Windows - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Windows


Are Your Windows Ajar?



 By: Jason Brooks
2002-05-22
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Windows story.


Rate This Article:
Poor Best
eLABorations: Best practices notwithstanding, a great many Windows users spend all of their time logged in with admin privileges

Lets have a show of hands: Who out there runs Windows with administrative permissions, whether or not youre engaged in the sort of system configuration tasks for which those rights are required?

Logging in as an admin for everyday computing is a bad idea, and this shouldnt be news to anyone. Admin users enjoy unrestricted control of a machine, which can result in some significant security gaps.

Best practices notwithstanding, a great many Windows users spend all of their time logged in with admin privileges. In fact, there are enough roadblocks to maintaining the appropriate user permissions policies in Windows that its tough to blame users for disregarding them.

Resource Library:
Earlier versions of Windows created an expectation of convenience that is not viable in a networked world: The same protections that prevent harmful code from slipping through a Web site onto your computer also prevent the auto-magical installation of browser plug-ins that applications such as Web-based conferencing tools require.

Windows 2000 and XP have facilities that enable regular users to run applications and some configuration tools as an admin, without requiring them first to log out. These features, which are enabled by the RunAs service in Windows 2000 and the Secondary Sign-on service in Windows XP, roughly approximate the "su" feature in Linux. However, this is one case where Linux has Windows beat—for now, at least. Many configuration tasks in XP and 2000 still require a logout.

While Microsofts Windows XP has gone a long way toward exorcizing the intrinsic security vulnerabilities that haunted the 9x codebase, Windows security continues to suffer from its single user, non-networked PC heritage.

Many application developers have yet to get on track with XPs application security model. For example, in our recent tests of Groove Workspace 2.0, we had to set certain permissions manually to operate the application as a regular user, and weve experienced similar snags in other software as well.

And rather than re-educate Windows users to expect the complexity that accompanies proper security policies, Microsoft has worked hard to mask this complexity. For one thing, users created during the Windows XP installation process possess administrative rights and no password by default.

This certainly makes for a simpler setup, but it does Windows users a disservice. Microsoft, in a document entitled "Why you should not run your computer as an administrator," outlines whats wrong with this XP trait as well as I could: "Running Windows 2000 or Windows XP as an administrator makes the system vulnerable to Trojan horses and other security risks. … If you are logged on with administrator privileges, a Trojan horse could do things like reformat your hard drive, delete all your files, create a new user account with administrative access, and so on."

Enough said.

Do you run Windows with admin rights? Drop me a line at jason_brooks@ziffdavis.com.



  Reader Comments: Are Your Windows Ajar?
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Windows Articles          >>> More By Jason Brooks
 


