Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News

      Are Your Windows Ajar?

      By
      Jason Brooks
      -
      May 22, 2002
      Share
      Facebook
      Twitter
      Linkedin

        Lets have a show of hands: Who out there runs Windows with administrative permissions, whether or not youre engaged in the sort of system configuration tasks for which those rights are required?

        Logging in as an admin for everyday computing is a bad idea, and this shouldnt be news to anyone. Admin users enjoy unrestricted control of a machine, which can result in some significant security gaps.

        Best practices notwithstanding, a great many Windows users spend all of their time logged in with admin privileges. In fact, there are enough roadblocks to maintaining the appropriate user permissions policies in Windows that its tough to blame users for disregarding them.

        Earlier versions of Windows created an expectation of convenience that is not viable in a networked world: The same protections that prevent harmful code from slipping through a Web site onto your computer also prevent the auto-magical installation of browser plug-ins that applications such as Web-based conferencing tools require.

        Windows 2000 and XP have facilities that enable regular users to run applications and some configuration tools as an admin, without requiring them first to log out. These features, which are enabled by the RunAs service in Windows 2000 and the Secondary Sign-on service in Windows XP, roughly approximate the “su” feature in Linux. However, this is one case where Linux has Windows beat—for now, at least. Many configuration tasks in XP and 2000 still require a logout.

        While Microsofts Windows XP has gone a long way toward exorcizing the intrinsic security vulnerabilities that haunted the 9x codebase, Windows security continues to suffer from its single user, non-networked PC heritage.

        Many application developers have yet to get on track with XPs application security model. For example, in our recent tests of Groove Workspace 2.0, we had to set certain permissions manually to operate the application as a regular user, and weve experienced similar snags in other software as well.

        And rather than re-educate Windows users to expect the complexity that accompanies proper security policies, Microsoft has worked hard to mask this complexity. For one thing, users created during the Windows XP installation process possess administrative rights and no password by default.

        This certainly makes for a simpler setup, but it does Windows users a disservice. Microsoft, in a document entitled “Why you should not run your computer as an administrator,” outlines whats wrong with this XP trait as well as I could: “Running Windows 2000 or Windows XP as an administrator makes the system vulnerable to Trojan horses and other security risks. … If you are logged on with administrator privileges, a Trojan horse could do things like reformat your hard drive, delete all your files, create a new user account with administrative access, and so on.”

        Enough said.

        Do you run Windows with admin rights? Drop me a line at jason_brooks@ziffdavis.com.

        Jason Brooks
        As Editor in Chief of eWEEK Labs, Jason Brooks manages the Labs team and is responsible for eWEEK's print edition. Brooks joined eWEEK in 1999, and has covered wireless networking, office productivity suites, mobile devices, Windows, virtualization, and desktops and notebooks. Jason's coverage is currently focused on Linux and Unix operating systems, open-source software and licensing, cloud computing and Software as a Service. Follow Jason on Twitter at jasonbrooks, or reach him by email at jbrooks@eweek.com.
        Get the Free Newsletter!
        Subscribe to Daily Tech Insider for top news, trends & analysis
        This email address is invalid.
        Get the Free Newsletter!
        Subscribe to Daily Tech Insider for top news, trends & analysis
        This email address is invalid.

        MOST POPULAR ARTICLES

        Latest News

        Zeus Kerravala on Networking: Multicloud, 5G, and...

        James Maguire - December 16, 2022 0
        I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
        Read more
        Applications

        Datadog President Amit Agarwal on Trends in...

        James Maguire - November 11, 2022 0
        I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
        Read more
        Cloud

        IGEL CEO Jed Ayres on Edge and...

        James Maguire - June 14, 2022 0
        I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
        Read more
        IT Management

        Intuit’s Nhung Ho on AI for the...

        James Maguire - May 13, 2022 0
        I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
        Read more
        Applications

        Kyndryl’s Nicolas Sekkaki on Handling AI and...

        James Maguire - November 9, 2022 0
        I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
        Read more
        Logo

        eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

        Facebook
        Linkedin
        RSS
        Twitter
        Youtube

        Advertisers

        Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

        Advertise with Us

        Menu

        • About eWeek
        • Subscribe to our Newsletter
        • Latest News

        Our Brands

        • Privacy Policy
        • Terms
        • About
        • Contact
        • Advertise
        • Sitemap
        • California – Do Not Sell My Information

        Property of TechnologyAdvice.
        © 2022 TechnologyAdvice. All Rights Reserved

        Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

        ×