Slashdot Mirror
94% of Microsoft Vulnerabilities Can Be Mitigated By Turning Off Admin Rights (computerworld.com)
An anonymous reader quotes Computerworld:
If you want to shut out the overwhelming majority of vulnerabilities in Microsoft products, turn off admin rights on the PC. That's the conclusion from global endpoint security firm Avecto, which has issued its annual Microsoft Vulnerabilities report. It found that there were 530 Microsoft vulnerabilities reported in 2016, and of these critical vulnerabilities, 94% were found to be mitigated by removing admin rights, up from 85% reported last year. This is especially true with the browser, for those who still use Microsoft's browsers. 100% of vulnerabilities impacting both Internet Explorer and Edge could be mitigated by removing admin rights, Avecto reported... Windows 10 was found to have the highest proportion of vulnerabilities of any OS (395), 46% more than Windows 8 and Windows 8.1 (265 each). Avecto found that 93% of Windows 10 vulnerabilities could be mitigated by removing admin rights.
Of course, the stats are based on vulnerabilities announced in Microsoft Security Bulletins, but there's an overwhelming pattern. Turning off admin rights mitigated the vast majority of vulnerabilities, whether it was Windows Server (90%) or older versions of Microsoft Office (99%). And turning off admin rights in Office 2016 mitigated 100% of its vulnerabilities.
Of course, the stats are based on vulnerabilities announced in Microsoft Security Bulletins, but there's an overwhelming pattern. Turning off admin rights mitigated the vast majority of vulnerabilities, whether it was Windows Server (90%) or older versions of Microsoft Office (99%). And turning off admin rights in Office 2016 mitigated 100% of its vulnerabilities.
100% of Microsoft Vulnerabilities Can Be Mitigated By not using Windows
as it is on macOS. On W10, for some things it will ask you to identify as an admin, and proceed, and for other things it will just fail instead, either forcing you to relog as admin, or to enable admin for your main account. They couldn't even make this work.
the way the MS system is designed: having no admin rights = a computer that's basically a paperweight.
The company buys into this and supports implementing a system of packaging and deploying applications are updated in the background or that users can request and install with our being prompted for an admin user. And setting up processes and procedures for users to request non standard apps, have it approved, and can call a helpdesk to who can then remote desktop the system and type in an admin login to get it installed.
I've worked at one company that did this, and it worked well because they set out to do this properly. Every other place I've worked puts this into the too hard basket, and users are made local admins.
94% of all programs won't run properly without those rights.
Unfortunately for the longest time developers for Windows got away with not giving half a shit about security. To make matters worse, when MS finally decided to tighten the screws, they went overboard by a long shot. You cannot even install a simple program without elevated rights.
And to make matters worse, "elevated" means "full access, anywhere". There is no granularity, it's only "can't do jack shit" or "total control". You cannot open up the program files to install a normal program without also giving that program the ability to drop a low level driver into your system.
Then again, if that worked, a lot of people would probably notice just WHAT kind of crap their beloved games barf into the deeper intestines of their computers for the sake of the all holy DRM.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I found it a whole lot easier to just turn Windows off.
if apps had rights to there own folder / reg keys then there would be less of an need for admin.
For some apps storing stuff per user can lead to a lot of space used and a lot stuff being downloaded more then 1 time. Also makes it a pain for updates.
This can be an issue with games with user maps / mod and A lot of games have built in downloads for them.
Video and other drives have there own updates. The windows ones can lack the control apps.
Chrome updates from the about menu need admin but it does have an background auto update that works without admin.
Firefox has auto and about menu works without admin.
I have always managed my wife's PC (Win 2000, then XP, then 7 and now 10) by having non-admin accounts for each family member and a separate Admin account which I use only for installing applications (having where possible downloaded them using my personal account). I did this because it seemed sensible and is the way Linux works but was always rather mystified that it was never mentioned in any of the "How to make your PC more secure" articles which appear in the popular media.
I wondered if for some reason it wasn't as much of a protection as it appeared, but it now seems that I have been doing the right thing all along (phew) and that it is indeed a mystery why it isn't mentioned more often.
I should add that so far as I am aware my wife has never experienced any problems as a result of this policy (which I also apply BTW to my daughter's Mac).
