that go overboard with DRM

Re:Also in the news

[murdocj]

Nonsense. I run as an ordinary user and I rarely have to run anything as admin. Games don't require admin.

Re:Also in the news

[HuskyDog]

My wife's PC and my daughter's Mac both operate on the principle that they only have user accounts and I have access to a separate Admin account for doing things like adding software. Neither of them has ever experienced a problem which could be solved by giving their accounts higher privileges. Perhaps we have been lucky, or perhaps their requirements are modest.

Re:Also in the news

[KiloByte]

Hell yeah. Especially browsers have never, ever a reason to run as root.
-rwsr-xr-x 1 root root 18768 Feb 19 21:17 /usr/lib/chromium/chrome-sandbox

Re:Also in the news

Simple programs can install without admin rights. Heck, you can install Chrome without admin rights, just by installing it to your user folder instead. It used to offer it, but Google likes to take advantage of any existing admin rights by installing system-wide services that run on boot. But if you decline to give it admin rights during install, it happily installs to your user folder instead, sans the automatic system-wide stuff.

Nearly any simple software needs no admin rights, like Notepad++ for example.

When you do need it, it's easy enough to right-click and "run as admin". I haven't seen a great many things that need the user to *always run as admin*, and it typically works well with the LPU model that's the default mode for UAC.

Re:Also in the news

[Dracos]

All of this leads to the conclusion that Microsoft's approach to security is fundamentally broken. This isn't new in Windows 10, it's been that way since they first decided to implement user accounts.

Re:Also in the news

[robmv]

It is true on the consumer side, they try at least to follow the minimal requirements to be a good Windows application. the business world on the other side is awful. Applications that don't work if you install on Program Files, that you need to add write permissions to the installation directory, or that need read write permissions on server shares. This is too common on small business targeted applications that I have lost count on the ones I have seen.

A lot of Windows developers have no idea what %appdata% and %localappdata% are (and related directories with user write permissions.

Re:Also in the news

Except when you are trying to use a browser to update some system component. Which you could argue is a bad idea by itself, but in this dumbed-down world we live in, opening any kind of command window is never to be done.

An example of this is that Microsoft for years did Windows Update via an ActiveX browser plugin.

Re:Also in the news

[tomhath]

At least a few companies tried that. Needless to say, the conflicts caused all kinds of problems.

Re:Also in the news

[murdocj]

Hmmm... I'll just say that back in the 1990s I was worked on an end to end full suite of apps in a particular industry, and I recall going thru the work THEN to make sure that everything worked as an ordinary user, because we had a major customer who didn't want to give its users admin rights. I'm having trouble believing it's still the norm to hand out admin, or that there are a lot of applications that insist on installing in particular directory. But maybe I've led a sheltered life.

Re:Also in the news

> You cannot open up the program files to install a normal program without also giving that program the ability to drop a low level driver into your system.

And quite rightly too.

Try opening up /usr/bin on Linux to install a program. You're going to need to be root for that.

Or did you want malware, viruses, etc, to be able to use browser bugs to install/replace programs like "ls" when you run firefox?

Re:Also in the news

[LinuxIsGarbage]

94% of all programs won't run properly without those rights.

Unfortunately for the longest time developers for Windows got away with not giving half a shit about security. To make matters worse, when MS finally decided to tighten the screws, they went overboard by a long shot. You cannot even install a simple program without elevated rights.

Millions of corporate PCs run with users having user-only access, and it works fine. Browsers, media players, CAD programs, Office suites, all work fine.

In my experience the only programs that "have" to run admin rights are:
-Low level tools eg: CPU-Z. This is expected as it needs to load low level kernel drivers.
-Installers. This is expected as they are writing in common subdirs. In Linux you need elevation too. "Sudo apt-get install"
-Old programs that were coded without any thought to admin rights.

A lot of times the old programs can be worked around. Either the users need write access in the program's "Program files" subdir, or users need write access to an HKLM registry key. These are the result of sloppy coding.

Since Vista was introduced 10 fucking years ago applications have been better coded at not requiring admin access at run time unless absolutely required.

With Windows 7 Microsoft transparently hid the UAC dialog's for a lot of system tasks. eg: If the user is admin, and wishes to set the clock, they can without UAC prompt.

UAC is also easier than sudo or OSX. You just have to click the fucking yes button, you don't even need to enter your password.

Re:Also in the news

[Kaenneth]

Windows Store apps can have granular control...

Re:Also in the news

My experience has been just the opposite. I run my personal Windows boxes as non-admin with zero issues. Rarely do I get a UAC window to enter the admin's password, and when I do (installing something or doing something comparable), it's 2 seconds to type the password and it's done. My wife, who is completely non-technical, has her PC configured to automatically boot into her non-administrator user account. It's set up to automatically update Windows, Office, Microsoft's AV, and Flash, and it just works. She doesn't even know the admin password. She has zero issues. She just uses her PC.

