How may run as administrator all the time?

[Kerry Brown]

How many of you run as an administrator all the time? If you do why do you
do it?

People who feel they need to run as an administrator because "I know what
I'm doing dammit" are the main cause of the security problems we are now
seeing. I am just as guilty as anyone else. I always run XP as an
administrator. With older versions of Windows based on 9x there really was
no security. With NT based versions few people ran with administrator
privileges until the migration from 9x started. As people migrated so did
programs. Many of these programs were not designed with security in mind so
even more people started running with administrator privileges just so their
programs would run. This spiralled out of control until we come to the
present where with XP it almost impossible to run without administrator
privileges. Microsoft has tried to Band-Aid the situation but really if
everyone switched to using standard accounts a lot of the security problems
would be solved even in XP. UAC is another Band-Aid designed for people who
insist on running everyday tasks as an administrator. It's now time to bite
the bullet and endure some pain while the pendulum swings back the other
way. Start running as a standard user for every day use. When a program
doesn't work contact the developers and complain. If they don't fix it
complain some more or look for an alternative program. We are in for a few
years of pain but in the end the pain will go away. If things don't change
the pain of malware will never go away. Running as a standard user won't
make malware go away. It will be with us as long as it's profitable. Running
as a standard user will make it much easier to fight it and mitigate the
impact of it. As malware becomes less profitable there will be less of it
around.

I hope Microsoft has the b#$$s to stick with UAC and make it work. It will
force the security model on us whether we want it or not.

 

[Jimmy Brush]

I must admit I run in XP as admin myself

I tried it as a standard user and was appalled at the lack of support by all
major software vendors.

Now, with UAC, I am very happily embracing the new security model .... it is
long overdue!

- JB

Vista Support FAQ
http://www.jimmah.com/vista/

 

[jonah]

How many of you run as an administrator all the time? If you do why do you
do it?

People who feel they need to run as an administrator because "I know what
I'm doing dammit" are the main cause of the security problems we are now
seeing. I am just as guilty as anyone else. I always run XP as an
administrator. With older versions of Windows based on 9x there really was
no security. With NT based versions few people ran with administrator
privileges until the migration from 9x started. As people migrated so did
programs. Many of these programs were not designed with security in mind so
even more people started running with administrator privileges just so their
programs would run. This spiralled out of control until we come to the
present where with XP it almost impossible to run without administrator
privileges. Microsoft has tried to Band-Aid the situation but really if
everyone switched to using standard accounts a lot of the security problems
would be solved even in XP. UAC is another Band-Aid designed for people who
insist on running everyday tasks as an administrator. It's now time to bite
the bullet and endure some pain while the pendulum swings back the other
way. Start running as a standard user for every day use. When a program
doesn't work contact the developers and complain. If they don't fix it
complain some more or look for an alternative program. We are in for a few
years of pain but in the end the pain will go away. If things don't change
the pain of malware will never go away. Running as a standard user won't
make malware go away. It will be with us as long as it's profitable. Running
as a standard user will make it much easier to fight it and mitigate the
impact of it. As malware becomes less profitable there will be less of it
around.

I hope Microsoft has the b#$$s to stick with UAC and make it work. It will
force the security model on us whether we want it or not.

I agree Kerry, I run as a standard user for testing purposes and as a
full admin when I am fiddling about or installing / uninstalling
software.

XP is admin all the time, so much does not work unless an admin
account is used, the aggravation of getting stuff to work on a user
account far outweighs the risks involved.

Linux wise I always run as user, very rarely on a full root account.
If MS had implemented UAC in the same way as Unix root or user
accounts I would have no problems with it. When I am "root" or "admin"
I expect to have full and total control. UAC and the half assed admin
account is just silly.



Jonah

 

[Chad Harris]

Good points you raised Kerry--

I hope MSFT has the presence to find ways to make UAC deployment more
workable and interfere less with productivity for their customers.

"When a program doesn't work contact the developers and complain."
Admirable Kerry but pragmatic (I don't think you can make a dent).

I don't think also speaking of contacting developers and complaining when
things don't work that the public has any way with efficacy to contact
MSFT--I know all the ways, but I'm talking about meaningful contact that has
any impact whatsoever.

Currently MSFT bans the public from accessing bug reports on Connect. They
consider them unwashed and stupid, and really of no consequence except that
they want their money.

How vulnerable do you feel people are if they have a decent 1) software
firewall like the one in Vista with the advanced MMC snap-in 2) NAT
firewall in a router whether they network or not 3) use the highest level of
encryption available to them when they are mobile and keep up with what MSFT
or other software companies offer as best practices to achieve this end
(excluding for the purposes of argument, UAC) 4) decent antivirus software
and see to it that definitions are regularly updated (WOC does this
well--Norton does it on Wednesday afternoons and evenings unless you
manually use Intelligent Updater's site) 5) Run several spyware scans
regularly since the best any of them can do is 60-70% and all are plagued by
nomenclature problems and false positives and false negatives?