This arrangement is also how the PCs at work are controlled with the added restriction that none-approved executables will not run at all. If I want to programme or have admin rights then I need to use a VM behind a substantial firewall.
I haven't read the article, my bad, my I guess it's not talking about vulnerabilities but about various malware which indeed in most cases requires admin rights to be properly installed.
However a great number of modern viruses live under various hidden directories in the user's profile, e.g. C:\Users\User\AppData\Roaming, so Admin Rights or not but you will be successfully infected.
The real problem with Windows is that most users blindly trust whatever .exe/.pdf/.docx/.xlsx files they receive from absolute strangers and they don't associate them with threats. Microsoft is trying hard to solve this problem by migrating to an app model which is used by Android and iOS but it just cannot work with Windows for far too many reasons, the primary two are of course compatibility and UWP limitations. It can be solved by a new OS which won't be called Windows but Microsoft just doesn't have the guts for that.
The real point of this story is that by disabling admin rights Microsoft can pretend to the world that their products are not the least secure in their respective classes.
Of course it completely fails to address the fact that unless you only want to do very simply things on a computer, admin rights are frequently required.
Who runs with full admin rights?
Define 'full'.
I run with admin rights on my Windows 10 machine because it's the default and it's a pain in the neck to run without. "Sorry you don't have permissions to set the clock".
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
I run with admin rights on my Windows 10 machine because it's the default and it's a pain in the neck to run without. "Sorry you don't have permissions to set the clock".
Have you also turned off UAC prompts? Because when I set the time it prompts me for the admin password and it works fine. I don't ever see the message that I don't have permissions to set the clock; I just see the icon on the button to set the time which shows that it will perform an elevation (prompt for password) to run it.
when I worked at Microsoft. We talked about ways of protecting users, but the rumor was that it was killed because so many people buy new computers instead of fixing ones that have a Microsoft-created problem. Viruses are very profitable to Microsoft.
one thing I run into is that I install a program for a user and it will create a desktop icon. For some reason windows will ask for the admin password to delete it. Why does windows ask for the admin password to get rid of an icon?
The desktop shows the contents of two folders. It shows your personal desktop at "%userprofile%\Desktop", which you can add and remove icons and files from freely, and it shows the contents of "C:\Users\Public\Desktop" which needs admin rights to create or modify stuff by default since it affects all the users. The stuff that needs an admin password to remove is in the public desktop and is shown on the desktops of all users.
Why does windows ask for the admin password to get rid of an icon?
Because those icons are stored in the shared desktop folder (default: C:\Users\Public\Desktop). Any file or icon here will be visible on the desktop of every user. If you shared a computer with other users, then you might not want the other people to be able to edit the icons that appear on your desktop because they could alter them to run malicious software instead. If you ran a program where you needed to login with a password, then they could write their own mock version of the software that logs the passwords and change the desktop icon to run it instead.
If you don't share the computer with other people, then you could grant write permission on the shared desktop folder to all users. Then you could delete and update automatically created icons to your heart's content.
Me too. It's just too much of a hassle to switch admin rights off. Maybe it's better now but knowing MS it will not have changed much since 2000 when I tried using my computer as a normal user. "You can only run that program in administrator mode," it would tell me, or it would just refuse to do the simplest things. I gave u in frustration. I do use my Mac as a normal user, which works fine. It only asks for administrator passwords when doing administrative things like installing programs and changing global settings.
-- Cheers!
Why does windows ask for the admin password to get rid of an icon?
Because those icons are stored in the shared desktop folder (default: C:\Users\Public\Desktop). Any file or icon here will be visible on the desktop of every user. If you shared a computer with other users, then you might not want the other people to be able to edit the icons that appear on your desktop because they could alter them to run malicious software instead. If you ran a program where you needed to login with a password, then they could write their own mock version of the software that logs the passwords and change the desktop icon to run it instead.
If you don't share the computer with other people, then you could grant write permission on the shared desktop folder to all users. Then you could delete and update automatically created icons to your heart's content.
Or you could run with admin rights.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
You can mitigate 100% of Microsoft vulnerabilities by not using Microsoft products! ;)
Anons need not reply. Questions end with a question mark.
