I’d love to do it “right”; we tried, here at work, when we switched to a new development environment. However, when running as non-admin under 64-bit Windows 2003, Visual Studio 2005 crashes CONSTANTLY. After this effect was confirmed by multiple developers, we’re changing policy and going back to admin accounts 
So blame Microsoft; if their developer tools can’t run properly as regular users, don’t expect to see developers to start noticing the problem in their own software.
Why are you acting like you had a huge revelation? :b The issues of running as admin/root are well known.
Interesting thing though, on Windows XP I was able to go years without being infected just by having automatic updates on, keeping Firefox updated, running questionable things in virtual machines, and always preferring open source over closed source. Of course, a normal user wouldn’t do that.
However, it sure is annoying in Ubuntu having to enter the root password again and again all the time. _
I consider myself to be a fairly savvy computer user. Although i don’t get much into the hardware side of things, I’ve been developing asp.net applications for the past 5 years. Last summer i reached my boiling point with my home computer constantly becoming infected and was tired of my wife asking why she can’t install something (a room planner for instance). So i got a mac. And life is great! Seriously, that one decision has changed our life (no more getting home after a long day of work to “fix” the computer for two hours).
What are you doing that requires the root password that often on Ubuntu…?
I run Windows as an Admin - So the programs I use do not crash …
… I run as an ordinary user under Linux … and they don’t ?
… Oh and sudo works … UAE doesn’t
“programs that state ‘requireAdministrator’ in their manifests…” So not backwards compatible then …?
Jaster
The magic of running Linux and Mac does not come from account separation. As an experiment, trying running an unpatched Linux box as root, and see how long it takes you to get infected with malware. Quite a bit longer than the Windows box, if at all, even though it’s just as vulnerable.
The problems of home machine security and multi-user network security are fundamentally different. Limited accounts are absolutely vital to the second, but I predict that they won’t make a huge impact on home security, even as they become more common.
Limited accounts are no panacea to home security. A operating system is easy to replace. You can reinstall from the CD that you get with your computer. Most machines have only one user account, even for home machines with multiple users. There are no other accounts to protect.
I’m not saying that it isn’t smart to run as a limited user, I’m just saying that anyone looking for the root cause of the Windows security nightmare needs to look elsewhere.
Look at the list of problems that are mentioned in the article:
Keyloggers can still be installed on your user account, which is just as bad for most home users. Root kits are hard to detect – but 95% of users with malware problems have a problem with malware that would be very easy to detect and uninstall, if they only knew how. Making malware easier to detect is only going to help the minority of people who are computer savvy.
Most bad things, sending spam, stealing your identity, infecting other computers, can be accomplished with a standalone app that runs on login, instead of a service.
Yes, the malware writers are more limited in how they get their spyware and adware to the users, but it’s still trivial once they’ve owned the user account.
Indeed, limited users are absolutely necessary for multi-user security.
Ditto.
But if the user account has already been taken over…
Something that only affects machines that are connecting to a, presumably, multi-user network.
Now this is actually the best point against what I’m saying. If you have effective anti-virus that runs as super user, taking over a limited user account doesn’t buy you nearly so much. But effective is the operative word.
Won’t matter to most users.
Versus having your user account rendered unusable? 6 to one, half dozen to the other.
Again, limited user accounts do make sense for network security.
Jeff: I’m thinking you have a ‘no endorsement’ policy because although you credit Webroot Software as being one of the good guys, you don’t go so far as to endorse SpySweeper. I just recently let my subscription to SpySweeper lapse, but after reading this blog I think I will renew. I’m sure I could figure out how to switch back and forth between ‘user’ and ‘Admin,’ but it would be much easier to let SpySweeper check everynight for malware.
Ouch, I apologize for the typos above. It’s my day off, so I’m being lazy with editing.
The problem is when there are applications that you absolutely need, that are so poorly designed that they cannot be run by non-administrators, for no reason whatsoever.
I lose a lot of time helping friends and family with Windows-related computer issues. I managed to get my sister set up with a Mac running OS X and at least one of my friends set up with Linux. For people who just want a browser, office suite, and a few free time-wasters (games), I can set them up with OS X or Linux, Firefox, and OpenOffice, show them where to click and I’m done (until the hardware dies, at least).
If they insist on sticking with Windows, my time investment is longer up front with cleanup and anti-spyware installs, and longer in the long run due to the inevitable infections, blue screens, corrupted files, etc. The upside is that I occasionally get “free” beer for helping them.
How well does a default installation of Vista protect itself from such sites?
