Forgot your password?
typodupeerror
Microsoft Operating Systems Security Software Windows

Users' Admin Logins Make Most Windows Malware Worse 420

Posted by samzenpus
from the protect-yourself-at-all-times dept.
nandemoari writes "A new analysis claims that over 90% of the Windows security vulnerabilities reported last year were made worse by users logged in with administrative privileges — an issue Microsoft has been hotly debating recently. According to BeyondTrust Corp., the result of the analysis of the 154 critical Microsoft vulnerabilities indicated that a full 92% could have been prevented if users were not logged into their systems with administrator status. BTC believes that restricting the number of users who can log in with these privileges will 'close the window of opportunity' for attackers. This is particularly true for users of Internet Explorer and Microsoft Office."
This discussion has been archived. No new comments can be posted.

Users' Admin Logins Make Most Windows Malware Worse

Comments Filter:
  • by Anonymous Coward on Thursday February 05, 2009 @02:12AM (#26734153)
    Would you like to install a virus? [Cancel/Allow]
  • TFA mentions the dup (Score:2, Informative)

    by Anonymous Coward

    From TFA:

    In recent news, two bloggers were able to demonstrate the threat posed by the Vista's Windows User Accounts Control (UAC) feature. UAC, a feature that provides a prompt when users attempt to perform tasks such as installation of new programs or changes to settings, is meant to provide added security to the system. (Source: computerworld.com)

    In other words, it's a dup of the recent disussion about the Security Hole In Windows 7 UAC [slashdot.org].

    Recycle your old comments here.

    • Gerald (Score:3, Funny)

      by Anonymous Coward
      Everyone knows from recent news that microsoft has removed the innards of windows 7 and replaced them with "gerald", a lovable computer literate field mouse.

      Gerald is cheap, congenial, and zippy, but unfortunately has very poor judgment.

      -my apologies to plasmacutter
    • by Ihmhi (1206036) <i_have_mental_health_issues@yahoo.com> on Thursday February 05, 2009 @12:40PM (#26739163)

      I can't really think of anything to say, so I'm going to do the green thing.

      This comment is made of approximately 80% recycled material(s?).

      From TFA:

      In recent news, two bloggers were able to demonstrate the threat posed by the Vista's Windows User Accounts Control (UAC) feature. UAC, a feature that provides a prompt when users attempt to perform tasks such as installation of new programs or changes to settings, is meant to provide added security to the system. (Source: computerworld.com)

      In other words, it's a dup of the recent disussion about the Security Hole In Windows 7 UAC [slashdot.org].

      Recycle your old comments here.

  • You mean... (Score:5, Insightful)

    by laughingcoyote (762272) <barghesthowl@exc ... m minus caffeine> on Thursday February 05, 2009 @02:17AM (#26734173) Journal

    Not running as a fully-privileged user reduces your security risk? Who knew!

    This is not news. The question is why it hasn't been meaningfully addressed in Windows for such a long time.

    • Re:You mean... (Score:5, Insightful)

      by Urd.Yggdrasil (1127899) on Thursday February 05, 2009 @02:33AM (#26734229)
      It would be a hell of alot easier of software developers didn't require administrative privileges when they really don't need them. I tried to run in a "user" usergroup when I replaces win2k pro with win xp pro but nothing ran correctly. I tried using the "run as" menu and a program called sudo-win which would elevate my privs temporarily then reduce them again. Nothing would install correctly, nothing would run correctly. Even programs that don't use any administrator functions or zones wouldn't work correctly. Realistically, running in a non-admin account is a pain in the ass.
      • Re:You mean... (Score:5, Insightful)

        by Spit (23158) on Thursday February 05, 2009 @03:12AM (#26734389)

        Realistically, running in a non-admin account is a pain in the ass. ...in Windows.

        • Re: (Score:3, Insightful)

          by Z00L00K (682162)

          Running a non-admin account works fine if you only run the office package, but as soon as you plan to do something slightly advanced you end up with failed permissions and other types of obnoxious behavior - which is hard to figure out because Windows won't tell you because you don't need to know.

          • Re:You mean... (Score:5, Interesting)

            by ShakaUVM (157947) on Thursday February 05, 2009 @05:29AM (#26734907) Homepage Journal

            >>which is hard to figure out because Windows won't tell you because you don't need to know.

            Yep. In Linux you get the rather common sense "permission denied" message when you try installing something and it tries to write to a directory you don't have rights to. In Windows, it fails silently most of the time. Drove me up the wall when a program I'd installed was working on a computer I set up for my mother, when it turns out even though she could see the program with her "mom" account, something or other needed admin privs, and it was dying silently.

            • Re:You mean... (Score:4, Insightful)

              by SenFo (761716) on Thursday February 05, 2009 @10:44AM (#26736935) Homepage
              This is very unlikely unless you were installing something using a really, really crappy installer. In either case, this is certainly not the fault of Windows. The operating system API definitely throws an exception if a user tries to access something that he/she does not have access to. It doesn't, however, have the ability to prevent a stupid developer from writing an installer that catches the exception without notifying the end-user of the security-related error. The same idiotic behavior can and will be observed in Linux if developers choose to ignore development best practices.
        • Re:You mean... (Score:4, Informative)

          by 93 Escort Wagon (326346) on Thursday February 05, 2009 @03:27AM (#26734437)

          Realistically, running in a non-admin account is a pain in the ass. ...in Windows.