Both Windows and GNU/Linux separate "running as root" from "running as a member of the wheel group". Even if you're a member of the wheel group (which may be called Administrators under Windows or sudo under GNU/Linux), you still need to elevate in order to do any tasks that require superuser privileges. But perhaps creating two accounts, one in wheel and the other not, and doing work other than software installation as the user not in wheel would make it harder to social-engineer users into elevating.
I run with admin rights on my Windows 10 machine because it's the default and it's a pain in the neck to run without. "Sorry you don't have permissions to set the clock".
Have you also turned off UAC prompts? Because when I set the time it prompts me for the admin password and it works fine. I don't ever see the message that I don't have permissions to set the clock; I just see the icon on the button to set the time which shows that it will perform an elevation (prompt for password) to run it.
That was an exaggeration for emphasis. I could be more specific.. On a work laptop, I can write to my 'c:\Users\\Documents' folder, but if I try to access it via the various shortcuts on the left of the file manager, I am denied access. No UAC, even though I have the password for that. The permissions on the thing vary based on the path you access it by? That's messed up.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Even on my Linux boxes I do not run my web browser or email client as root. To do so is just asking for trouble - even on a Unix system.
Likewise, GNU/Linux has kernel mode setting and the Direct Rendering Manager.* Isn't that also part of the GUI in the kernel?
* The latter happens to share initials with something more sinister.
Maybe it's better now but knowing MS it will not have changed much since 2000 when I tried using my computer as a normal user.
What? Have you not heard about the User Account Control (UAC) that was implemented with Vista? It does exactly what you described happens on the Mac:
It only asks for administrator passwords when doing administrative things like installing programs and changing global settings.
Yep, that's exactly what Windows does. They really have done work on Windows in the last 17 years!
Most Windows vulnerabilities can be mitigated by removing admin rights.
Most vulnerabilities can be mitigated by removing ignorant users.
The other 6% can be eliminated by not turning the machine on. And the good news is you'll get almost as much work done.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
That was an exaggeration for emphasis. I could be more specific.. On a work laptop, I can write to my 'c:\Users\\Documents' folder, but if I try to access it via the various shortcuts on the left of the file manager, I am denied access. No UAC, even though I have the password for that. The permissions on the thing vary based on the path you access it by? That's messed up.
That's not an account type issue; something is seriously borked on your system. That doesn't happen normally even if you are a standard user. It sounds like the user folders have been moved, but the icons haven't been updated to reflect this. (It's possible that something like OneDrive has fiddled with the folder locations).
I assume that you are talking about the Quick Access section. If I were you I would right click on those folders and select "Unpin from Quick Access". Then browse to the folders and click on "Pin to Quick Access" in the Home ribbon to recreate the list. That should fix the problem.
94% of the bad shit that will happen will happen with or without admin rights. who cares if your windows install is ok when cryptolocker is holding all your tax files from the last decade ransom for $500 bucks worth of bitcoin or your bank login credentials get stolen as you log in.
Snowden and Manning are heroes.
Or you could run with admin rights.
But that would be stupid considering how vulnerable your system would be (given the topic of this /. story).
100% of Microsoft Vulnerabilities can be mitigated by turning the machine off. That doesn't make it a reasonable fix.
Making the machine less useful because it can't be both useful and secure at the same time isn't a win.
[c:]runas /showtrustlevels
The following trust levels are available on your system:
0x20000 (Basic User)
This works for firefox and outlook and some others. Chrome and slack fail.
Microsoft is trying hard to solve this problem by migrating to an app model which is used by Android and iOS but it just cannot work with Windows for far too many reasons
Probably the same reason it doesn't work with iOS. You can't develop apps on an iPad Pro with keyboard and Apple Pencil because Xcode works only on a Mac. Likewise, you can't develop apps on a Surface 1 or 2 because Microsoft never released Visual Studio RT. (You can on Surface Pro and Surface 3 because those run full Windows.)
What I found most interesting is that I _cannot_ load most linux software as a non-root user, even tho that is recommended. seems like there's always some package that wants to be root. It's actually gotten better over the years. I know I read a lot of bragging about how much more secure linux was but it seemed as if every software package I loaded needed to be root which made me think all those "developers" were just running as root and hoping to stay lucky.
Oh that's interesting. I will try it out tomorrow. Thanks!
-- Cheers!
