Users Overlook XPs Non-Admin Security

Longhorn's default least-privilege security setting is already available in Windows, but user awareness remains "frighteningly low." Can a few developers on a wiki turn the tide?

Microsoft is sparing no expense to spread the Least-privileged User Account security gospel ahead of next years Longhorn launch, but a little-known fact—especially among IT administrators and end users—is that the technology is already available in the Windows operating system.

The LUA principle, also known as non-admin or minimum rights, is accepted within software security circles as a key to reducing damage from malicious hacker attacks, but on Windows systems, although the option is available, experts say end-user adoption remains "frighteningly low."

"To the average user, the notion of non-admin is abstract and obscure," said Michael Howard, a senior security program manager in Microsoft Corp.s security business and technology unit. "Most users just dont know they can set up least-privilege accounts in Windows today, and thats just a sad reality."

/zimages/3/28571.gifRead more here about the advantages of the "least privilege" approach.

Howard has long argued that Windows users can run as administrators and conduct everyday computer tasks by dropping unnecessary administrative privileges when using Internet-facing Internet tools, but, because the Windows default is for accounts to be set up with full administrative privileges, the damage from nasty malware attacks is worse than it should be.

In an interview with Ziff Davis Internet News, Howard used the example of a recent mutant of the Bagle worm family, a piece of malware able to create files in the system32 directory, disable firewalls and other processes, and delete key registry values. "All those things require admin rights and would fail if the system were set up as non-admin," he argued.

Looking to increase end-user and software developer awareness, Howard and a group of Microsoft developers have added information and tools on a non-admin Wiki aimed at Windows users.

/zimages/3/28571.gifA Microsoft worm cleanser goes rootkit hunting. Click here to read more.

On the Wiki, the Microsoft security gurus are sharing tips on how to set up non-admin accounts and explaining why widespread adoption can minimize the damage from rootkits, backdoors, keyloggers, adware, spyware, viruses and Trojans.

Howard stressed that user accounts with fewer privileges will greatly reduce the Windows "attack surface" and pointed out that several easy-to-use tools are available to help non-technical users find their way around the no-admin versus admin maze.

One of the tools, which was created by Howard, is the Drop My Rights utility that allows administrators to run Internet-facing applications—e-mail clients and Web browsers—as a non-administrator.

Howard described Drop My Rights as a simple command-line tool that can also be used to create "safe shortcuts" that always bring up an application as non-administrator.

"If youre running as admin, you generally have a bucketload of privileges you will never use or never need. With Drop My Rights, you can run any command with lower privileges and do everyday chores without being at risk of having a nasty piece of malware take over your entire machine," he said.

The Wiki also provides simple instructions on how to tell if a machine is set to run as admin, how to give a user account temporary admin privileges, and how to force an application to always run with low privileges.

Windows users can also find an Internet Explorer toolbar that provides a color-coded display of the privilege level of running Windows processes.

Next Page: When admin still makes sense.