          It's absurdly easy to do in Mac OS X - you don't even have to think about it. If you need to run as an admin, the OS figures it out and prompts you.

          Actually it's so easy that it drives me nuts Apple hasn't taken the next step - something XP actually does - and have you first set up an admin account, then set up a "normal" account for day to day activities. If any single thing contributes to the first widespread Mac virus/worm/whatever, I bet it'll be the number of unnecessary admin accounts being used.

          And before someone brings it up - it's not that difficult to work around the "it'll prompt you for your password" protection that supposedly will warn you if something tries to take advantage of your admin status. You just need to know a bit about the command line, since the Applications directory is writable to anyone in the admin group.

          • by symbolset (646467) on Thursday February 05, 2009 @03:58AM (#26734589) Homepage Journal

            A Mac fan extolling the merits of the command line.

            It's going to take some time to get used to. Forgive me.

          • Re: (Score:3, Informative)

            by WWWWolf (2428)

            Actually it's so easy that it drives me nuts Apple hasn't taken the next step - something XP actually does - and have you first set up an admin account, then set up a "normal" account for day to day activities.

            That'd be a step backwards. In Unix-based OSes, there's unprivileged users and root (superuser); root can do pretty much anything, ordinary users can't. The whole point of sudo (the password dialog thingy) is that the superuser access is given only when needed, and you can have perfectly ordinary user accounts that are allowed to do some administrative tasks. You can configure sudo to only allow certain programs to be run as root; this is far better than having the lazy users flip between normal accounts an

          • by SerpentMage (13390) <ChristianHGross@yah o o .ca> on Thursday February 05, 2009 @08:14AM (#26735549)

            The reason why Windows is such a pain in the ass is because Windows was never designed for this.

            Let's say I install OSX. The OSX app is self-contained, which means that it does not need anything outside of its circle.

            Let's say that I install on Linux. The Linux app can either be installed locally per the user or for everybody. But it is a clear cut case.

            Windows? WTF... I need to access the registry, the windows system directory, the program files directory, and the local user directory. It is a bleeding mess!

            Microsoft to this day does not understand that the issue is the fact that they have not revamped the complete installation process. There is absolutely no need for Office, or any other application to need anything other the system files if it is running in "install to user" mode.

            This is the problem, and until Microsoft understands that nothing will change.

            • by terryducks (703932) on Thursday February 05, 2009 @08:51AM (#26735755)
              Obviously, you've never run a business

              Vendor Locking is Great! for the bottom line.

              Ask yourself, how can I configure something that only allows my products ?

              Also, How can I support my stuff from way back ?

              And you'll end up where Microsoft is today.
            • Re: (Score:3, Informative)

              by Moridineas (213502)

              The reason why Windows is such a pain in the ass is because Windows was never designed for this.

              Never designed for what? Windows has been a multiuser system since NT. Windows 95/98/ME was an evolutionary dead end if you will. Are you talking about an architectural flaw? If so, what exactly are you talking about?

              Let's say that I install on Linux. The Linux app can either be installed locally per the user or for everybody. But it is a clear cut case.

              Shared libraries?

              Windows? WTF... I need to access the registry, the windows system directory, the program files directory, and the local user directory. It is a bleeding mess!

              What's stopping you from installing programs on your Desktop, or in your My Documents folder? That's a clear cut case.

              I don't think most programs require access to the windows/system directory, and heck, you mention OSX--some of my OSX applications DO require elevated permissio

          • Re: (Score:3, Interesting)

            by rabbit994 (686936)

            Part of the problem is directory structure in Windows. Applications for some reason want to write some .dlls to one location(generally Windows system folder), user settings to another and bulk of the files to a third. Instead of shoving all the .dlls and application files into Program files\appname and should shove all the settings into My Documents\My Settings\Appname to make backing up easy as backing up My Docs.

        • Realistically, running in a non-admin account is a pain in the ass. ...in Windows.

          ...on a computer.

          (was today "add an ellipsis and then point out something obvious" day and nobody told me?)

          • Realistically, running in a non-admin account is a pain in the ass. ...in Windows. ...on a computer.

            ...turned on.

            felicitations! and now, what would we use for the Google homepage logo?

      • Re:You mean... (Score:5, Interesting)

        by shutdown -p now (807394) on Thursday February 05, 2009 @03:47AM (#26734541) Journal

        It would be a hell of alot easier of software developers didn't require administrative privileges when they really don't need them. I tried to run in a "user" usergroup when I replaces win2k pro with win xp pro but nothing ran correctly. I tried using the "run as" menu and a program called sudo-win which would elevate my privs temporarily then reduce them again. Nothing would install correctly, nothing would run correctly. Even programs that don't use any administrator functions or zones wouldn't work correctly. Realistically, running in a non-admin account is a pain in the ass.

        For all the flak that it (mostly rightly) gets, Vista did change that for good. Since its release, the percentage of apps that require admin privileges to run dropped very significantly - so much so that the only one I still have installed on my desktop is Acronis True Image, and that one actually needs it, as it does disk-level backup (though it should really rather pop up the UAC prompt when it actually starts backing up, and not on startup).