x}r㶲s\@♵M=ҔlcXgRJEĘ"Hʗ䬟/Oo<xӅ|LO-`n4w~ I Ӟc,,J1أ&$5]4Y=*rdx9%GԲ|W軫F]̩]ύP/!kH|Nშ bH %3jNgA]k3S{l)ečz9o0 fE63&6I-s!%֥qɏͽ'c [tV8v T| p\;=a>$E%k4EdB>vn=ݣw2 w:bq!黖pHF3ZU ؓ ۭ@5l"s9ȹ3oWnhɿT͝ L4H %UHIp'z:r,#cr<rDJ53螩[mɧ9]oԏ` [T`2E%$7 V:\تyO,ӇwRce[':6g5]Gf9 8$ z3 wE-b6JmO |l ݟQAǎc"3N9Pu#o8 Ɩ94͑J5(GJ\S#x.gچs[7q*sؙ??Wʪ)Jۿ]H#Ko -%;ZAPt;'W~t@.zQ@ X_d}+5UJ`Z. G$/ Z@3>gNwkQ2Z-_ ԊhGZAAv,f3} 3+i3*5dNxВ-AoA>E,[3sAT4 ̠K`W:k 9zq}ں~\z}rڻ"IYxG0p Z_Zr܃-zb M iTj{Cw2|&޺x|9!9I '/g90do-Yn_H.)M|T|Y|ěy#0ri4(=M9Zujt0kPko43@_x0Nukas'@kiFPYL`6R\ 9lb)6B̄H )7R<&,)|YB* brݢPP3>ΧKdoF" eF"ȅQ.% > g|8JKu3b}૦yx!Dwެu*մޙ-~ӢKsi|jHwno~hǫuw#вnZFI9QM}{Qk,VRSWL F̶-a[e)uNu߽C 1NS'}95ż>m;4}t>჎$ticŦwh4@LrӇt!L~L;ݣn]?&tao7,AbGa`ΩsZ LP#AтMx>kIOmM_́-s#08wwɭ 5 <QH>X^0 jp.HpyE]q2>7}woouG&Qc1޻Ԇ.q<ɜk) %P RRP$C hI#r Bг1,`@o!``[Xk ab .<ҶBI}vn<){TKh!+K@fsfh(4{~X9{DMfT`B[ᛥLKak`FZ,#M& yz{@ZWgi K0w?a!1s WQ's?;\ύ7!v<;-%`p=Ͱ"̴b\u4L4 ƙ9 R g?fx0-qڛ9wCVw]ˤF|a* ,q7! 3Ͱ&q8+owzjr=ʇSMrB9;e7y_*MmUPS7˕L4+׬uPM g2)*[hs< 9:ȭM7)\IYbT9XScX`Dn Lzb8sm/n$)aV|\uΖMkͲG/ 7R@2Km *4F@0V_Xvo jQtV(&АT um:\X3,# %>D!1~ha2(_Kp3w{؈=5'0_ܰ탡[*+n3)Ka4EsXjgܰ&P wC~;[0P.m^.FVމu<|꒾w[_C-<<fRqgӠEae ΤԪLM>kQ@Ï_ƅ/c%|e*8tkpp0쟶Wׅ=) Υ_$̧W6i+D Ӝh2F ÉiHuߴ6WKH>LZ`!?RP՘IO5 &^PGe d^s`M[`R9Dzl lF4]}ZjtM{ ipj^DZiI~~~0*Ly.|/|uVN0\?@R)Ö1sgdim&ǙZT'/ł\PZr>r+b"[8:T:$C 07`q0$0/ұ@%Чㅇ>pӞrFVyUBH~T+BZ=N QQT*8Y+0y/o'SO@H.Cd/p8ݙzQoN?+!f8h2ܦ;pC.>#]\aQa3Ɩ=4FX?`7 $̮$fG` cM)WHF(1*' L-`Gwf^=/YQwSmf18D"pL.-/|o pe0GdݤS(H[DG`; nUESU[z7fy@L t@XqHG&;3E68o:+@5-r ?Ť֊k[S GťR #خf>u*Z֢Ӫ`fBc$D!3#2z p[kh0h-f;Z;pLjg  h+sJbOW2EߚizryjFYT^yę ?qكBo'0Aɴ:(1<6|o D |&q3旁^䞫VJ% `,fqNgA:Kln?