Windows - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Windows


Users Overlook XPs Non-Admin Security



 By: Ryan Naraine
2005-06-22
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Windows story.


  Table of Contents:
  1. Users Overlook XPs Non-Admin Security
  2. ' When Admin Still Makes '

Rate This Article:
Poor Best
Users Overlook XPs Non-Admin Security
( Page 1 of 2 )

Longhorn's default least-privilege security setting is already available in Windows, but user awareness remains "frighteningly low." Can a few developers on a wiki turn the tide?Microsoft is sparing no expense to spread the Least-privileged User Account security gospel ahead of next years Longhorn launch, but a little-known fact—especially among IT administrators and end users—is that the technology is already available in the Windows operating system.

The LUA principle, also known as non-admin or minimum rights, is accepted within software security circles as a key to reducing damage from malicious hacker attacks, but on Windows systems, although the option is available, experts say end-user adoption remains "frighteningly low."

"To the average user, the notion of non-admin is abstract and obscure," said Michael Howard, a senior security program manager in Microsoft Corp.s security business and technology unit. "Most users just dont know they can set up least-privilege accounts in Windows today, and thats just a sad reality."

Read more here about the advantages of the "least privilege" approach.

Howard has long argued that Windows users can run as administrators and conduct everyday computer tasks by dropping unnecessary administrative privileges when using Internet-facing Internet tools, but, because the Windows default is for accounts to be set up with full administrative privileges, the damage from nasty malware attacks is worse than it should be.

In an interview with Ziff Davis Internet News, Howard used the example of a recent mutant of the Bagle worm family, a piece of malware able to create files in the system32 directory, disable firewalls and other processes, and delete key registry values. "All those things require admin rights and would fail if the system were set up as non-admin," he argued.

Resource Library:
Looking to increase end-user and software developer awareness, Howard and a group of Microsoft developers have added information and tools on a non-admin Wiki aimed at Windows users.

A Microsoft worm cleanser goes rootkit hunting. Click here to read more.

On the Wiki, the Microsoft security gurus are sharing tips on how to set up non-admin accounts and explaining why widespread adoption can minimize the damage from rootkits, backdoors, keyloggers, adware, spyware, viruses and Trojans.

Howard stressed that user accounts with fewer privileges will greatly reduce the Windows "attack surface" and pointed out that several easy-to-use tools are available to help non-technical users find their way around the no-admin versus admin maze.

One of the tools, which was created by Howard, is the Drop My Rights utility that allows administrators to run Internet-facing applications—e-mail clients and Web browsers—as a non-administrator.

Howard described Drop My Rights as a simple command-line tool that can also be used to create "safe shortcuts" that always bring up an application as non-administrator.

"If youre running as admin, you generally have a bucketload of privileges you will never use or never need. With Drop My Rights, you can run any command with lower privileges and do everyday chores without being at risk of having a nasty piece of malware take over your entire machine," he said.

The Wiki also provides simple instructions on how to tell if a machine is set to run as admin, how to give a user account temporary admin privileges, and how to force an application to always run with low privileges.

Windows users can also find an Internet Explorer toolbar that provides a color-coded display of the privilege level of running Windows processes.

Next Page: When admin still makes sense.





  Reader Comments: Users Overlook XPs Non-Admin Security
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Windows Articles          >>> More By Ryan Naraine
 