Eh ? I don't understand. To install software (is that what you mean by ''load'') you generally need to become root for a short while since you typically need to create files in /usr/bin/ & similar. This is very different from the program needing superuser privileges in order to run -- only a very few do. Most packaged software needs to be installed with superuser privileges but if, however, you build it yourself you will run ./configure and can put the software almost anywhere - usually.
When you make the decision to use windows, you are accepting that you are vulnerable.
But if you can make yourself 94% less vulnerable, it makes sense to do this. I wouldn't run as root/administrator as my general purpose account on ANY operating system. I also would not assume that ANY operating system would make me invulnerable.
Why can't windows just make a link to that icon and change the permissions on the link it makes on the users desktop so the user can do anything they want to that link and not touch the icon in the shared folder? That way they can delete it if they want.
Is there like a switch? An "Admin Rights" checkbox somewhere? Maybe not a bad idea but I haven't seen anything like that. Did I just miss it? I'm still using Windows 7 so maybe this switch is a new feature in Windows 10. If the author meant that a user should run as Standard (unprivileged) User and not as an Administrator then maybe he should have said that. It is not as simple as just turning something on or off. If you are running as an Administrator you would probably want to actually create a new standard user account and start using that and that may require reinstalling some of your applications.
I'm guessing the guy who wrote that article doesn't use Windows and so does not realize that it just doesn't work that way. One of the greatest advantages of Windows 7 over XP was the relative ease of running as non-admin and a lot of software had to be changed to allow for the possibility that a user might be running it without full admin rights. I'm sure there is still some older software (games for instance) that require full admin privileges to run, but you can just switch to an admin account to run those.
Unfortunately for me the VPN that I use has software that appears to run only from a full admin account. "Run As Admin" doesn't even work with it. So there is still some (bad) software out there that expects full admin rights unfortunately.
I guess it shouldn't need to be pointed out that Microsoft is one of the worst software companies out there and pretty much everything they do is wrong/stupid. Their attempt at getting Windows to work hassle free as a standard user was not a complete success. That people running as Admin is still a problem just highlights this.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
She's schizophrenic. She hears and sees things that aren't there. Actually, she really just sees and hears everything. Just like woman, loves gossip and tells you it's ok not be in charge. No more "Sudo make me a sandwich" jokes. Sorry Cortana, but my man Tux (Linux) is sexy as hell and does anything I ask and isn't all up in my business 24/7.
Bitch if something is not authorized
-have good backups when ransomware comes in
-enjoy
Get up!
I'm sorry, but I think that is completely wrong. Exactly how does Windows starting with maximum permissions actually manifest as a real world example?
If you start with a basic account, you don't have to whittle away its rights; it is low by default. If you want it to be a higher access account then you add it to the Administrators group. Then it inherits the additional permissions. This is the opposite of what you described.
Where you might be getting confused is that the permissions system allows for both Allow and Deny settings, but it is extremely rare to see Deny being used. For an example of how Deny works, if you wanted to create an account that could install software, but not edit the firewall settings, you would add the Administrators group to the account and then Deny edit rights to the firewall. Deny is only useful AFTER you have raised the account's permissions from the default low settings.
I've been doing this for a while now with my daughter's Windows 10 PC. She's running as a "standard" user account that prompts for my admin account's assigned PIN code when it needs elevated rights for an action.
It's FAR more functional than an arrangement like this would have been with an older version of Windows like 7 or XP. But it's not perfect. One of the problem she's had is that she's gotten interested in modding games (Minecraft is a good example, as all the serious players use custom texture packs and other modifications so specific servers they want to connect to will let them properly view/play customized levels other people created with the additional tools and patches.) These mods quickly start requiring admin rights to the machine to get them installed properly.
I've also just found it annoying how often I have to provide the admin PIN code to allow updates to go through for various things. Malware Bytes anti-malware software is one example, as are the regular updates pushed out for the Java JRE and the nVidia video driver updates.
For our corporate Windows users in our office, I don't think we could live with taking away their admin rights either. Technically, we *might* be able to do a lot of tedious configuring of more advanced permissions (using "print administrators" security rights and all of that) to get around a lot of their problems. But it's a lot of hassle to still inevitably hit "roadblocks" where something unexpected needs those admin rights to update, install or run. The login scripts that auto map certain drive letters to shared network resources and auto connect certain networked printers for them, plus update the clock date/time with a central time server won't even work without giving them sufficient rights for all of that.