        • Re: (Score:3, Interesting)

          by EvilIdler (21087)

          Microsoft made admin-mode annoying, so that the users would complain to the makers of the software that annoys them, rather than demanding MS to fix things ;)

          • Re: (Score:3, Informative)

            by Sancho (17056) *

            I'd genuinely like to hear ideas for a fix that Microsoft could provide. How should Microsoft cope with software developers doing bad things like trying to dump files in %SYSTEMROOT%, writing to privileged areas of the registry, or wanting to do privileged things in the process space?

      • I tried to run in a "user" usergroup when I replaces win2k pro with win xp pro but nothing ran correctly.

        My anecdotal experience does not match your own.
        I have a Windows Server 2003 machine that I use to play video games at home. My primary user account is unprivileged. The only non-installer app that I've run into that required Admin privs was Quake (3? 4?)'s PunkBuster. (Why the fuck it needed privs, I have no idea. It didn't get em, and was shitcanned before the day was out.)
        Run As... works for everything but launching Windows Update, or running an app that lives on a mapped network share.

        I have a Windows X

        • Re:You mean... (Score:5, Insightful)

          by the white plague (1436257) on Thursday February 05, 2009 @04:59AM (#26734793)
          Anecdotal evidence sucks.

          Yes, but the user experience is what counts. All it takes is one video game to pitch a fit that it doesn't have admin privileges and hundreds of thousands of users have learned the lesson "just run as admin, it's less bother". The last couple months Fallout3 has been the popular game of the moment teaching users that security is painful to use.

    • Having no open ports.

      Having a reliable software repository.

      Sanitizing your inputs.

      The question is why it hasn't been meaningfully addressed in Windows for such a long time.

      I can agree with that if by "for such a long time" you mean since before Microsoft was a company [wikipedia.org]. They've ignored security best practice for their entire history. It's been a winning strategy before now. Why change?

      • It's a conspiracy! (Score:2, Insightful)

        by Anonymous Coward

        They're paid off by the Anti-Virus companies. If not for administrative login, who would buy their crap?

      • Having no open ports.

        This is overkill. If your software will only accept connections from whitelisted hosts (or subnets, you get the picture), then one can have all of the open ports that they wish. The app on the other side of em won't give attackers the time of day. :)

        • by symbolset (646467) on Thursday February 05, 2009 @04:40AM (#26734731) Homepage Journal

          of road warriors, bluetooth, pirate WAPs, Promiscuous mode, and a lot of other modern technologies. Your network is not the hallowed ground you think it is.

          The only trusted host on the network is a Known Host with a secure connection. Ever and always. There is no excuse for having open ports ever, let alone by default on a desktop, unless you intend to deliver a service on that port to untrusted strangers.

          This has been common knowledge and best practice for at least 15 years.

    • Re:You mean... (Score:5, Insightful)

      by EvolutionsPeak (913411) on Thursday February 05, 2009 @02:41AM (#26734271)

      The question is why it hasn't been meaningfully addressed in Windows for such a long time.

      This question has long been addressed as well. There are several reasons, but I'd say the primary one is that it breaks compatibility with too many applications. Since Windows has given administrative privileges by default for so long, programmers have assumed that the user will have them and do things that require those privileges, like write into the Program Files directory.

      Vista took many steps to meaningfully address the issue.
      UAC has been part of an attempt to rectify the problem by not allowing the administrative privileges to be used without user intervention.
      It also acts as a form of "sudo" so that its possible to run as an unprivileged account. However, it is a giant pain because the aforementioned coding practices induce a million popups.

      • Re:You mean... (Score:5, Insightful)

        by LoadWB (592248) on Thursday February 05, 2009 @02:52AM (#26734311) Journal

        Seconded. When you have mainstream applications like Peachtree, QuickBooks, Timberline, and even some of Microsoft's own products, requiring administrator access to a workstation, limiting rights is difficult.

        (Mind you, I speak from a purely XP-standpoint. We have had so many problems with Vista at sites which have tried to implement it that we do not use it. And others do not have the hardware to run Vista.)

        IIRC, I have also run into issues with AutoCAD, some network scanner drivers, and the like.

        Mostly, the ways around these requirements are convoluted or require in-house admin staff to handle minor requests which need immediate attention.

      • by erroneus (253617) on Thursday February 05, 2009 @03:07AM (#26734357) Homepage

        I am sure this is not news to anyone whether you love or hate Microsoft. The fact is the coding practices commonly followed under DOS and then under Windows have been rather poor. The reasons for it are many, but largely because of a thirst for performance. But in order to keep people hooked on Windows, they have to keep supporting the mistakes of others as well as their own. This is what they call "backward compatibility."

        But there is a way out of it and for some reason they seem unwilling to do it. Write a new OS, virtualize old Windows for "legacy support" and eventually all the software vendors will port their code to work with the new Microsoft OS natively just as they did with Mac OS X. I can't imagine why Microsoft is unwilling to do that... got any suggestions anyone?

        • Re: (Score:3, Insightful)

          by gmack (197796)

          Microsoft's biggest market advantage is the amount of legacy software that supports their platform.

          Rewriting an app to be cross platform is not much more work than rewriting for a single OS so if they force application makers to do a complete rewrite they risk having them rewrite using cross platform libraries.

          • by symbolset (646467) * on Thursday February 05, 2009 @06:00AM (#26735029) Homepage Journal

            Microsoft's biggest market advantage is the amount of legacy software that supports their platform.