x}r8qռFsw1E)%[rey-%ޤn"!c䐔m}}AKɜbK@7F7?Ip4ô'sc }{Τ>? ߛF0Bo92r[dZ6Շ)I|S<֠Eu>^Cf&j ͒eB_;D\KG)H7#ǚ MтmdƩ$|úzNԎRl!o43@_x0Fu67Sf4Ms,egy0AM)61rk 3!RBʼZ(z@@jR~nV(USB!ތEĆ> z%Kes7pWM]zjNTꊮ2Wr{熷,.ϱ'vs"e~ S3G#вnZ ZƦcWPT;.Cpk hS2e8l ԰2nб6olA::~f1>QÜ#ͶOCGs>hH2胆6ml-ƹh$ ,70}Hg@zQI4wX8<cOv/|\aPn=j$ >6(Zχ`j˦Mf@B9{ǻޚA<QБ4|a qjQ?]*~hs-w= } wA,߃9#z[LKx GN }p (~9-R;C/1tKt=JI ڂ"D% T h4A'EENNAww$]KI+\fD8nOu$]8gڹLX.QY,p[/ ͙JRdYu Q="`&Qea*0pRx5Qn-`oJcU=1Mz㱩Y ՙdnZi &𝀴40OiH\U}ɲEg0sO<sy h? OuG VV̚s=R.ƃ5‚L;ilQ̴a85) 0|Ch2!isM/Xg5׵Lj; rG%׽ql9an5Ɖ<\y͏3@}(N5i+:/ܑ-ӾZ2߄V 9uC \D r}͚X 4ؐ|&Bw7cn^ښtɕ \=P9P U_IT$3Q2jӧNEۋ)I :3X-8G4W- eSZqlzQn^ӛA| ^֥P@x# dl+/,;7(kc:+_iihH*6@\\3,# %.?W0Z?LpSw{!{jaaC+EE.WӟBZY-xK[ʸASAݐ`AELl5KWթw@4="zڽu@nZcg@`ǟGQ,C*8c( 6Eװ DؙRS{gm1Jhx=e\8XbO`.#Všc-fˋ°^]˦4>q6Ϯm V!2D+ه0`M EDwN{6R^)#0iTWʅĤ_$I?րH{A2,exY΁5mIr 'jY$ Ei.2<87Qo>U< ıLb0qqغ7, 2q͝a&?@R)Ö13gdim&;ǙXT'j/bPI}'Xk5F><}*O|INtxGF ‘"}yjmA6\,0|"j*VD0pl@;RԒtZC ^~~ JI:hdT{>S7Ϗ9(gdW%d)'HZ+k՘P+Rj~~{ ߥ:8tc}ywۛA~M4,}* A_!m^:J[09X>: ;212& z@jAbv6 (L50Ȉ%=GlTlm.1֞m$R*nC01^*== 7S_ -ʖvg˦ՆgQyϤn[.|zK>'g8 MGFi$]|;P rfVɍZtNd_&ȣɘ+ZN`f038ʃz28c= [ |{.r :7#UIV:Mr_&kA}kPow(*Kq3`93"豥mBtP+'&GlzxVm"y'"#əN[h x̽~ZÄsqӳP.T*E0=k@" a]&k꾬=M~ITyC[)JaHxG2gd7(Ъ#iB/%{N1 Qc>?/$*RQv+ր ki+TTV ?3pa-X,Ԕʱ3H)k(G܉?^nȵ fIz?@|)@U%UHU,UU\Hz, :*7xџ6XD+(++i-^2۹im.E9[ 4˷ʨK3["X.DД7Ϩ3Rb  kQh-BwEr`0W?4$NcVqDMc?րh)k03?0RiʊZ;T$ԚkEI=NM= h˃QaߏCWuRԣ{{C4}3݀,+L)q31Ȕ:ɹT)j b[-W+c"]0G\0R=B$Kr]N6[_T ad9#T`| @)c'd1s<œo =$P_؆ +~W?l)ɑ$ |Bʍ D;}ZXa7&3 1114/x߽~PkljK( L $q)YUihja{I1A$Kz\|:3>L̾~xf :# {L۝w(0^+{^i\#-0MC>KV_G|L`ueKtlb8K} LAIP 4p>&ik#Oju.Im}6#8-odD4|7Nys)}ڻ]xsٖ zWs=A DH͋λ#䄬W!yN/FSLo2YGr~I]a3DH݀h!u}͙b9I.Dz=d_Ug0Ttx#ͣ)۵cocs~uk`!