Re:Also in the news

[LinuxIsGarbage]

I'm pretty sure with Vista, 10 years ago, where there was the push to run users as non-elevated, a lot of developers smartened up.

Re:Also in the news

[AmiMoJo]

"94% of all programs won't run properly without those rights."

This has not been true since Vista.

Vista introduced virtualization for the filesystem and registry. Apps would think they had admin rights, when in fact they were sandboxed and contained.

These days most apps run fine without admin rights. You can install them and run them without any special access. Older apps that attempt to access protected paths like Program Files and the registry actually write to special per-user and per-app hives.

If an app really needs admin rights you get the dreaded UAC prompt.

This is why Vista was so painful. Too many UAC prompts, the virtualization was slow... But it was necessary.

Re:Also in the news

[tepples]

Games don't require admin.

Unless they use third-party digital restrictions management.

Re:Also in the news

[Gadget_Guy]

You just have to click the fucking yes button, you don't even need to enter your password.

That only works if you have an administrator account. Standard users do have to type in a password.

Re:Also in the news

This.

It really hit the fan a long time ago with games like Runaway which installed a DRM driver which caused the PC to crash. Absolute POS.

If people could actually see and understand what installers did to their pc they probably would not instal half the software. I certainly don't on my phone when the permissions are excessive. A web browser needing the ability to create and modify accounts on a phone? Geez.

Re:Also in the news

> Especially browsers have never, ever a reason to run as root.

I guess you guys all read from the same playbook or some shit?

Look to the previous discussion (browse at 0 or -1 for the whole discussion) for enlightenment: https://slashdot.org/comments.pl?sid=10291591&cid=53929975

Key questions: How is the chrome-sandbox executable actually used by the Chrome/Chromium software? What does the chrome-sandbox executable actually do? Why aren't you freaking out about Apache or ping?

Re:Also in the news

You fucking moron. Standard users don't have admin credentials. OF COURSE THEY HAVE TO TYPE ADMIN CREDENTIALS IN.

Re:Also in the news

[Gadget_Guy]

You fucking moron. Standard users don't have admin credentials. OF COURSE THEY HAVE TO TYPE ADMIN CREDENTIALS IN.

Did you even read the part that I quoted from the grandparent, which said that you didn't need to type the password in? Obviously not. It's kind of weird that you call me a moron because I am correct.

Re:Also in the news

Even games without DRM, one of the first things I always tried was "Run as Administrator". That would fix it like a third of the time.

Re:Also in the news

I actually have some games that use SafeDisc or something. You need to launch them as admin first [1] -- the DRM extracts and installs some temporary virtual device -- and once you've done that, you can quit the game and re-launch as normal user. I usually don't even have the CD in the drive when I do the initial launch (so that the game quits immediately.)

Microsoft Flight Simulator 2004 and Need for Speed Underground are the games.

I've also managed to make a couple of games run as non-admin by hacking the relevant registry permissions.

[1] I use the shift+right-click, "run as admin" trick.

Re:Also in the news

False.

Re:Also in the news

[prunus.avium]

Depends on the game. Standalone installers usually require admin to install but then you can play as a normal user. The trouble is that most of the games my kids like to play are online so require updates.

Also, some of the online games require elevated access to handle the network connections.

Re:Also in the news

Hell yeah. Especially browsers have never, ever a reason to run as root.
-rwsr-xr-x 1 root root 18768 Feb 19 21:17 /usr/lib/chromium/chrome-sandbox

Bit wrong on this one. The binary is "owned" by root. You as a user only have read/execute rights the second set of permissions "-xr" and then "everyone" "-x". This doesn't mean the file runs as root. If you run ps -ef | grep chrome-sandbox while chrome is running you will see it is running under your user account. I don't use chrome but note the return for firefox running on my machine.

bo@nomachine:~$ ps -ef | grep firefox
bo 8815 1 6 14:16 ? 00:00:23 /usr/lib/firefox/firefox http://clicks.slashdot.org/c.html?ufl=c&rtr=on&s=x8pb08,2rca4,10sc,1u0z,ejax,honh,dsd

The binary firefox is owned by root but it is running under bo the user which has no root rights.

Re:Also in the news

[michael_wojcik]

94% of all programs won't run properly without those rights.

Bullshit. I wish rubbish like this wouldn't keep getting modded Informative.

You cannot even install a simple program without elevated rights.

Many programs can be "installed" without elevation, by avoiding the MS installation model and secured parts of the filesystem tree. There's a huge range of Windows software that's packaged as a simple zipped executable. Microsoft even has some - most or all of the SysInternals collection, for example.

And to make matters worse, "elevated" means "full access, anywhere". There is no granularity, it's only "can't do jack shit" or "total control". You cannot open up the program files to install a normal program without also giving that program the ability to drop a low level driver into your system.

There's plenty of granularity. You just have to know how to manage it. Security policies and group policies, for a start. And programs can drop privileges they don't need.