            Microsoft's biggest problem, which I noted before Vista was even released [slashdot.org], is that we're well invested in third party software and we've figured out how to play well with their previous platform over six long years. Our nest is well feathered. It's comfy and we don't want to leave it. Especially for a cold new future where we have to buy everything and figure everything out all over again. If we have to do that, why stick with the vendor that guarantees we'll feel this pain again in a little while?

            The problem, two years later is even deeper because nobody in their right mind bought into this dog, and so they've been burrowing deeper into their XP cave this whole time.

            It's probably too late now to save the Microsoft platform. It's been eight years since the 25 October 2001 release of XP. They have before them the task of creating something that's sufficiently similar to save their "Microsoft brand", sufficiently different from their "Vista debacle", and competitive against a swelling sea of free options. It's a lost cause. "If we have to change to something that radically different, and buy/engineer all our software over again, why not get Macs, or try this 'free' thing?"

        • by Tatsh (893946) on Thursday February 05, 2009 @03:49AM (#26734551)

          I am sure this is not news to anyone whether you love or hate Microsoft. The fact is the coding practices commonly followed under DOS and then under Windows have been rather poor. The reasons for it are many, but largely because of a thirst for performance. But in order to keep people hooked on Windows, they have to keep supporting the mistakes of others as well as their own. This is what they call "backward compatibility."

          But there is a way out of it and for some reason they seem unwilling to do it. Write a new OS, virtualize old Windows for "legacy support" and eventually all the software vendors will port their code to work with the new Microsoft OS natively just as they did with Mac OS X. I can't imagine why Microsoft is unwilling to do that... got any suggestions anyone?

          I have been suggesting this for years. Enterprise (Microsoft's most important customer base), in general, does NOT want it. Seemingly they want the 'good ole' x86 to live forever and Windows to run programs written for DOS 5.0 even in 2009 and beyond. Ridiculous, but it is true.

          If you are a business who relies upon some certain software to get work done and do NOT have the time, money or resources to switch to something else, it is in your interest to demand your software vendor (in this case Microsoft) NOT to remove compatibility for X application.

          If you look at the Windows 2000 leaked source code, you can find plenty of comments about VERY specific application fixes. Yes, XP broke stuff. Vista broke more. But it probably did not break what the enterprises care about (Vista likely did break many things, hence why 7 is being rushed and so many enterprises skipped Vista and will go to 7 after some extensive testing).

          Today I experienced a game that does not work on Vista. Microids' Corsairs from 1998, made for Windows 9x. Tried compatibility modes, the latest patches, etc. It just kept crashing. Microsoft does not care about your 'classic' games at all. All they care about is the enterprises who actually buy the expensive volume licenses Microsoft is always trying to sell.

      • Windows lacks a really clear separation between what is in the realm of the user and what is in the realm of the administrator. This is the real root of the problem.

        Unix based systems started out as multi-user timesharing systems. From day one you owned exactly one set of filesystem resources, your home directory, and nothing else. An admin CAN create other shared directories, but there is a clear boundary between user and admin. ALL developers know this, it is very clear. Any administrator knows this, they

    • by Dyinobal (1427207)

      Not running as a fully-privileged user reduces your security risk? Who knew! This is not news. The question is why it hasn't been meaningfully addressed in Windows for such a long time.

      Indeed this has been known for ages. I'm surprised it's made it to the front page of /.

    • Re:You mean... (Score:5, Interesting)

      by Opportunist (166417) on Thursday February 05, 2009 @03:27AM (#26734439)

      The question is why it hasn't been meaningfully addressed in Windows for such a long time.

      Because it would break compatibility. Actually, and I hate to say it, it ain't MS's fault. Or at least not only theirs.

      A simple example: In the good (bad) old days of 95 and 98 and the lack of sensible rights management, it didn't matter whether you use the HKLM or the HKCU registry branch. Both were equally unprotected, and since your software worked with every user (and you needn't care about such trivialities as watching out for a lack of reg keys), software vendors simply dumped their registry junk into the HKLM tree.

      The same applies to access to sensible system areas, like drivers (copy protection crapware) or code injection. Programmers simply assumed it is possible because hey, the system didn't really care about it!

      In comes Win2k and suddenly, when you are not logged in as admin, your games don't work. Now why the hell does a friggin' game need admin rights, you ask? Because it wants to load a copycripple driver, because it wants to write in the HKLM (or similar sensible) hives or because of other things that didn't matter earlier due to a lack of rights management and due to being the easy way out of a programming problem.

      MS is to blame to allow this for far too long. Users are to blame to put up with it and accept that they're "forced" to use admin privs to run programs. And most of all, programmers are to blame that took the easy way out and ignore rights. No, they needn't be able to forsee it (even though they should have). But since the practice still prevails (run a copy protected game without admin rights, see if you succeed), the blame is squarely on third party software. Not MS this time.

      I hate to say it, and I know it's unpopular on /. to "defend" them. But it's not MS that has dropped this ball.

      • In comes Win2k and suddenly, when you are not logged in as admin, your games don't work.

        All of my games work as a limited user.
        I've been running some old and some new games.

        (I might be biased, though. I can't imagine that I would keep playing a game the required me to run as Admin.)