旁1d|PZc  @RPOh5[#ZESt$;3^Ih !:e}E/S)Q\(OYY}ڻnr3Kl}A_(v[JӷoHW蘧KwtEdW(hLVfsF;HzdNlp j_tESrF4/%a]Zin} zsDaP;DZ3pu*hhw QWZ4ҫ&Brc'?<@s`S¼*G<K=t#aUb׽msD;1u;2x;zZ1?ݾpne9?jwh{t3q=vbϓ{~\[5("Ξe氎cԺl+ҿܳRpfi#ހ4/kҼ485LN0g,H~";#|$~>x_GM{uS意G ڝ9k3rĸ~in =hK_x?OKҽ{c;᧥}es7tRTsd{I6$BEͫ*ۻɾZEVd.tٗ w|621@7Yu d3D?ye1>R35|cy~}I.~(TR/fO,J麇\%(S]MT-/^\RK>\_ϫ@< b]_ I{Oz[6N ĢWi6^3~1O O=pԶ؉ǓExxg!,d9a}43G0[ʱ=Ιd<J;oݭnM M A;"J [4 2UCnK_&Z1iE0pDVa'$\bwl;ʷ'/G'?[{kE|;̔-u\ )&5!o4y˭0L L ܛ'Vxe86[b[05| ttfڰJ;~vK5HmH7 plc7=bɼ߶L`@qq#!e Ř>EqF@M#RiY6=Ө+EXŇE4Hye>kLk9 J >L>=ƒ%f? )5=Įitz!H_Lb{Mژz*G,b;'={x=צZ-?8LJ~ߘIt\[i{0H^Z_Vj0!MY9U}6@{ 斜 Lx'fɃsF H.mI 6 fVH~)fj4 \B5 `'^.1^.oŗRJH>RV5O 5&,F3M J0'!)ɗʵa1Cgk 6Țh 0 ԊEyi<Nz()ҋ@zJm[)8tM/Iݯ̑\:6ɍ*g! =hu`"O۷= vKا&TPٖ}*/>0ӱ + 477@দg\i^@sfi(ʕZfhaH 7Cf-{A{*5^̗TvbHWygZt52xKػ$zgo@5qVىR` %xp;7ŹWWWW{B±zy0>L8l9B3ღGxo!l1osP Ҍ79^ &H0](A[L~% shx[ fx*a`ԁtÀ!_wI'EUomojcˊ?w}Lg;4^?k~~//u~ىG}JA:XLe-#I4b' /A1D+b@/]j }50&[w3Mq_|cuL3.NeãEA@,~VxrژLvQqĴ}4Ґq'u[>1^)+f?!^tIw'y}LdyqfSxWe vf0}PCu&5[{ωk{T9 ? KL)PG!FB~2gW~ j~dg4>RPy!Fvя{Kb+.$J7{$qThkkj55AV^ e 6cZrD,?tUHE/]^| ~8. dP /_Z6`;LVPm.͂͢E tCc%5S|̢]ZX:~eL<^^AFS3 i"r\IA$TCz(rM`o ~Ũt6ʣg5̈Gbv mz^CJ;7޶6]4_q=!o7ݛAfnVu$#Koy#On@)Op'@c,iWw".jGf 7[+x6_j~ R.gI*]Z 0>>4lV+V+s eRZ`rz OYZ+)`cqr !<5rծ9< Փ>.,b'c0/Řۏ`^.b¼y&up\<+K Ò'KSSdH>HP.