I don't see how it's a pain. It's much less of a pain than cleaning an infected system. I haven't had an Admin account as my normal account since the XP days. If I'm prompted to enter an admin password and it wasn't something I was intentionally doing, I know something's up --- immediate shutdown (full, not just a restart) and scan my system on boot up.
I'm a DEV, too. My *account* is a limited account. But (depending on the project), I can launch Visual Studio with Admin rights. Some projects are just fine without them, so I don't use them. Other projects require admin rights, so I launch either through Shift-Right-click on the icon and select "Run as Admin" or I create a second shortcut and set the Admin flag. I get the UAC prompt when I launch it, but that's usually only once per dev session, so it isn't *that* annoying. But only Visual Studio is running as admin, the rest of my system (i.e. my browser) is still "protected" by using a limited account.
Not only that, but you can always run as. In my day to day job I run as a standard user. I frequently launch server manager as a domain admin users for admin related tasks. I have not ran as a local or domain admin on windows 10 ever.
Amen
I've read TFA twice now and I still can't figure out if that's what the authors are trying to suggest, or something else entirely.
The entire point of UAC/sudo is to allow users to run in a standard context for day-to-day activities, and to quickly elevate certain applications/actions when it's required. Unless something has gone terribly wrong here, applications running un-elevated under an admin-capable UAC account have no more rights than an application running on a non-admin-capable account in the first place. Until elevation takes place, it's for all practical purposes a non-admin account.
So what is TFA trying to suggest, and what is their metric? Are they saying UAC is broken and applications are trivially executing privilege escalation attacks? (And if so, how are standard accounts not affected?) Or are they just saying that since users can escalate applications, the OS automatically counts as vulnerable to the attack? In other words, is the argument that we should be doing away with UAC/sudo?
That's all well but why would you want Windows ? Assuming you have the choice.
Because despite what people around here say, Windows is simply good enough. I have a mix of different operating systems, and have no problems switching between them because they all offer the same basic facilities.
| By installing Linux instead Should be a no-brainer, but people are stupid.
Windows still runs the GUI as part of the kernel?
No. The GUI runs under the logged-in users non-elevated account, i.e. even if you log in as an administrator, the administrator privileges are stripped from the user token that is used for the desktop (GUI) process. (the explorer.exe process).
On the driver level, graphics drivers are split in two: A (hopefully) smaller kernel part as well as a user-mode part. This split is for reliability and security. By keeping the kernel mode small, the developer can limit the attack surface and maximize reliability. A memory corruption bug in the user-mode part can at the most cause the specific application to fail.
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
Most of your software wont work properly because monkeys still insist on writing config info into program files.
Many, many people. Especially anyone who plays games.
Even my kids have admin access now since online games require patches be downloaded and written to system locations.
That's nice, but the Swedish Chef predates Supreme Court Nominee Bork by a decade. The Muppet Show had a greater worldwide impact than some parochial bit of politics.
I'm sorry, but I think that is completely wrong.
And you'd be wrong.
Exactly how does Windows starting with maximum permissions actually manifest as a real world example?
It's the root of all buffer overflow, DLL injection, and any other type of attack. IOW, this is not hypothetical, but a real world issue. You should also note that Windows last I looked suffers from the largest number of severe or higher level security issues. That would be the type of security issues where the machine can be compromised. Most of those don't care about what user account you're running from, precisely because of this problem.
If you start with a basic account, you don't have to whittle away its rights; it is low by default. If you want it to be a higher access account then you add it to the Administrators group. Then it inherits the additional permissions. This is the opposite of what you described.
Where you might be getting confused is that the permissions system allows for both Allow and Deny settings, but it is extremely rare to see Deny being used. For an example of how Deny works, if you wanted to create an account that could install software, but not edit the firewall settings, you would add the Administrators group to the account and then Deny edit rights to the firewall. Deny is only useful AFTER you have raised the account's permissions from the default low settings.