Look, I'm perfectly happy to admit that Microsoft hugely bungled the permissions model from the original NT 3.1 release on up. The underlying thread-token-and-permission mechanism isn't bad, and has a lot more granularity than the classic UNIX one.[1,2] But with the initial release they made it essentially unusable. NT 4 made it usable but pretty much only for determined experts, and meanwhile they continued with the Win32-based line of completely insecure customer OSes and let stupidly insecure software flourish. It wasn't until Vista and UAC that they started to get things out of control, and then they had both a user base and a software base that were utterly unsuited for it.

But it does no one any favors to pollute the discussion with myths and half-truths.

[1] Not including the various attempts to introduce fine-grained privileges into UNIX, which go back to at least SVR4, and have in some cases had some success.

[2] Mind you, some of the privileges are still mind-bogglingly stupid. You need SeDebugPermission - which is local-admin-equivalent - to be alerted when another process exits, for example.

Re:Also in the news

[KiloByte]

-rwsr-xr-x 1 root root 18768 Feb 19 21:17 /usr/lib/chromium/chrome-sandbox

Bit wrong on this one. The binary is "owned" by root.

And thus, via the setuid bit, a process that execs this file gets full root privileges.

You as a user only have read/execute rights the second set of permissions "-xr" and then "everyone" "-x".

Eh? What "-xr", what "-x"? The permissions are: group "r-x" which doesn't matter as you don't belong to group root and the file isn't setgid, and others "r-x" so you can execute it.

This doesn't mean the file runs as root.

That's exactly what setuid means. The process can then shed its privileges, but a browser shouldn't need them in the first place.

Turn it off

[krray]

I found it a whole lot easier to just turn Windows off.

Re:Turn it off

[OzPeter]

I found it a whole lot easier to just turn Windows off.

I prefer to get paid.

Re:Turn it off

I found it a whole lot easier to just turn Windows off.

I prefer to get paid.

I do both. No Windows, regular paychecks. Living the dream.

Re:Turn it off

I found it a whole lot easier to just turn Windows off.

I've spent this weekend trying to repurpose an old laptop as a media/streaming machine, and decided to go Linux rather than Windows. It most certainly has not been easier. Maybe if you've worked with the system for years and know the ins-and-outs it is second nature, but Linux has caused all sorts of issues I wouldn't have had on Windows.

E.g., installing certain programs. I was getting strange errors trying to access the repo, despite following every guide I could find to the letter. Fine, maybe my fault for picking a niche distro (SteamOS), maybe I'll try something a bit more mainstream (Lubuntu).

Next, starting a certain program on boot. In Windows there's an option for that in the program menu. In Lubuntu I Googled this and got a plethora of different suggestions, none of which worked properly for reasons I couldn't fathom. The search results often resulted in suggestions for different distros which as far as I can gather don't work on Lubuntu (thanks Google, "Lubuntu" and "Linux" aren't the same apparently), and I got plenty of results saying "that method won't work anymore because systemd". Gee, thanks, so what *does* work?

Finally got that sorted. Now the system refuses to output audio over DisplayPort to the TV, which worked fine without any meddling at all under Windows. I've checked the audio settings and it doesn't even recognise DP as a valid output.

If I'd set this up via Windows I would have had it done in a couple of hours. I'm sticking with my guns because I want to learn to work with Linux, but Jesus, for any of the consumer tasks I've tried so far it's not in any form easier. If it was then Linux might actually be a common consumer desktop OS.

Re:Turn it off

[nnull]

From a regular Linux user, yes this is a problem. Trying to figure out why things don't work is quite a pain in the ass when you don't have the time to deal with it. That's one thing Microsoft certainly has everyone beat where every hardware you buy will most likely work with little to no tinkering. Unfortunately, this problem will continue on for quite a while. Displayport is another hassle especially when you want 4k and audio in Linux which I think is still very broken in Xorg.

Re:Turn it off

[swillden]

I've spent this weekend trying to repurpose an old laptop as a media/streaming machine, and decided to go Linux rather than Windows. It most certainly has not been easier. Maybe if you've worked with the system for years and know the ins-and-outs it is second nature, but Linux has caused all sorts of issues I wouldn't have had on Windows.

If you've worked with Windows for years and know the ins-and-outs of that system, it's a lot easier to set Windows up than something else. Personally, when I have to set up a Windows system, I have a lot of issues I wouldn't have on Linux.

I know because I had to install a Windows system for the first time in about a decade a few months ago. It took me all day and lots of hair-pulling to figure out how to find and install all of the drivers needed to make the thing run. At the end I was still left with a few devices showing errors in the device manager, which I was simply unable to get working. It worked enough, so I gave up on the rest. The worst part of the process was that right after installation Windows had no functioning drivers, for ethernet, Wifi or USB, which made it really hard to get drivers onto the box. I solved this by booting a Linux LiveCD (which worked out of the box), creating a small FAT32 partition, downloading the ridiculously bloated 250MB (WTF?!?) ethernet driver onto it, then booting Windows again and installing from the FAT32 partition. I have no idea how a Windows guy would have solved that.