$w[q}oa>>(-zpҸFx'#ģ$nb?v ݥDu+in ,l6v-:sh&nbtm-S^@yj4ZLϱp'b^m90؞b4.n3VfljhYqc[VjBƹvi|D(q8 @\5m22]N#V¯n9*1f=0.Y)k``IyOĈVR>fD9mǘoix*b!!S_+@jLB(eYiv' .'G1WWp+XyPkljd}exxaJ"0r[jY4V|~ }^MM .MFJ@Q˯Ig4{}A6ڄy빟i$Y c r'/C\Ixc#&k3dw sF@Yj$G,E -#`Nv=CsA.7`оU #y|Q_o)u&n4a]+s{Or/`EuE)d8y»-l \Zs4c![޾y}/ƈ\faD9p=S-70Șh MQ HxDirtvnOKZ&a k(E$a8mDR,) 00mݚ1;mHG-/uz!8 {+&(?-qE {GLƙ;fQWs´,ug ¨b)F_.JgUEt03w  sn Q&@Ĕv7UI8F-eF Lma`t.t~?]_:܁Aff p͒w\j:rtT b8+M4?3,ȏ]Klݜ(8CZ1I(tCK/HzsALw!@2_7=}c|?ݩ2{xCbwT IhR tX(9CȮ KD8^]xCgrnV? .4W )WTx s#cvFCdԵk`f:jpWWY4uMNםAwIN>u.WםK131F;m^hkLJy22 gn)sC9,jO6W#\]dqxixɎ(ah,.6/]<J*Q^e=DU@*}q7 &6 S)=VԊkm9Gj|q3_M:FySꁠM/G}窜4}V08SD~}: vn"=( 3ʯzsi8Qރ^F9r`sy hjgB3Y}Ae(kw6wZFQd3ˌr'~F'(_dٮ. Y v> tn]nv?2zG(Q~dwQ{1 ?s w1~=/=? /WWq_e s?}g?d_P>dG(U}#cn&&oon2/9IR< 9k^K$kdK"*SV9,.2/޺}hd9Ck+P<PӍQf˩[os J]Xr^7. S@7>cc6H_,mgvlCk:nܙexc"d`UVx.+k.23BLr(pIdh/ 1IBm`Z(>/A0Ks}vP> aB!$NSPsXf@-N-Nk.ܿۃc C >1qN@Umݡ#D3dưz<T1H EY/j55:Z/5*l$9=ASh4ϛ5eX!% i;j9.KPRJVm.Q ?nrfUSmO@Kx.^| PgOߤ–9"QFg2T~{F=*P=eZRO;= n"8Yz#IoFmk_V`ńKz>[?B^!t#R.܋Oߦ !#`A]eKB$ug 3EϩfSo5gA&{gٺ*عiUhHl;:d2֭kc'pG !MX03 <ձ wO`7@#>Ƌrd{GoIkQcB%̯#u`g~"3V[CA6h4_@&s`܈}oDI #OxCr:Y W96L/-  `zmeFeV9DR*,&f , ~sf[mrxgsհ@NDqDgPvxGmm<^|:y-Ecuݍ2ZWL\5"`:Vڕ+zYL1e~}=3ӲG(q2,@P݌5`y+@ 4W qSGghp#ƫ15cB\ (cto Q1?c=Vqٮ7GL}Ӱ+` j7E]EtAcwϏq`2[u~Zg[8KIZ epCdkZ+ 0DqS XMǢVWqTR:!;/D?8 cL;acXJ,oԛ'TS*4.v>ϝ/xDh\NwRL_txV$(DvdzU Z-^cdKX$֬LE")w1G= _5>gvC%z1~X0~v1/渲Y>e5rŤ3a=`>^}]x O0gWPRэX -f1%IDb88)yz&ж?8acTx 1L(I,Yדu!{xZq΋{El>WNENE<<Sf}#)VSL_Xџ_,P>I*'\`b T*7.+wbA <]fs鈇T34[;<;Oo;a}B=FBl4*7λњE:?#KoyIއ˖VP- QwjA0|U\KV{z C%ȕ/-F#xoUAtMz'14ɋmEg,3lW'R}{ol' uE^8%ܖmJHQ&s)#KMbZ)Mj39Q/kEskq>tgLp -ͱ=RZ`'l/Z6?]v6)