The magic of running Linux and Mac does not come from account separation. As an experiment, trying running an unpatched Linux box as root, and see how long it takes you to get infected with malware. Quite a bit longer than the Windows box, if at all, even though it’s just as vulnerable.
The problems of home machine security and multi-user network security are fundamentally different. Limited accounts are absolutely vital to the second, but I predict that they won’t make a huge impact on home security, even as they become more common.
Limited accounts are no panacea to home security. A operating system is easy to replace. You can reinstall from the CD that you get with your computer. Most machines have only one user account, even for home machines with multiple users. There are no other accounts to protect.
I’m not saying that it isn’t smart to run as a limited user, I’m just saying that anyone looking for the root cause of the Windows security nightmare needs to look elsewhere.
Look at the list of problems that are mentioned in the article:
- install kernel-mode rootkits and/or keyloggers (which can be close to impossible to detect)
Keyloggers can still be installed on your user account, which is just as bad for most home users. Root kits are hard to detect – but 95% of users with malware problems have a problem with malware that would be very easy to detect and uninstall, if they only knew how. Making malware easier to detect is only going to help the minority of people who are computer savvy.
- install and start services
Most bad things, sending spam, stealing your identity, infecting other computers, can be accomplished with a standalone app that runs on login, instead of a service.
- install ActiveX controls, including IE and shell add-ins (common with spyware and adware)
Yes, the malware writers are more limited in how they get their spyware and adware to the users, but it’s still trivial once they’ve owned the user account.
- access data belonging to other users
Indeed, limited users are absolutely necessary for multi-user security.
- cause code to run whenever anybody else logs on (including capturing passwords entered into the Ctrl-Alt-Del logon dialog)
Ditto.
- replace OS and other program files with trojan horses
But if the user account has already been taken over…
- access LSA Secrets, including other sensitive account information, possibly including account info for domain accounts
Something that only affects machines that are connecting to a, presumably, multi-user network.
- disable/uninstall anti-virus
Now this is actually the best point against what I’m saying. If you have effective anti-virus that runs as super user, taking over a limited user account doesn’t buy you nearly so much. But effective is the operative word.
- cover its tracks in the event log
Won’t matter to most users.
- render your machine unbootable
Versus having your user account rendered unusable? 6 to one, half dozen to the other.
- if your account is an administrator on other computers on the network, the malware gains admin control over those computers as well
Again, limited user accounts do make sense for network security.