Re:Turn it off

Trying to figure out why things don't work is quite a pain in the ass when you don't have the time to deal with it.

One question I keep asking myself is why there are a zillion ways to do everything in Linux. I'm sure the pros have their reasons why they'd prefer each way in different situations, but for newbies like me it makes finding help a deluge of information for different distros, DEs, situations and versions of the same distro, so most of the time is trying to figure out which advice actually works in my specific use case. It didn't help that things were failing silently, and when I eventually found the logs they were full of non-human readable text.

I love a lot of things about Linux, especially compared to Windows, but like you said you need to budget a fair bit of time for troubleshooting.

Re:Turn it off

[Raenex]

One question I keep asking myself is why there are a zillion ways to do everything in Linux.

Because it's an open ecosystem.

Re: Turn it off

You could have avoided those problems by using standard Ubuntu. To find out how to launch things on startup, you literally hit the Windows key and type "startup".

Re:Turn it off

[AmiMoJo]

I have no idea how a Windows guy would have solved that.

You can make a Windows live CD (called Windows PE). It's rarely necessary though.

It sounds like the version of Windows you were trying to install was not officially supported by your hardware. If it was, drivers would not have been a problem. Since Windows 7 they have included drivers for contemporary chipsets on the disc, which are usually enough to net network access and download the officially supported ones from Windows Update or the manufacturer's website.

For your scenario. downloading the drivers onto a USB flash drive is usually the simplest option. In a pinch you can download on your phone and simply connect a USB cable to the computer, or the flash drive to the phone. Obviously doesn't work with Apple phones, only Android and Windows.

Re:Turn it off

[swillden]

I have no idea how a Windows guy would have solved that.

You can make a Windows live CD (called Windows PE). It's rarely necessary though.

It sounds like the version of Windows you were trying to install was not officially supported by your hardware.

I was installing a purchased copy of Win7 on a machine that came with Win10, because the tools I needed to use (for which I purchased the machine) only run on Win7. Of course, the vendor of said tools didn't bother to document that anywhere.

For your scenario. downloading the drivers onto a USB flash drive is usually the simplest option. In a pinch you can download on your phone and simply connect a USB cable to the computer, or the flash drive to the phone.

As I said in my post above, Windows didn't have drivers for the USB controller. USB was not available.

Re:Turn it off

[dbIII]

Displayport is another hassle especially when you want 4k and audio in Linux which I think is still very broken in Xorg

Why do you think that? A lot of people seem to be using it without any problems. Have you actually heard of someone with a current problem or are you just dredging up stuff from back when the hardware was under development?

Re:Turn it off

[AmiMoJo]

Yep, that's the problem, Windows 7 on a machine designed for Windows 10. Microsoft require basic stuff like USB to work for the computer to carry the "designed for Windows" sticker, but of course only the version that it ships with.

Re:Turn it off

[swillden]

Yep, that's the problem, Windows 7 on a machine designed for Windows 10. Microsoft require basic stuff like USB to work for the computer to carry the "designed for Windows" sticker, but of course only the version that it ships with.

You say that as though it makes sense. I installed a several-year-old copy of Debian Linux on the same machine without trouble. The USB controller chipset is newer than that old kernel, for example, but the generic controller drivers in the kernel work fine.

Re:Turn it off

[AmiMoJo]

Because a several year old Debian install must support UEFI or the UEFI must enable legacy mode for it in order to support the USB chipset. Windows 10 boots up faster by making full use of UEFI, which Windows 7 only has very minimal support for (remember it was released in 2009, nearly 8 years ago).

Can you really expect an 8 year old OS to support the latest USB chipset out of the box? Does the manufacturer even supply Windows 7 drivers that you could burn to CD and install?

Re:Turn it off

[swillden]

Can you really expect an 8 year old OS to support the latest USB chipset out of the box?

Seems reasonable to me. Perhaps not full support, but enough to talk to a mass storage device seems very reasonable. It's not like this is a rapidly-evolving space.

Does the manufacturer even supply Windows 7 drivers that you could burn to CD and install?

Yep.

Re:Turn it off

[AmiMoJo]

The new chipset is probably USB 3.0, which is quite different to USB 2.0 and which is not supported by Windows 7 out of the box. Drivers can support some of it, particularly higher speed transfers, but native support was only added to Windows 8 and beyond. That includes stuff like the new mass storage modes that boost throughput.

It's a trade-off. You can pay more for a chipset that has a USB 2.0 compatibility mode to work with the basic drivers in Windows 7, or you can pay less for one that doesn't. Of course they don't make this clear on the box and the former choice isn't actually available due to low demand.

if apps had rights to there own folder then

[Joe_Dragon]

if apps had rights to there own folder / reg keys then there would be less of an need for admin.