      • Sort of. If 95, 98, etc had had proper user segregation, the proliferation of poorly-written software would never have happened. MS wrote an OS that allowed developers to take insecure shortcuts. Now that they're trying to shore up their system, their previous lack of security is holding them back. Now, it's not MS' fault in that their modern OSes generally try and do the right thing in regards to user privelege. But their old systems don't, and it's their own past actions that are biting them in the backsi
    • by betelgeuse68 (230611) on Thursday February 05, 2009 @04:47AM (#26734759)

      It's a combination of ignorant users and ignorant IT people. I've never seen a single IT person use "runas" (impersonation), ACLs on the Windows file system or registry or and this is the damning one, a command line utility that allows you to selectively strip administrative rights on applications as you use them thatâ(TM)s been on Microsoftâ(TM)s site for years (after I pointed it out to them).

      There was a reason once upon a time Microsoft chose to release Windows XP in such a way as to have users running with administrative rights. A reason that is extremely weak now - many people were upgrading to Windows XP from Windows 9x/ME and Microsoft didn't want to incur the support cost (or their partners) of having lots of applications stop working. Among them is the popular WinAmp. It used ancient APIs for its configuration file, WINAMP.INI, that stored global preferential data (as opposed to per user) in C:\WINDOWS\WINAMP.INI. If you didn't have administrative rights, it would just hang when you fired it up. Google Desktop when first released would *NOT* work on a non-administrative desktop. The list of offending applications goes on and on, e.g., a friend of mine had oceanic navigation software that insisted running with admin rights.

      However, it turns out there is a programmatic mechanism in place in every copy of Windows XP (and Windows 2000) that allows you to strip administrative rights when you launch a process. Microsoft never exposed users to this ability for reasons that to this day are unclear to me. The magic API in question is CreateRestrictedToken.

      But what really was an eye opener to me is when I would point out a tool on Microsoft's site to strip out administrative rights when you run a program. Namely, years ago you could have made the situation tenable in the case of apps like WinAmp and Google Desktop by yes, logging onto your desktop as an administrator but launching most Internet facing application without administrative rights but hereâ(TM)s the clincher *AND NOT CHANGING USERS* . In fact, I've been doing this for years.

      Nonetheless I observed an incredible amount of laziness on IT professionals when I pointed out these capabilities. Laziness, apathy and the usual suspect of insecurity ("Don't tell me what to do, I know what I'm doing"). Yes, that's right, you manage a CISCO PIX firewall, you must be a security guru all around and follow best practices.

      So given my former life as a Windows software developer I took it upon myself to create a turn key installer that at least protects Jane & Joe Average called *RemoveAdmin*:

      http://www.download.com/RemoveAdmin/3000-2381_4-10824971.html?tag=lst-1&cdlPid=10835515

      RemoveAdmin is a utility to strip administrative rights off apps as they're launched under Windows XP and Windows 2000 where unfortunately 99.9% of home users run with administrative rights.

      The default RemoveAdmin installer creates shortcuts for IE and Firefox but if you analyze the shortcut, you see IE and Firefox are passed as an argument to the removeAdmin.exe program.

      You can trivially setup another shortcut for Opera and/or any other Internet facing application... as you should since you can't trust foreign computer systems you connect to.

      Itâ(TM)s version 0.1 since I havenâ(TM)t created a FAQ and thereâ(TM)s the situation that if you have multiple administrative SIDs it wonâ(TM)t work (not the case for most people). I need to fix that, create a FAQ and also offer to adjust the ACLs on the Startup folder to tighten security such that when combined with RemoveAdmin, breaching your system on account of your browsing becomes because crazy hard.

    • Re: (Score:3, Insightful)

      MS shouldn't even allow you to be an admin. It should have an admin password which you can use to perform certain tasks but it's only that task that has admin rights and they're gone once it's over.

      It's not like this is some sort of new concept or anything so I'm not sure why they won't do it.
  • by theheadlessrabbit (1022587) on Thursday February 05, 2009 @02:20AM (#26734185) Homepage Journal

    sudo apt-get with the times, microsoft!

  • Well, good think I disabled UAC then. Now I feel safe.

  • Simple prevention... (Score:2, Informative)

    by Anonymous Coward

    Run anything internet-facing with DropMyRights.exe.

    http://voices.washingtonpost.com/securityfix/2006/04/windows_users_drop_your_rights.html

  • Dupe (Score:4, Insightful)

    by Anonymous Coward on Thursday February 05, 2009 @02:23AM (#26734201)

    The vulnerability is in Windows 7's UAC, not Vista's, so that part of the story is not only wrong but a dupe of the previous "UAC vulnerability" article. As for the rest of the story, it's just marketing copy for BeyondTrust Corp. Congratulations samzenpus, you've posted perhaps the first article that's wrong, dupe, blogspam, and slashvertisement all at the same time!

  • by CodeBuster (516420) on Thursday February 05, 2009 @02:23AM (#26734203)
    The history and culture of Windows is at least as responsible for the "run as root" problem as any shortcomings, and there were many over the years, in the OS itself and although Windows OSes has progressively improved security over the years there is only so much to be done, on any system, when users have been trained to run as root and click "yes" everytime. Of course, malicious programs like downadup and the infamous ClickYesToContinue ActiveX certificate debacle don't help matters.
    • Uhm...

      Microsoft has had Windows setup to not require administrative privileges for many, many, many years.

      I blame software developers who abused the fact that people did.
      • It's not MS that requires it. It's moronic third party programs that want to write to protected registry hives, install drivers (copy protection is notorious for this) or alter system libraries, all things they should not require usually. Of course, updating the graphics drivers does. But what does a simple game need admin privs for?