And this is where you're confused. How do you think you get that higher permission process? It's because you have access to calling a process with system privs as a regular user. But you don't even need that access to break security. Your regular "low-priv" user process still has the ability to inject DLLs. A simple DLL injection with a method overriding an existing DLL method that is called with a system priv process, which you can also accomplish simply with your "low-priv" user process, is all it takes to break out of the security sandbox. (This was actually a recommended process for having a true no privs process effectively elevate a security token within its process. This is a terrible hack, btw, and just shows how bad security in Windows really is) The approach we used was to create a separate service process that had privs setup to solely spawn a new process with the permissions we needed to effectively do what we needed to do without completely opening up the system to all sorts of potential escalation attacks. While somewhat clunky and spawning multiple processes and having to deal with IPC, this was still a better approach security wise than all other options under windows. AFAIK, those servers still haven't been hacked through our processes.
So no, the "non-privileged" user in Windows really isn't a non-privileged user in the sense of what they can do security wise, unless and until you completely lock down the machine to the point that it is effectively a kiosk with only a single directory available for read-write with limited applications available none of which have code execution capabilities nor network access capabilities. It really is that bad.
The cesspool just got a check and balance.
If you have the ability to run arbitrary code, see other post for details on how and why you're still not secure.
The cesspool just got a check and balance.
So herein lies the core of the issue, 2 actually.
1) social engineering. Under normal UAC, as part of the admins group you have to merely click-thru to elevate a process. As a non admin user, with a seperate privileged account you must provide credentials.This raise the bar of, in nothing else, user awareness, and prevents the sadly typical user behavior of just clicking on any button tat comes up without reading. Sudo still requires a password, so its not the same as the UAC standard setting.
2) escalation flaws. A user not in the admins group is not allowed to latest at all (probably). Thus if a malicious program does come along looking to exploit the a system component, or other program that has a flaw, the assumption that root access can be achieved will basically fail silently. For a non-windwos example of this see ShellShock on MacOS.
Familiarity. I've been using Windows since Windows 3.0, so I'm very familiar with the interface and the way the systems works behind the scenes. Over the same time I have used Unix, FreeBSD, and quite a lot of Linux distributions. Because there was such a variety in the *nix side of things, all of which worked differently from other similar operating systems, I actually find that I am quicker getting stuff done in Windows. Windows 8 nearly ruined this with its stupid modern UI, but I have been able to ignore most of that and stick with the old desktop.
It's what I use at work, so programs that I use (and write) at work can also be used on my home systems. Also, when buying software (especially games), Windows is the better supported platform. For open source stuff, the situation is reversed, but I most of the software I use also has Windows versions too. I am gradually moving my standard selection of programs to cross-platform versions so I can one day migrate from Windows. The only reason why I would do this is because I don't trust the direction that Microsoft is taking these days.
PowerShell. This is one of the things that keeps me on Windows; I just love PowerShell. Sure, they released an open-source, cross-platform version, but to get the best out of the shell you really need to run it on Windows.
Despite what you say, security is definitely good enough. Since the release of Service Pack 2 for XP, every version of Windows has gained more security features. I haven't had any malware problems since I upgraded to XP (which happened after SP2 was released). It helps that I have always used limited user accounts (like this article says). Of course, I don't go running random programs that get emailed to me, but then I also wouldn't do that on Linux either because I don't just assume that it is that much more secure than Windows.
Not so much "broken" as in it was never enough to do what you suggest since it was about limiting SOME admin level activities for users with full admin rights.
Sudo is completely and utterly different because the *nix user model is very different to the MS one and much simpler. There is not really much point in comparing the *nix user model and the MS one. MS is about "flexibility" to put things politely, which is why there are so many things that do not behave in an obvious way if you are looking at it as if it was like the *nix model.
Ransomware typically runs as a normal user, without admin access. Yet it's one of the more devastating forms of malware. It doesn't need admin access to rip through a company's shared drives.
There are some apps that don't respond properly with UAC; I had to use admin for my son's computer (he only had user status as he was 13 at the time); for some things, I had to switch logon and login as administrator. Couldn't even "run as administrator". Pain in the butt.
Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
Context here:
There are two different scenarios that have to be discussed, and they are very different.