For some apps storing stuff per user can lead to a lot of space used and a lot stuff being downloaded more then 1 time. Also makes it a pain for updates.

This can be an issue with games with user maps / mod and A lot of games have built in downloads for them.

Video and other drives have there own updates. The windows ones can lack the control apps.

Re:if apps had rights to there own folder then

[vux984]

if apps had rights to there own folder / reg keys then there would be less of an need for admin.

Maybe.

For some apps storing stuff per user can lead to a lot of space used and a lot stuff being downloaded more then 1 time. Also makes it a pain for updates.

Windows has %appdata% folders (c:\
programdata ) for 'stuff' (files, settings, databases,...) that is shared between all users.

Video and other drives have there own updates. The windows ones can lack the control apps.

This area is a complete minefield... i mean, these days geforce experience requires a sign in, as do the drivers for a razor mouse etc... that whole part of the ecosystem is pretty toxic.

Re:if apps had rights to there own folder then

[Gadget_Guy]

if apps had rights to there own folder / reg keys then there would be less of an need for admin.

This feature was implemented with Vista. To work around those badly written programs that assume that they can write to their installation folder or LOCAL_MACHINE registry, Microsoft implemented File and Registry Virtualization. If an application opens a file in read/write mode under Program Files, then a copy of that file is made in %APPDATA% and this file is used instead.

This was only intended for old programs, and it only works for 32bit applications. It is assumed that 64bit applications are modern enough to know where they should place configuration files and such.

Re:if apps had rights to there own folder then

[haruchai]

This was only intended for old programs, and it only works for 32bit applications. It is assumed that 64bit applications are modern enough to know where they should place configuration files and such

And that seems like a very bad assumption to make. I wonder how long before Microsoft realizes this and implements it for 64bit apps too

Re:if apps had rights to there own folder then

This was only intended for old programs, and it only works for 32bit applications. It is assumed that 64bit applications are modern enough to know where they should place configuration files and such

And that seems like a very bad assumption to make. I wonder how long before Microsoft realizes this and implements it for 64bit apps too

It's a very good assumption, and anyone who writes 64bit apps that during run-time needs to write into the installation folder, or HKLM, or "C:\temp" should be sterilized.

Re:if apps had rights to there own folder then

[RyoShin]

these days geforce experience requires a sign in,

This seems to be avoidable, at least in the interim. Google "geforce experience avoid upgrade" or some such; I found a Youtube video that directed you to an Upgrade (Update?) folder, from which you rename or delete an EXE, and then the old version places nice again; no sign-in needed, and as far as I could tell I still downloaded the latest driver.

If you've already upgraded you can uninstall and put the old version back (the comments had links to "official" Nvidia installers, but other comments suggested these actually installed the latest version so you might have to roll the dice with "old version" file hosts.)

Re:if apps had rights to there own folder then

[vux984]

I just bought a logitech mouse that doesn't require an account; and uninstalled geforce experience. It doesn't do anything I need anyway; not enough to put up with (or fight with) its bloated nonsense.

Chrome updates from the about menu need admin

[Joe_Dragon]

Chrome updates from the about menu need admin but it does have an background auto update that works without admin.

Firefox has auto and about menu works without admin.

Re: Chrome updates from the about menu need admin

No, Firefox updates need admin rights, too. It just retains the ones it had when it was installing by installing a service that later does the updating.

Re:Chrome updates from the about menu need admin

A few versions ago Chrome no longer required admin account to install updates from the about menu, just like Firefox. Of course, Chrome also updates unattended in the background.

Re:Chrome updates from the about menu need admin

Works fine if you install it as a normal user. Just click cancel when it asks for the admin password.

I've often wondered about this.

[HuskyDog]

I have always managed my wife's PC (Win 2000, then XP, then 7 and now 10) by having non-admin accounts for each family member and a separate Admin account which I use only for installing applications (having where possible downloaded them using my personal account). I did this because it seemed sensible and is the way Linux works but was always rather mystified that it was never mentioned in any of the "How to make your PC more secure" articles which appear in the popular media.

I wondered if for some reason it wasn't as much of a protection as it appeared, but it now seems that I have been doing the right thing all along (phew) and that it is indeed a mystery why it isn't mentioned more often.

I should add that so far as I am aware my wife has never experienced any problems as a result of this policy (which I also apply BTW to my daughter's Mac).

This arrangement is also how the PCs at work are controlled with the added restriction that none-approved executables will not run at all. If I want to programme or have admin rights then I need to use a VM behind a substantial firewall.

Re:I've often wondered about this.

This is what I do, too, but I've often wondered if certain built in windows programs like Edge still run as an Administrater rights even if I've logged as a non-privileged user. Does anyone know if that's the case?