`,s{_`pl1\Anc>7 Wnb*r6=_?J}[L4'@V1-0]̞̙A-mۨ5 L Vjeav əV"sIefj 㦧RRU V_A3Fˁc_.qDyC[_RUeH4yJY0k % =Eٸ1ǞSLBԺخOlITY)(qg@Zf2U)+e"m=Ͻ \X Z> &RrEuE;tЋ­7*6P#I?P*~ EPGIպn2RBE-) CE 9 ^  lZv~@ kpo= 2j>uR`fK&2_vFܖ[J,]Aa u0 mlrKz]w޼@8̕Kil'ϱ+Kzf@utCȪVuZU ՂVE'sLٞEA(zߏCWuRԣo{{C4g?"X7Swguċ)us#\Դ"hw ĶRsG'Da@qC` H\WKdQ"Y rrjT GrF2R@BZB$d1~t.ė4'?wD;m)u oл< rDp'Bjw>\$'d0 srn^'6b7 `[&IEyD=Sk!;fW쐶CվZ+,8;XKr!Vj,8Aϐa6(G<]?ּ~zv`N5gs \:`Acn ~]ު8Gq\x,3udO>^j[Cx92O> A#؞qbLd<J;lVpN Ϧv_ O%FJMc-ێ!e_Ц õcV: ?!IVܱS,*_1;lVŗ3SOp&5U)&5ŗ.o4y˭0L L ܻ'Vxe86[b[03| ttnڰJ[~vk,rtېozbɼ߶L`@pq#!esŘ>EqG<.GG TE+'{u1—;`\lp^!]sȲkE`ymY(cy*/ H{=F9*e9wĖI gBzŏaVNҶ/ H0-IZT4-IcRΝ@ނ> ?7^ "wu?\:ySHbFMmzh/`ɦQ-14qSY_L 8 Kw2g@=X );s ,?''$&VL:'9~/n!2*CϜ;iଶ[YMh4\ Tq gaikub"P w!"@!D"0쮬܊(PP"-)B4~qj6^ Bo0@RUIMbG%V>@[j9.ڬH!K'3X=RDZƎRɘdl/rmDz}$B"fv39BJlƶ5wg+Mٖ /Vۥ1 G)v P@Tb)`%t K",+KXN%0".Up R'$ӈxkOPlm9Rvi_a`(}p$Fz,I%YHNjUuDǗN-z^)R5]y<>Xk8E7O}KMUpE/NKC|.m+,WQKΝ3֙i<-TQ J1CBȡekZgHq_~6B<&'ix3"Pmka/ [P`>D&CYIbwoi1&,,)"6Ajf%~XrcS$n)MMIb0}|LT rDkԼ^?t_Ze7 ao|˪ jl(i˒IJqӘr wq&<{!]O|Tơ~'>M/Oa8+]ŠϠTQV}=Wo8LDp+ ,xyci_ffۦWi'8f#}/D(FLh^h_U~H:}S>s|nl΢Ɣ~!^x= &BDk-\hf/7̜$ | y.Nf.VX;tǃQA-7&akb?]L^@gNTrt3_zmt{>%c_zFQ\>.]R]#aNf\w7h@q5#cL*jJm3.J[l-a $jяM/Iex ([rb镦<SV/3* L؃@v<ː4jmv#rGP1ntAZ,&RHӥWd./(^K;r҉GuDe.9P_ _l߷؅;ϷʋBqiHw)| (Itg *@$B& ar?q!k8?m_N!GƳ^.||||_OZ-ԯۧj+vgz[7 tt91ct߂I 0$pPl<e6BxCs7vݩ禽gDx OŋTi;Ow]@VE6,ѹsKWս*eX -}-'w[̀3=8-@ɼ#l$5̐ؐ,l%I"q0M ;),✉fnm% ߟ&I4p7 DjXWȓwu:z`{)517 5Ox{/EҶ O]{T_[ _UkZrw2О$/Mw qM[\;bVd=-Tw߁^<=G&8"3}5]ckE_A-ʴjgϡк%\k15mHC g oq'S:`) 0.xGD)L@{4;VS\0kL]m|{#o=?&&3(, @^tc I?I5?2O:3&-?(pXOc{[ŝ |ɮO4=T1.8DZPN|l:.k*juڷf!