I think it’s important, even with other systems to follow this simple advice. I run Mac OS X and whenever someone asks me for tips when switching, the first thing I say is to set up a separate admin account from their user account. I have always run this way not just for security, but to protect yourself from, well, yourself. The last thing you want to do is delete a folder or file needed by the system.
“Perhaps Microsoft could have made one minor change to drive the point home better: Force (or strongly suggest) the administrator account be named “Administrator” and THEN prompt the user to create their everyday account under their own name.”
There should never be an account named Administrator as that if there is a system scan done, it tells the attackers what account to crack.
Amen to this article. I’ve been running as a limited user for years and have had no problems. I used to have to clean my in-law’s computer up at least once a month but haven’t had to at all since switching them to a limited user account (and that was two years ago with Win 2000).
Sure, nothing will protect you compltetely. But you need to use defense in depth. And that includes running as a non-admin. And those who claim that they can’t just aren’t trying hard enough.
I also agree that Micorosoft blew it with Vista. But here is what I think they should have done.
Require the user to create an admin account on installation. BUT… inform the user that it will NOT be their standard user account so they don’t name it something that they want to use later. Be very clear about the intention of the account.
Force the user to create a separate standard user account and like above, explain what it is for.
Do NOT show the admin account on the login screen. Instead, have a separate link titled “admin accounts” that you must click at the bottom of the screen to see a list of local admin signon’s. If there are no standard user accounts to show on the login screen then it should show a message telling the user that they should create a standard user account for normal use.
Every time someone logs in as an admin, put up a huge warning dialog that warns them not to use the account for anything but administration.
Add installation options and group policy settings allowing companies to revert back to the “standard” way if absolutely necessary.
The whole point is to make this issue apparent and start educating users. UAC is a wonderful technology and goes a long way. But the only way to get the point accross is to continuously bombard users and programmers until they get it into their thick skulls. I am constantly amazed at how many programmers I find who don’t know the least little bit about running as a non-admin. And therefore, they don’t know how to program for us running as non-admins either.
It really isn’t that hard people. If you are making excuses then it is time to take a good hard look in the mirror. You are part of the problem instead of part of the solution. Get with the program.
Quicken can run as a limited account just fine - as long as you’re dedicated to tracking down all the stupid registry locations it wants to write to, grumble grumble. (Or just use a runas/sudo solution…)
I’ve tried certain runas replacements on xp, and so far none have worked well enough to use a limited account daily. I’m constantly installing and updating software for my projects, partly to test the latest and greatest in the field so I can help others; some of that can be taken care of with enough file/registry hacking for the main ones, but it’s impossible to know all in advance.
I’ll give sudowin a shot.
People are so scared now a days…
I been running 3 computers (xp-32, xp-64, vista) for over two years without any problems (except the vista one ofcourse). Haven’t had any bugs, loggger or nasty things in them… but how? simple let windows patch up when needed and … Avoid dodgy websites - yes! you know which ones i’m talking about (porn, porn, porn , etc)…
I used to work at a competitor of WebRoot (I’ll decline to say which company), and we always tested our software against SpySweeper with depressing (for us) results. If you’re going to pay for anti-spyware software, SpySweeper is a good way to go.
Or just run as a normal user.
I think more energy needs to be focused on teaching people how to prevent problems in the first place and not expect that the OS should find some way to protect them in every single instance. The more hand-holding that takes place, the most a user thinks they are safe and will do more unsafe activities.
I’m sure microsoft will eventually take a page from the *nix community (sudo, gksudo).
They’ll do it by slimming down those accept/deny popups in vista.
Then replace the accept/deny with an administrator password prompt.
Wow. Interesting stuff. I use firefox and don’t run it as admin and I use the web developer addin to turn java and javascript off. I also use other addins to stop videos and flash from automatically playing (just in case I get thrown to some odd site).
Jeff or anyone who can do this justice, how about a very detailed post on how a layman can go about securing vista (IE etc). I would be interested to see how that would turn out. Maybe a “List” like Scott Hanselman has for software but for security would be really cool.
Cheers.
Nathan Bowers Any solution that requires users to be educated so they change behavior is seriously doomed.
I disagree. I think that anyone who intends to operate sophisticated machinery (ie. computers) needs to be educated in proper use. You need a license to operate any sort of gas powered vehicle (or any vehicle capable of traveling certain speeds), hunt, fish - and a number of other things.
I don’t see it as being a stretch of the imagination to require knowledge about operating and maintaining a computer when people manage their banking, billing and other personal information online. It’s just plain lazy to think otherwise imo.