ISV stuck with DOS model

~75% fault - Too many Independent Software Vendors and In-house Software Developers still think/code with the 1990s ms-dos security model of no security at all. My impression is these coders believe (or want to believe) they can keep using the same techniques and skills they learned in the 1990s with dos and non-NT Windows. And the world is full of these 9-5 punch-clock software developers.

~25% fault - Microsoft does not create documentation .. teaching documentation on how to code for the security of the Windows NT platform. (In any language, being c, c#, asp). Microsoft may also benefit if they created examples of how to transition code from their old platforms to their new opens, such as IIS. One may counter-point that MS is not obligated to teach developers, but I've seen developers still be confused by how to code in their (MS) products. With the demands for software creation continuing to be high, in my opinion, the demands for more coders is not going to go down, not will the bar be raised for coders.

Oh to be fair, I only read the summary, not the article. :-)

Really!?

I'm so surprised that removing access to privileged functions prevents privileged operations. Where's the news here?

Vulnerabilities vs infections

[Artem+S.+Tashkinov]

I haven't read the article, my bad, my I guess it's not talking about vulnerabilities but about various malware which indeed in most cases requires admin rights to be properly installed.

However a great number of modern viruses live under various hidden directories in the user's profile, e.g. C:\Users\User\AppData\Roaming, so Admin Rights or not but you will be successfully infected.

The real problem with Windows is that most users blindly trust whatever .exe/.pdf/.docx/.xlsx files they receive from absolute strangers and they don't associate them with threats. Microsoft is trying hard to solve this problem by migrating to an app model which is used by Android and iOS but it just cannot work with Windows for far too many reasons, the primary two are of course compatibility and UWP limitations. It can be solved by a new OS which won't be called Windows but Microsoft just doesn't have the guts for that.

Re:Vulnerabilities vs infections

The article quotes this is vulnerabilities announced in Microsoft Security Bulletins, which don't cover viruses, trojans, etc unless they exploit a flaw in software like remote execution, privilege escalation, breaking out of sandbox, etc. Your guess is just flat wrong.

The real problem with users is that most users blindly trust whatever .exe/.pdf/.docx/.xlsx files they receive from absolute strangers and they don't associate them with threats.

Fixed that for you.

Re:Vulnerabilities vs infections

[Artem+S.+Tashkinov]

Windows since Windows Vista makes your user a non administrator by default, unless you 1) disable UAC completely or 2) specifically enable the Administrator account and log under it.

I guess I'll have to read the article because something feels wrong about it.

Re:Vulnerabilities vs infections

I'd argue they're still administrators, just with UAC gating the admin requirements. Problem is people are so used to clicking yes that they don't think about it. Many wouldn't understand what it does either. If one opens a "word document" and it prompts for admin escalation, how many would think "since when do word documents need admin privs, perhaps I better not run it" vs "yes, yes just go away and show me what it is".

Hiding the real point

The real point of this story is that by disabling admin rights Microsoft can pretend to the world that their products are not the least secure in their respective classes.

Of course it completely fails to address the fact that unless you only want to do very simply things on a computer, admin rights are frequently required.

We knew that almost two decades ago...

when I worked at Microsoft. We talked about ways of protecting users, but the rumor was that it was killed because so many people buy new computers instead of fixing ones that have a Microsoft-created problem. Viruses are very profitable to Microsoft.

Re:We knew that almost two decades ago...

Can confirm. Worked at a computer store for nearly seven years. Many people just buy a new computer when Microsoft's Windows starts running poorly. Creating problems with Windows makes a lot of money for Microsoft.

Re:We knew that almost two decades ago...

[ruir]

Apparently they are very profitable to Apple too.

No local admin rights for you!

You can definitely run Win 10 without local admin rights and still have a viable machine. Just ask plenty of properly-run small businesses around the country whose IT teams are administering machines as such.

That's nothing!

[Gravis+Zero]

You can mitigate 100% of Microsoft vulnerabilities by not using Microsoft products! ;)

Re:That's nothing!

[ruir]

it should be pretty obvious but many people are just .... brainwashed.

How do I turn off Admin rights?

I have Windows 7 Ultimate, with UAC enabled. I need to explicitly approve of any software installation, or viewing of all processes in Task Manager, or use of the Computer Management application. I login as a user who is not the "Built-in account for administering the computer/domain", but my user does belong to the "Administrators" group.

What does it mean to "turn off Admin rights"?

Windows XP too.

Likewise, a fuckload of infection vectors could be blocked by doing the same on XP and previous branches.
Equally, enabling the My Computer zone for Internet Options (which applies to the whole OS, not just IE!) and disabling everything can block loads more.
Then finally disabling all those stupid networking services NOBODY IN THE HISTORY OF EVER has used besides a few neckbeards that makes a point to post about them using it regularly on every site.

Boom, there you go, XP is a fucking tank. The only other exploits are ones that hit either every Windows or every OS. (hardware level attacks, firmware, drivers)
And given those are patched in the PoS / embedded branch because they are 90% of the time hardware hacks, it's fairly easy to keep XP clean.
With that neat write filter added to them, it makes them more secure than consumer iterations of the OSes. Windows 7 embedded is also nice for that.