$, *X\= .kjc!' s#|IAw7,2G?P9E=яK&1V8EHK,96i>:cWF%5z J 0{CX^qV1&Cg4FuR]SS[Zo^[+W#rd! `,%o,"xa /quQ%PFpxAiLʃxsZz?3lsϩTh,vx-ZȥpL1Zxzz_BtIkb".˘xff@]3&^ME*ނ0HuPqcѵf UP+$c`7\?bTy G<)fF<@L8h;bW=Vڹ𖸴q yK-y-J4s35R97Y}9u:HP*$Zz EO9:h\z1߽Zכko~ Xڨ]Lc O7x.%5&o[I{e0d$-:w^aci*qwm[*{yJMh>#Ծ5=F+{^n9R==0bXYrVҴxfV-j%!V㬤{4K"o7HRT`Lum2ntl8TJ[ J9\{6݊jm฻*F6#ZIi8ڻ4x=S)W'nYVmIr .kh>a{G )ﵪ(5 /UP8AnK]ݴX<Њo>Soɀ } 4rt7\9P[;a8 Pmʼ܏@'B )&}o MðhDLRO›7`\vD! CVY aIm{7R[ $y"?ZED`36:mفf\}G@F@}m"L3<y(S}tS0%~CAxpI<R+6tS-=p59r3{/F\o|J7o9fH s97*?_]RHE>p.gj5(UtK${L*2&Bs8579|_LiJ%a k(E$7cf@=n#B ~=cLFkZ1;\Eq>X/ ~@>:LQXj*{3wģ4ϓ/ }_$R Df)@Q:EWU T,G,(!G)%D7UI򽉑0u ,2us x\jHK$Ѕ:y,@#!9ωkYco u;3Ǿ̒U = MꪂOJBveX &0VR✾QzC'Fq,4ꟉeMK&JZ!0BW0`A='i92ag4t\K- ̱~@|LBz،\3ݾk4//?iӫv?O:N{x Z[8ju't{'ϧUbo<10kym2_T .Q9hvNYPʹ~oQ{ʵ,% y*wDE 3@cqy^ <1O38Rv QW~0`b_)oZW~_˦V\k! >?BVՉt.5]rZO-:mx9jSN*4}V08SD~}2 vnŚ/JYy<* t=}}Ba(c#h6 cHO8ѭ=R\G,[Q=PW.v:*`v#y`ćAx`?&7S.wpyk;ُϋGkwյC5Af_b 9)?'OxVf}4;([LԸGpoQV" #<5 Mgxĕ,##1ˌY McVk*q.w ic~4]_p8 "s k!vzK2jQwh}r:X Ãa`a?&^էz >ΐRx܁AGR(qMa{MY{N6 )4M뚈ѝeX "-zK-tz JJ @b %JvMLfUgR۞,`'/];gH2G$!|c*=S2m-)e'r}7{,ݤdv/+ 0bŽ%Ovq>7. %#t#R.܋OFې)0XPy74w<pI0)`tխ`&sˠv= ˎuMc(ŬBCd=)O?5'[nEG\<>aiЀΧYp穎m,U|Al>cx 'LwT5Tc:۳i|?e Lwt4Z<n0kn>Q$L{yw=LJ D ϱ.yبogn`Cl .3.OY% hWa) e71KLP`Ol3ӈj3w6G}dȱ(l}j͜GԋO0xeҵh_ynqY?[ m-1k$~El=fu+Wr1e~8Şi#}@ }(ۉnFة5`y+@ 4 qSg.(ZF#,Wc ҭ<P@Ac.v^eܜ1ǛtE]hT[)**36 /ߙnވ'.Qa=q iO1igNb :oelX lp/>G1' 0tcfw^?-I>2#" $8zIW{{a0&|iE㨤t`C v_ <8 cL;ecXJX2!&ۅ 7O80Ux|-h\}[}pXˉ>S1|[z00jPLP9͓ a0*=:`-hs&w3ǂ!y0Ǖ2D1F(-,1f.& w Axv4<3GTF_E@KE7b)UĔ&\RKnrmmk )60M׏Är"+poq=y[әJpg8g0N^ZpTT/>%hw2b5ʧ=M~p v1,L!6ŠKNš|]r'^@:mv;yH%D=C ɳQFk;O(QFp68\S|;]`gd^z