      • by donaldm (919619) on Thursday February 05, 2009 @03:40AM (#26734493)

        Uhm... Microsoft has had Windows setup to not require administrative privileges for many, many, many years. I blame software developers who abused the fact that people did.

        You are right and some companies do actually force this on all their corporate desktops. In the majority of cases this is not done and most people especially home computer owners don't do this. As for blaming developers well you could lay some of the blame at them but that is really unfair since it was Microsoft who made it so easy for people to give themselves administer privileges.

        Looking at Linux/Unix security. Basically from inception a normal user only had limited privileges and to do anything as a system admin required knowing the root password or being a member of a sudo (1980's) group that had particular privileges. This was instilled in Unix and now Linux users from the time they started using the system. This is not to say that some users are stupid enough to work as root, however those that do this, especially in the corporate world are usually brought to task very quickly. The same has never been true with Microsoft OS's.

        When a vendor writes software for Unix/Linux they should know and if not are usually told in no uncertain terms that requiring root access for their particular product requires a "please explain" because most applications don't require root privilege although there are exceptions. Even installation especially if the software is being tested is normally set up in what is called a "sand-box". Again Microsoft fails on enforcing this (Vista was an attempt).

        • UAC was not a failure to enforce this. And there are plenty of linux applications that *require* root to be installed. In fact, many of these applications will run in whatever context of whatever user is logged in at the time of launching them. This isn't entirely different from how Windows handles the situation.

          If anything, it's typically the distribution teams that go out of their way to ensure that when an application compiles it follows a convention (for example, Gentoo uses the user "apache" to start p
    • Re: (Score:2, Insightful)

      by symbolset (646467)

      The history and culture of Windows....

      This is unfortunately correct, if not a bit vague. That's what happens I guess when the problems are too numerous to list.

      although Windows OSes has progressively improved security over the years there is only so much to be done...

      Until they've done what can be done, we're still entitled to gripe. Does it take thirty years to figure out end users don't log in with admin privileges? Because that's how long it's been best practice. Was it two decades ago "no open ports by default" became the standard shipping configuration of a real OS? Was it Wirth who said "sanitize your inputs" or does that wisdom predate e

  • Idiotic title aside, UAC normalizes the experience for Administrator and for Standard User. With UAC, it's easier than it has ever been before to be a standard user on a Windows platform. I'm not sure what the article is driving at.

  • by Animats (122034) on Thursday February 05, 2009 @02:44AM (#26734279) Homepage

    What's really annoying is that too many programs still insist on "administrator" privileges for installation. Installation needs to be a far more contained process, with limited authority. Most applications don't really need the ability to manipulate elements of the system outside their own directory subtree and their own subtree of the Registry. Installation of "normal" applications (especially games) should be contained accordingly. Most applications are, in a security sense, "leaf nodes"; nothing else depends on them. But Microsoft doesn't make that distinction. (Nor do most Linux application installers, even though Linux/UNIX doesn't have the registry issues that Windows does.)

    • Re: (Score:3, Interesting)

      Technically, it is quite possible to make installers that do not require admin at all - those that install into user data folder. MSI fully supports that scenario, it's just that very few people actually bother to provide this as an option in their installers.

  • by the1337g33k (1268908) on Thursday February 05, 2009 @02:44AM (#26734281)
    What they need to do is limit all users to not be administrators. They should create the admin account so that it can ONLY do admin tasks. It cannot run programs like office or games. It can only run security and diagnostic apps, adding-remove apps. If they restricted admin users from using their account for daily use and only for admin use, that would significantly reduce the attack surface for crackers.
    • Halt (Score:3, Insightful)

      by bazald (886779)

      What you suggest is either impossible, extremely undesirable, or both, assuming that by "they" you mean Microsoft.

      For them to prevent certain classes of applications from running, without special knowledge, would require a kind of analysis similar in nature to solving the halting problem - a problem well known to be unsolvable.

      Then the course of action is to require applications requiring root privileges to be signed by Microsoft, essentially making Windows a closed platform for developers. Furthermore, an

    • by donaldm (919619)

      What they need to do is limit all users to not be administrators.

      I do this now but with Linux. Many tasks can easily be accomplished without being root. On my laptop (Fedora 10) no one but myself has access to the root password, however I work as a normal user. If I need private software I can still install without privilege (MS Windows can do this as well) although shared software does need to be installed by root.

      The problem for MS Window users is many have been brought up to expect having system admin privileges as a right and it is very hard for Microsoft to convin

    • Re: (Score:3, Insightful)

      by dbIII (701233)
      IMHO that is just silly. There should be an account that can do everything (including modifying files that malware has a hold of - this file locking bullshit is very 1980s), however you shouldn't ever have to use it unless you are doing something important. I have personally had to waste a lot of time fixing access to files when people mucked up MS Windows file permissions and I couldn't just do the sensible thing of logging on as Administrator to fix it - it is purely security theatre when you have the r
  • by rsmith-mac (639075) on Thursday February 05, 2009 @03:08AM (#26734365)

    Lame blogs aside, The Fucking Article [computerworld.com] is damn near worthless. Highlights include:

    • The study was done by BeyondTrust Corp. who is looking to push their Privilege Manager software, which shockingly is permissions-management software. Right off the bat we have a dubious study due to the conflict of interest and the sponsor.
    • The article makes no distinction among what OSs were used in the study. Was it Vista? XP? Server 2003?
    • The article also makes no distinction on if UAC was used, if Vista was used at all. Of course why would a company trying to sell security software want to tell people that just enabling UAC and/or setting your users as standard users would fix the problem?
    • The only quote is from the director of marketing.

