The Admin Rights Hall of Shame

Opinion: It's not just the junk you download that can mess up your PC. Lots of "legitimate" programs are poorly written and can interfere with good security practice.

They dont moan about it in public much, but several Microsoft employees have complained to me that most of the bad experiences users have with new Windows computers comes from the dreadful software that OEMs preinstall on those computers.

Large businesses dont generally put up with it. They dont take the preloaded media players and other such junk. They make their own Windows images and write them to the new computers. But smaller operators and individuals often dont know what theyre dealing with.

Dell recently started asking users what they wanted (imagine a company asking their customers what they want!). Now that someone posted the site on Slashdot, youll see the answers dominated by an open source agenda. But before that, the leading answers were "NO EXTRA SOFTWARE OPTION" and "Build computers not loaded with extra software."

/zimages/3/28571.gifThe Google Apps Premier Edition will give the search engine pioneer the chance to see whether it can become a software-as-a-service powerhouse by selling a basic suite of online desktop applications for $50 per user per year. Click here to read more.

In fact, I would say the best option would be for Dell to allow the user to choose which of these programs they want, just the way they let you choose the amount of memory. (On the other side of this question, I just priced out a computer the other day and the Dell configuration wizard has already gotten frustratingly long. I ended up buying a kit at Tiger Direct.)

But the option to have a clean install would add value for the user. Of course, theyre apt to look at these things differently at the OEM shops, where they make money off of the software they preload. So it could be a tough sell (but not as hard a sell as getting them to waste their time pushing Linux to consumers).

Many of the problems with these programs are simple stability problems, but the big problem these days is when programs require inordinate privileges to run properly. It didnt take long for such programs to run into problems with Windows Vista, which runs normal users with limited privileges and makes it less convenient even for Admins to perform privileged tasks.

At least by default; you can turn off this LUA (Least User Access) feature if youre stupid enough, and Ive already heard stories of retail stores turning it off on all their models so they dont have to deal with it in front of customers.

Im thinking that Vista will shine a spotlight on lazy and/or not-very-good programmers who continue to require admin privileges for their programs. Id like to call attention to two other sites that are helping in this effort.

Aaron Margosis at Microsoft has written on LUA many times and has written a tool, LUA Buglight, to help developers and admins find the bugs. As Margosis points out, most of these bugs are pretty straightforward and developers should know better:

By far, the majority of LUA bugs are due to registry and file system access. A program might try to save its settings into its installation folder under %ProgramFiles%, or it might try to open a key under HKLM for "All-Access" even if it only ever needs Read access. However, there are other types of LUA bugs: attempting to start or stop a service, load a device driver, access hardware resources directly, create or manage file shares, or even explicitly check whether the current user is a member of the Administrators group.

The other site is the Admin Rights Hall of Shame on Here youll find a list of programs that require admin access. The maintainers keep up with their reports and note, as in the case of QuickBooks 2007, where a vendor fixes their problem.

But there are many examples in the Hall of Shame list of programs that commit the errors Margosis details. Consider World Championship Poker from ValueSoft, which "Saves data to a subfolder in Program Files. No configuration editor to change default save path." Many tax programs are listed, as are old versions of AutoCAD and Peachtree Accounting.

You can see it on the list: many vendors are improving the situation and they had to in order not to look really bad to Vista users. Heres one thing Vista is already improving, even for users of other versions of Windows.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.

More from Larry Seltzer