Lets have a show of hands: Who out there runs Windows with administrative permissions, whether or not youre engaged in the sort of system configuration tasks for which those rights are required?
Logging in as an admin for everyday computing is a bad idea, and this shouldnt be news to anyone. Admin users enjoy unrestricted control of a machine, which can result in some significant security gaps.
Best practices notwithstanding, a great many Windows users spend all of their time logged in with admin privileges. In fact, there are enough roadblocks to maintaining the appropriate user permissions policies in Windows that its tough to blame users for disregarding them.
Earlier versions of Windows created an expectation of convenience that is not viable in a networked world: The same protections that prevent harmful code from slipping through a Web site onto your computer also prevent the auto-magical installation of browser plug-ins that applications such as Web-based conferencing tools require.
Windows 2000 and XP have facilities that enable regular users to run applications and some configuration tools as an admin, without requiring them first to log out. These features, which are enabled by the RunAs service in Windows 2000 and the Secondary Sign-on service in Windows XP, roughly approximate the "su" feature in Linux. However, this is one case where Linux has Windows beat—for now, at least. Many configuration tasks in XP and 2000 still require a logout.
While Microsofts Windows XP has gone a long way toward exorcizing the intrinsic security vulnerabilities that haunted the 9x codebase, Windows security continues to suffer from its single user, non-networked PC heritage.
Many application developers have yet to get on track with XPs application security model. For example, in our recent tests of Groove Workspace 2.0, we had to set certain permissions manually to operate the application as a regular user, and weve experienced similar snags in other software as well.
And rather than re-educate Windows users to expect the complexity that accompanies proper security policies, Microsoft has worked hard to mask this complexity. For one thing, users created during the Windows XP installation process possess administrative rights and no password by default.
This certainly makes for a simpler setup, but it does Windows users a disservice. Microsoft, in a document entitled "Why you should not run your computer as an administrator," outlines whats wrong with this XP trait as well as I could: "Running Windows 2000 or Windows XP as an administrator makes the system vulnerable to Trojan horses and other security risks. … If you are logged on with administrator privileges, a Trojan horse could do things like reformat your hard drive, delete all your files, create a new user account with administrative access, and so on."
Do you run Windows with admin rights? Drop me a line at firstname.lastname@example.org.