Administrator Options in Windows Defender Version: 1.1.1593.0

[Guest]

I am currently restoring my system due to trojan horse type virus. I ran
FDISK off a Windows98 startup floppy. I wiped all partition information off
the hard drive and then set the boot partition up to enable large disk
support... blah... blah... blah...

I now have a fresh install of WinXP Pro SP2 with all the "high priority"
updates from Microsoft. The software updates, all "retail" software,
including Norton AV Pro 2004, the OEM bundle that came with the box, and
various Powertoys, device driver updates, and now Windows Defender were
installed under the username that I provided the XP installation utility.
That username is a member of the administrators group by default.

Should I be concerned about the administrator option in Windows Defender
that allows all users to use Windows Defender? Will allowing all users
administrative privileges afford someone remote access to the local machine
by overriding the security permissions that deny remote access to the local
machine as set in the Security Policies of XP?

My logic center... with its nifty warning light blipping away... wants me to
disable this option, as the automatic handling of issues, updates and
scheduled scans is addressed by the option to use Windows Defender; therefore
no user, save the local administrator, should need to be involved with the
application or have administrative privileges to Windows Defender.

As of this post, I am logged on as the default administrator and disabling
this option. I know just enough about XP to realize that I could be starting
an avalanche, but the support documents do not address these options and the
technical writing, in the option description, is explicit enough, in its
verbage, to afford an optimistic, literal, and linear interpretation. Am I
missing some glaring absolute in XP security policies that mitigates my
concern?

 

[Bill Sanderson MVP]

Whether or not to enable this setting depends on the usage of the specific
machine--I'll see if I can give some examples--but to allay your fears--it
does not create a security risk in terms of access to the machine. All that
it allows is for standard users (i.e. users NOT administrators) to take
actions that Defender allows--i.e. change settings within Windows Defender,
choose cleaning actions, etc.

If your machine were used by a family--with a parent or parents as
administrators, and the kids as standard users, you might choose not to let
the kids take actions with Windows Defender, if you weren't sure about their
judgement, or wanted to be sure you could see alerts and know what was
happening with the machine. You might also choose to trust their judgement,
and allow them to take cleaning actions.

If the machine is an office machine, but the office uses good practices, and
runs with standard user most of the time, you might choose to allow this
setting so that workers could use Defender to scan and clean without having
to runas administrator, or log off and back in as administrator, if
something needed to be done.

This setting should not create any security vulnerability--it simply allows
standard users to make choices within Windows Defender's capabilities.
Whether that's appropriate in your situation depends on how the machine is
used. If there is a single user, and that user is an administrator, the
setting has no relevance at all.

--