Microsofts security is hilariously awful even in 2017.
I still have a friend that will vehemently defend their shitty security, UAC and the like.
It is SO BAD. It's either no access or FULL ACCESS, GEE, GREAT IDEA.
Not even a freetard either. Linux has loads of stupid problems on its own that I've had to deal with. (especially recently since the SystemD shitfest)

The other 6%

[Hognoxious]

The other 6% can be eliminated by not turning the machine on. And the good news is you'll get almost as much work done.

horseshit

[Lehk228]

94% of the bad shit that will happen will happen with or without admin rights. who cares if your windows install is ok when cryptolocker is holding all your tax files from the last decade ransom for $500 bucks worth of bitcoin or your bank login credentials get stolen as you log in.

Re:horseshit

[jbmartin6]

This. 99% of the known vulnerabilities are mitigated, sure. The other 1% are the vulnerabilities that attackers are actually using.

Yeah, well

100% of Microsoft Vulnerabilities can be mitigated by turning the machine off. That doesn't make it a reasonable fix.

Making the machine less useful because it can't be both useful and secure at the same time isn't a win.

RUNAS helps with some apps

[schwit1]

I put C:\Windows\System32\runas.exe /trustlevel:0x20000 before some apps to have them run as a basic user.

[c:]runas /showtrustlevels
The following trust levels are available on your system:
0x20000 (Basic User)

This works for firefox and outlook and some others. Chrome and slack fail.

No Visual Studio RT

[tepples]

Microsoft is trying hard to solve this problem by migrating to an app model which is used by Android and iOS but it just cannot work with Windows for far too many reasons

Probably the same reason it doesn't work with iOS. You can't develop apps on an iPad Pro with keyboard and Apple Pencil because Xcode works only on a Mac. Likewise, you can't develop apps on a Surface 1 or 2 because Microsoft never released Visual Studio RT. (You can on Surface Pro and Surface 3 because those run full Windows.)

I can claim better vs. malware easily

Prevention = best medicine (& what u can't touch can't hurt u) via NEW APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Ads & malware rob speed/security/privacy

Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!

Avoids DNSChangers in routers/IP settings & dns redirects (99.999% of ISP DNS != patched vs. it) + lightens DNS load & resolves faster from local system RAM!

* Via what u NATIVELY have built into the IP stack in FASTER kernelmode!

APK

P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

wtf does it mean to turn off admin rights

[0111+1110]

Is there like a switch? An "Admin Rights" checkbox somewhere? Maybe not a bad idea but I haven't seen anything like that. Did I just miss it? I'm still using Windows 7 so maybe this switch is a new feature in Windows 10. If the author meant that a user should run as Standard (unprivileged) User and not as an Administrator then maybe he should have said that. It is not as simple as just turning something on or off. If you are running as an Administrator you would probably want to actually create a new standard user account and start using that and that may require reinstalling some of your applications.

I'm guessing the guy who wrote that article doesn't use Windows and so does not realize that it just doesn't work that way. One of the greatest advantages of Windows 7 over XP was the relative ease of running as non-admin and a lot of software had to be changed to allow for the possibility that a user might be running it without full admin rights. I'm sure there is still some older software (games for instance) that require full admin privileges to run, but you can just switch to an admin account to run those.

Unfortunately for me the VPN that I use has software that appears to run only from a full admin account. "Run As Admin" doesn't even work with it. So there is still some (bad) software out there that expects full admin rights unfortunately.

I guess it shouldn't need to be pointed out that Microsoft is one of the worst software companies out there and pretty much everything they do is wrong/stupid. Their attempt at getting Windows to work hassle free as a standard user was not a complete success. That people running as Admin is still a problem just highlights this.

Did Cortana tell you this?

[TheOuterLinux]

She's schizophrenic. She hears and sees things that aren't there. Actually, she really just sees and hears everything. Just like woman, loves gossip and tells you it's ok not be in charge. No more "Sudo make me a sandwich" jokes. Sorry Cortana, but my man Tux (Linux) is sexy as hell and does anything I ask and isn't all up in my business 24/7.

Check bank / cc statements

[raind]

Bitch if something is not authorized
-have good backups when ransomware comes in
-enjoy

100% of Microsoft Vulnerabilities Can Be Mitigated

By installing Linux instead

and 94% of applications will no longer work

I'd LOVE to turn off admin rights, except that windows has so many poorly coded applications that it's not practical.

Re:and 94% of applications will no longer work

Name a single application that doesn't work if you're using a non-admin account.

Good policy, if you can live with it ....

[King_TJ]

I've been doing this for a while now with my daughter's Windows 10 PC. She's running as a "standard" user account that prompts for my admin account's assigned PIN code when it needs elevated rights for an action.