    In conclusion: Running everything with admin privileges is bad, which is why Microsoft fixed this 2 years ago with UAC. It's a lame PR piece about an equally lame study from a company that wants to sell you stuff to do things that MS did years ago. If you are here reading Slashdot, there's nothing here you didn't already know.

  • if users were not allowed to log on to their computers at all. I've got a better idea, Microsoft: Why don't you fix your crappy insecure software full of C++ holes, and stop trying to tell us how to use our computers to patch over your problems.
  • by Spit (23158)

    Just look at a windows system:

    - Random dlls, configs, assets and exes in WINDOWS dir.

    - dlls, data, configs and exes in Program Files.

    - Some data and configs in Documents and Settings.

    - Registry.

    There's no getting past the single user heritage.

    • Re:Windows is busted (Score:4, Informative)

      by Ralish (775196) <ralish@gma[ ]com ['il.' in gap]> on Thursday February 05, 2009 @05:01AM (#26734803)
      Your post is misleading and inaccurate.

      Random dlls, configs, assets and exes in WINDOWS dir.

      Do a fresh installation of Windows, don't install anything on it, take a look at the Windows directory. I recommend you sort by file type. You'll notice it's actually quite organised; the "system32" directory for instance, notorious for being a huge mess, is something like 90% just "exe" and "dll" files, and very little else. It's all surprisingly organised. As soon as you start installing programs however, many will just decide to dump stuff in the Windows directory (and subdirs) for literally no good reason. The crap Creative drivers decide to drop is unbelievable, I found out first hand. There is VERY little that _needs_ to be in the Windows directory, application devs need to realise this.

      dlls, data, configs and exes in Program Files.

      Yes, good thing Unix systems only install programs in users home directories, and not in system-wide accessible directories.

      Some data and configs in Documents and Settings.

      You might notice each user has a sub directory in "Documents and Settings" (now "Users" in Vista and later), which contains all their personal documents and user-specific configuration files for the OS and applications. Definitely very single user.

      Registry.

      I'm guessing the distinction between HKLM (Local Machine) and HKCU (Current User) is lost on you? Current User, by the way, is a registry hive specific to the logged on user that is unique to their user profile.

      Once again, this all stems from the OS supporting a feature, and the feature not being utilised. Windows NT didn't become a multi-user OS with Windows 2000, or NT 4.0, it was a multi-user OS from the very beginning, the first release being NT 3.1. In fact, that's in part why NT was developed, Microsoft realised that 9x was completely stuffed from a security perspective, and had no hope of ever becoming a serious multi-user OS, so, they started NT (along with various other objectives).

      The mass migration of 9x applications designed for a single user environment to the multi-user NT of course resulted in many of these programs having very poor support for multi-user configurations, and were never really updated to support it. Then, there's just simple developer laziness, not caring to develop their application with a multi-user design in mind. Or theirs ignorance, resulting in poor implementation (this is one of the key reasons why so many programs "require" administrator priveleges. Not because they need them, but they use API's that are administrator only to achieve their goals, when there are other API's that can do what they want that have no administrator requirement.)

      My point is, it's not Windows that's broken, it's several applications that run on it. It's important to lay the blame correctly, and when the OS has been a multi-user system since its original release in 1993, it's fairly clear to me that Microsoft hasn't been slow to adopt such a design principle.

      • Re: (Score:3, Interesting)

        by BenoitRen (998927)

        The NT line has traditionally been for business, not for home use. 9x is completely stuffed from a local security perspective. Businesses need security locally. Home users don't. That's why 9x was such a good home OS.

        The NT model isn't necessarily better. While local security was vastly improved, security for remote suffered, as it opens ports to the outside world by default that aren't needed, screaming for attention from malicious crackers. How do you think Sasser worked?

  • Study flawed (Score:5, Insightful)

    by benjymouse (756774) on Thursday February 05, 2009 @03:35AM (#26734471)

    Problem is that they assume that when the security bulletin says that successful exploitation will allow the attacker to run as the current user, this does not mean that the attacker will be able to run as admin, even though the user is an admin.

    Indeed (with UAC on) IE7 runs in protected mode which is a "sandbox" where the users' security tokens have very limited rights, thus intrinsically protecting the OS.

    The Vista protected mode effectively runs the process as a limited user, even though it preserves the users identity.

    Even if the attacker can somehow trick the browser or user into downloading a malicious file and start it, it will still need elevation (yes, the cancel/allow thingy) to assert admin privileges.

    So, another way to spin this would be "Vista UAC protects against exploitation of 92% of vulnerabilities".

  • by seanmoon (1425573)
    It would require far more re-writing of the windows OS than anyone is willing to do. but at least a thin layer of abstraction between standard users and administrators on windows machines is essential. the people who know what they are doing can know how to turn it off, and everyone else needs to be logged in as a regular user. typing your password in when you install something is not the worst thing in the world. the amount of things you're going to need to type in reconfiguring your computer once you hav
  • Microsoft... (Score:5, Insightful)

    by Greyfox (87712) on Thursday February 05, 2009 @03:36AM (#26734475) Homepage Journal
    Ignoring 30 years of accumulated UNIX wisdom... for 30 years.

