Whether or not to enable this setting depends on the usage of the specific
machine--I'll see if I can give some examples--but to allay your fears--it
does not create a security risk in terms of access to the machine. All that
it allows is for standard users (i.e. users NOT administrators) to take
actions that Defender allows--i.e. change settings within Windows Defender,
choose cleaning actions, etc.
If your machine were used by a family--with a parent or parents as
administrators, and the kids as standard users, you might choose not to let
the kids take actions with Windows Defender, if you weren't sure about their
judgement, or wanted to be sure you could see alerts and know what was
happening with the machine. You might also choose to trust their judgement,
and allow them to take cleaning actions.
If the machine is an office machine, but the office uses good practices, and
runs with standard user most of the time, you might choose to allow this
setting so that workers could use Defender to scan and clean without having
to runas administrator, or log off and back in as administrator, if
something needed to be done.
This setting should not create any security vulnerability--it simply allows
standard users to make choices within Windows Defender's capabilities.
Whether that's appropriate in your situation depends on how the machine is
used. If there is a single user, and that user is an administrator, the
setting has no relevance at all.
--
"t595.rider" <(E-Mail Removed)> wrote in message
news:F7BD09B0-559D-43BB-83EA-(E-Mail Removed)...
>I am currently restoring my system due to trojan horse type virus. I ran
> FDISK off a Windows98 startup floppy. I wiped all partition information
> off
> the hard drive and then set the boot partition up to enable large disk
> support... blah... blah... blah...
>
> I now have a fresh install of WinXP Pro SP2 with all the "high priority"
> updates from Microsoft. The software updates, all "retail" software,
> including Norton AV Pro 2004, the OEM bundle that came with the box, and
> various Powertoys, device driver updates, and now Windows Defender were
> installed under the username that I provided the XP installation utility.
> That username is a member of the administrators group by default.
>
> Should I be concerned about the administrator option in Windows Defender
> that allows all users to use Windows Defender? Will allowing all users
> administrative privileges afford someone remote access to the local
> machine
> by overriding the security permissions that deny remote access to the
> local
> machine as set in the Security Policies of XP?
>
> My logic center... with its nifty warning light blipping away... wants me
> to
> disable this option, as the automatic handling of issues, updates and
> scheduled scans is addressed by the option to use Windows Defender;
> therefore
> no user, save the local administrator, should need to be involved with the
> application or have administrative privileges to Windows Defender.
>
> As of this post, I am logged on as the default administrator and disabling
> this option. I know just enough about XP to realize that I could be
> starting
> an avalanche, but the support documents do not address these options and
> the
> technical writing, in the option description, is explicit enough, in its
> verbage, to afford an optimistic, literal, and linear interpretation. Am
> I
> missing some glaring absolute in XP security policies that mitigates my
> concern?
|
Similar Threads