It's FAR more functional than an arrangement like this would have been with an older version of Windows like 7 or XP. But it's not perfect. One of the problem she's had is that she's gotten interested in modding games (Minecraft is a good example, as all the serious players use custom texture packs and other modifications so specific servers they want to connect to will let them properly view/play customized levels other people created with the additional tools and patches.) These mods quickly start requiring admin rights to the machine to get them installed properly.

I've also just found it annoying how often I have to provide the admin PIN code to allow updates to go through for various things. Malware Bytes anti-malware software is one example, as are the regular updates pushed out for the Java JRE and the nVidia video driver updates.

For our corporate Windows users in our office, I don't think we could live with taking away their admin rights either. Technically, we *might* be able to do a lot of tedious configuring of more advanced permissions (using "print administrators" security rights and all of that) to get around a lot of their problems. But it's a lot of hassle to still inevitably hit "roadblocks" where something unexpected needs those admin rights to update, install or run. The login scripts that auto map certain drive letters to shared network resources and auto connect certain networked printers for them, plus update the clock date/time with a central time server won't even work without giving them sufficient rights for all of that.

Re:Good policy, if you can live with it ....

[HuskyDog]

Well, we certainly can live with it just fine and have done so since the days of Win2000. At the end of the day, security is a trade-off and we have accepted that the relatively minor inconvenience of "standard users" (and for our case it is indeed minor) is less than the inconvenience of a malware attack. It is a balance which everyone has to make.

The same is true for work environments. Where I work security is a very high priority (for reasons you are free to speculate about) and therefore a very restrictive regime operates. There is an approved list of applications (about 200 I think) almost all of which are distributed via App-V. Some can be installed by anyone, whilst for more restricted ones you have to apply and get added to the necessary AD group. In all cases, no admin access by users is required. There is no possibility of adding your own applications as all areas writeable by users have the Windows equivalent of "noexec". If you try to install and run an executable then it simply won't start and logging software will register the attempt and dispatch a warning to your manager.

I have to say however that for most people this regime is not a serious hindrance. The common applications, Office, Chrome, Acrobat Reader etc are all installed by default and update automatically in the background so most users never have a problem. Power users who need admin access for specialist none-approved applications can use their browser to access a VMWare cloud environment and spin up VMs (Windows and Linux) where they can do whatever they want (albeit behind a very restrictive firewall). It all basically works fine and no-one ever experiences a problem with their clock not being set correctly! Mind you, I suspect that our IT budget is significantly higher per seat than yours. Yer pays yer money and yer takes yer choice!

Re:100% of Microsoft Vulnerabilities Can Be Mitiga

[ruir]

Amen

So windows needs

sudo

Re:So windows needs

Windows has had sudo for years, but people still like to run admin accounts <shrugs />

100% of MS Vulnerabilities Can Be Mitigated by ...

TURNING OFF COMPUTER !

Re:100% of Microsoft Vulnerabilities Can Be Mitiga

[ruir]

| By installing Linux instead Should be a no-brainer, but people are stupid.

Yeah and then...

[sproketboy]

Most of your software wont work properly because monkeys still insist on writing config info into program files.

Re:Yeah and then...

[The-Ixian]

Sorry, but if your app is trying to write to program files then your app is broken or written for a version of Windows that hasn't been supported for a very long time.

The last big app that I can recall doing this was QuickBooks. They were late to change and caused all kinds of hassle for terminal server admins for years.

We are actually using Avecto for privilege control and escalation and it works pretty well for that. We are currently in the testing phase for adding application whitelisting to the Avecto workload as well. The idea being that we allow executable content to run from areas of the file system that the user doesn't have write access to (Program Files and Windows directories) and block exe's from all other locations with exceptions based on cryptographic signature meta data (like program publisher) or file hash.

The only problem I have with Avecto is the purchase options. They are a European company and don't take credit cards or POs.

Re:Yeah and then...

[sproketboy]

> Sorry, but if your app is trying to write to program files then your app is broken or written for a version of Windows that hasn't been supported for a very long time .NET by default uses exe.config files by default sitting in the same place as the exe file. Changing INI files to XML. Same shit different year. There are plenty of older apps not rewritten that depend on "running as admin" in windows. Microsoft should have abandoned program files 20 years ago and instead do it like Mac does with fat binary including all their resources in a read only Applications folder.

Ransomware usually doesn't need admin rights

[Doke]

Ransomware typically runs as a normal user, without admin access. Yet it's one of the more devastating forms of malware. It doesn't need admin access to rip through a company's shared drives.

Technically correct

[computational+super]

Well, that's true in the same sense that turning off your computer mitigates vulnerabilities... without admin rights, nothing works in Windows.

Also, 100% of ...

... car accidents can be mitigated by not driving your car.

However, it kinda defeats the purpose of owning a car if you never drive it.

But...

[Meski]

50% of apps won't run without admin rights. I pulled that figure out of my arse, but it's probably not wildly inaccurate.