    I swear those guys are like that guy who just installed Linux, runs it as root all the time because he "knows what (he's) doing" and enables telnet and hands out logins to all his friends. Except that guy learns after the first or second time his system gets rooted that maybe he should stop being such a goddamn jackass and run his system the right way from now on. Microsoft never got past the jackass phase. They keep implementing half-assed fixes because they think they can do it better. You'd think 30 years of failure would convince them otherwise...

  • by gmuslera (3436)
    Problem Exist Between Redmond And Press. Sometimes is not user fault.
  • by XCondE (615309) on Thursday February 05, 2009 @04:15AM (#26734645) Homepage

    But Valve will go after you for trying.

    My question:

    Customer 06/11/2006 04:15 AM

    I am not willing to play (and let other people play) HL2 using the Admin account on my computer because of the obvious security implications (I don't want my computer infested with malware).

    Is there any way to run it without admin privileges? I installed it using admin privileges and went back to my unprivileged account but turns out it needs to write data to the install folder (bad programmer - no donut for you).

    Which are the files STEAM tries to write to in the install folder?

    If it turns out to be too complicated I'll just download the no-steam version with BitTorrent ;-).

    Their response:

    Response (Josh) 06/13/2006 01:34 PM

    Thiago, It cannot be run without admin privileges. I know you were probably joking, but I would also encourage you to avoid any product that claims to get around Steam. We take cheating and hacking very seriously.

  • by SupremoMan (912191) on Thursday February 05, 2009 @04:27AM (#26734683)
    "Users' Use of Windows Makes Most Windows Malware Worse"
  • Bleeding obvious (Score:4, Informative)

    by Dynamoo (527749) on Thursday February 05, 2009 @05:52AM (#26734999) Homepage
    It's bleeding obvious, isn't it? Running as an admin is the best way of screwing your machine up when you get infected.

    Our user population is split about 50/50 between desktops and laptops. Most laptop users have blagged admin rights at some point because they need to add printers, sometimes change LAN settings, install applications to hide their porn surfing, that sort of thing. Our desktop users are in a fully managed environment, and do not have admin rights.

    We need to spend virtually zero time with malware problems on desktop machines. Any infections are generally minor and easy to fix. Laptops.. well, they are a complete nightmare of rootkits and stuff buried so deeply that we have to nuke the machine from orbit to clean it up.

    The REALLY fun part is logging onto an infected machine with DOMAIN ADMIN rights... if it's a sophisticated bit of malware.. well.. Armageddon basically..

  • by Phoenix (2762) on Thursday February 05, 2009 @06:05AM (#26735047)

    I never thought of that. Windows is such a pain to use at all without the admin access that most people just shrug, set themselves up as a Power User just so they can use the damn thing.

    But when you think about it, in the *nix community running as standard users is a staple...the norm if you will of computer operation. If you're logged on as "Bob" and you need the Admin-level access (install something, access a file that is not owned by your account, etc) you fire up "sudo" or a terminal window and SU it for a while.

    If it's a nice graphical interface in either usage or installation...it'll even pop up and say "I'm sorry, you need admin access. Do you have the password?" And if you do then it'll just shrug and bloody well go and do it.

    This is something that needs to be put in future versions of Windows. That and stop requiring The Sims 2 to have administrator access just so you can play paper dolls.

    Phoenix

    • Re: (Score:3, Informative)

      I can't say anything about The Sims 2.

      But the feature request that got you modded to +5 Insightful already exists. It's called UAC. No, seriously.

      If you're logged into an admin account in Vista/Win7, you actually get a limited user account, and the UAC mechanism temporarily elevates you to a full admin when you click the infamous "Allow" buttons. Yes, it's a pretty lame bit of UI design. I turn that mode of UAC off, so that my admin accounts have full admin powers from the moment I log in.

      However! If you lo

  • by Junks Jerzey (54586) on Thursday February 05, 2009 @10:36AM (#26736837)

    I'm longtime software engineer, I've used UNIX and Linux professionally...and I still run Windws as an admin, all the time.

    Why? For starters, vim--yes, vim, the open source editor with roots in secure operating systems--writes to its own folder in Program Files, which is a huge no-no. I can get around this by installing vim to it's own special folder, like c:\vim, but it's a symptom of the overall problem. While most new commercial applications do things right, older apps don't, and there's a real issue with free software not handling things correctly. The proper way to handle this is to figure out what software works correctly and what doesn't (which isn't always easy, because some programs only do bad things in particular cases, and it may take months to realize this), and keeping the bad ones out of Program Files.

  • Least privilege (Score:3, Insightful)

    by c_g_hills (110430) <chaz@ch[ ].com ['az6' in gap]> on Thursday February 05, 2009 @01:08PM (#26739661) Homepage Journal
    I find this interesting because I reinstalled my XP workstation only last week after several years and took the opportunity to start running in least privilege mode. It is quite apparent how much software there is that still does not function well using a non-admin account. A lot of my software I have converted to portable versions using thinapp which should prevent registry bloat, and allow me to take them with me on another device and keep all my settings.

A sheet of paper is an ink-lined plane. -- Willard Espy, "An Almanac of Words at Play"

Working...