One is enterprise users...that's people at work, using Windows. For them, Admin rights are really not usually necessary, and there is someone else (the admins, obviously) who can serve in the admin role when needed. This is where the biggest bang for the buck of reducing user rights comes in. Yes, there's software that requires admin rights...but in the enterprise market that is becoming increasingly rare, and there are often ways to hit a middle ground where that software will run without giving full local admin rights to a user.
The other group is home users. This is the sticky wicket. Yes, there's UAC...but as home users aren't really that technically savvy. So, when something asks them to click (assuming Windows 10 here) "Yes" or "No," they will often just choose "Yes" because it's what they've had to do a hundred times before to make something valid work correctly. And that 101th time...it's malware. And sure, you could have them using an account with no admin rights at all, but then who would be their admin?
So, as you debate TFA and its message, keep these two scenarios in mind. They both have a lot of users in them, even the same users when you think about it...but they work in very, very different ways.
For your security, this post has been encrypted with ROT-13, twice.
But then you'd have no employees left. There really should be some level of basic training required/supplied, but most places just won't do it, even if took just an afternoon.
Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
Well, that's true in the same sense that turning off your computer mitigates vulnerabilities... without admin rights, nothing works in Windows.
Proud neuron in the Slashdot hivemind since 2002.
But then you'd have no employees left. There really should be some level of basic training required/supplied, but most places just won't do it, even if took just an afternoon.
Unfortunately, getting people to switch to a critical and questioning mindset takes more than an afternoon. For many, I don't think it can even be done. This makes protecting the business from its own employees a necessity countermeasure, as long as you can't segment off the insecure users.
On a work laptop, I can write to my 'c:\Users\\Documents' folder, but if I try to access it via the various shortcuts on the left of the file manager, I am denied access. No UAC, even though I have the password for that. The permissions on the thing vary based on the path you access it by? That's messed up.
I realize this is Slashdot and we have to hate Microsoft and Windows, but what you described doesn't happen on a normal system. It's like the users on this site become complete Luddites when dealing with a Windows machine.
It's a work system. It has whatever IT did to it, which is a spattering of the usual anti-virus stuff. It happens. Should I think better of Windows because it doesn't happen to some other people?
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
I call bullsh*t.
Professional Windows Administrator (3000 boxes in 20 countries in EMA).
I maintain 4 Windows accounts, (1) my user account with "email" and "sip" account. This does not even have local admin on my box and I work just fine. (2) Administrative Account, but NOT Domain Admin account. This is account that will have admin rights on servers and some delegated AD permissions. This account only does "admin" activities, eg - user account creation, check event logs, and mostly by powershell script - on a server that I never, ever browse the internet on. This server has Internet Explorer locked down and only admin utilties on it. From time to time I need this account to log in to server desktops by RDP to get specific tasks done. This admin account is never used to do "user" type activities - eg open word files or fill in HR forms. (3) A Domain Admin account - 99% of the time this is changing DNS entries, and (4) Enterprise Admin - with 99% of the time is publishing a new certificate template, with 1 time per year upgrading the AD Schema.
No admin account has access to my email and vice versa. I show VIPs that not even I run as Administrator and the "but ... but, but I need it" arguments drop like flies.
Q:I was listening to a CD in Grip and it sounded horrible! What's up? A:Perhaps you are listening to country music
I call it user laziness. I run both my work and personal Windows machines with UAC set to the strictest setting - prompt for credentials on the secure desktop - and I do quite a lot of work that requires occasional admin privilege (such as running builds that require local admin rights during the installation phase). It's not onerous.
People have been living with manual, explicit privilege elevation for decades: runas on older Windows releases (and add-ons for even earlier ones), su for UNIXy systems, operator terminals for mainframes, and so on. The modern era of minimal-effort click-a-button elevation is a trivial cost for significant protection. (UAC isn't a security boundary, but it blocks a lot of less-clever exploits). Anyone who can use a computer can quickly learn how to use it.
There's really no excuse.
Everyone who wants to be able to run anything. I have about 50% of my shortcuts on my work machine (where policy prevents logging in as local admin, but one can use local admin), set up to run applications as local admin, because so many things still require it. Windows may have made it possible to run applications without local admin, but that doesn't mean all the application writers have kept up.
Learn to love Alaska
50% of apps won't run without admin rights. I pulled that figure out of my arse, but it's probably not wildly inaccurate.
So every linux distro is also insecure with sudo and su?