I ain't had no significantsecurity breaches for years, or since using a
computer regularly even on a Windoz box, and I run as ad anytime UAC gets in
my way. I am fully cognizant that ISPs in my country are allowing my
government to illegally wiretap when they offer digital phone services and
have been using devices like Magic Lantern, CALEA software, and trying to
vaccum email and very possibly key stroke log. I also try to stay current
with scripts that will foil key stroke loggers.

I also closely follow the excellent but often disingenuous Security and UAC
team blogs and their homies (since MSFT is opening their arms to the United
States government, wiretapping, turning over all customer info to the
government and not talking about it, and turning over their searches again
again again to the government).

CH

 

[Kerry Brown]

jonah wrote:

Linux wise I always run as user, very rarely on a full root account.
If MS had implemented UAC in the same way as Unix root or user
accounts I would have no problems with it. When I am "root" or "admin"
I expect to have full and total control. UAC and the half assed admin
account is just silly.



Jonah

I agree that the half assed admin account is silly. I'm just guessing but I
think it was implemented that way because MS knows there will be many people
that will still run as an administrator all the time because that is the way
they have always done it. We all suffer because some are resistant to
change. Maybe Vista should come with a dual boot to Linux setup so people
can see how it should work and then start using Vista properly

Seriously if the default install setup a standard user and defaulted to that
user on the first logon a lot of the UAC complaining would go away.

 

[Chad Harris]

I'd give UAC an F- in implementation. Those grades would not have gotten
Gates and Ballmer into Harvard unless they had the fix in that got Bush into
Yale.

CH

 

[Chad Harris]

Kerry--

"Seriously if the default install setup a standard user and defaulted to
that
user on the first logon a lot of the UAC complaining would go away."

How would that affect the roadblocks that get in your way of installing and
just doing simple things like renaming folders and copying files?

I'm seriously looking for ways that implementation can be made smooth and
relatively easy without my reflex regedits and secpol edits. That's what's
drawing me to start to follow the UAC team blogs and blogs of their
associates at MSFT who are also blogging on UAC as guests or on their own
blogs. I think it's far from that and "half assed admin account" (Jonah's
term) is a very apt discription. It's an antagonizing "half assed admin"
account. It is very hard to beleive all the talent that is architecting and
planning and making calls on Vista security including Senior Security
engineers as talented as Steve Riley would not get feedback from their
friends, neighbors, and their own households to make this kind of
implementation happen.

Surely there are ways for MSFT to make major improvements in implementation.

CH

 

[Kerry Brown]

Chad Harris wrote:

How vulnerable do you feel people are if they have a decent 1)
software firewall like the one in Vista with the advanced MMC snap-in
2) NAT firewall in a router whether they network or not 3) use the
highest level of encryption available to them when they are mobile
and keep up with what MSFT or other software companies offer as best
practices to achieve this end (excluding for the purposes of
argument, UAC) 4) decent antivirus software and see to it that
definitions are regularly updated (WOC does this well--Norton does it
on Wednesday afternoons and evenings unless you manually use
Intelligent Updater's site) 5) Run several spyware scans regularly
since the best any of them can do is 60-70% and all are plagued by
nomenclature problems and false positives and false negatives?

<snipped>

If you run as administrator you are vulnerable to zero day exploits even
with all the above. In XP even running as a standard user you would still be
vulnerable to zero day exploits like the wmf fiasco. With all OS's there is
always the possibilty of an undiscovered flaw in the kernel being found.
With most exploits the damage would be very minor and easily fixed if you
ran as a standard user. I haven't played with Vista enough or read enough
about how it actually works to know if the same is true for Vista. If
Microsoft holds fast on driver signing and manufacturers take to heart that
drivers and services can work in user mode then Vista 64 should stay
reasonably secure if everyone used a standard user account.

 

[Kerry Brown]

Kerry--

"Seriously if the default install setup a standard user and defaulted
to that
user on the first logon a lot of the UAC complaining would go away."

How would that affect the roadblocks that get in your way of
installing and just doing simple things like renaming folders and
copying files?

<snipped>

I run Vista this way all the time. I actually had to change the group policy
in my domain to allow this. SBS 2003 wants everyone to be a local machine
administrator. When I want to install a program I first try it as a standard
user. A properly written program should allow a standard user to setup and
run it for their account only. Of course very few Windows programs work like
this. My next try is to run the setup with "Run as administrator".
Surprisingly this works very well with most programs I've tried. I get a UAC
prompt for the administrator password and usually that's it. Note that I've
limited my use of programs on Vista to the newest versions I can find and I
haven't tried any notoriously ill behaved programs like anything by Intuit
or Sage Software. If Vista becomes popular and reaches critical mass then I
expect most software companies will figure out how to deal with it.

As far as renaming folders and copying files I have mostly limited myself to
using My Documents and network shares. If I want to do anything else I
either use an elevated cmd prompt or Explorer with Run as administrator.
Using Run as administrator from a standard user account seems to affect the
amount of UAC prompts I get. It seems less intrusive than when running from
an administrator account. I haven't actually had time to do back to back
comparisons so it may just be wishful thinking on my part. I am going to
have to try Vista when not connected to a domain. It seems that having
domain credentials solves a lot of the problems others are seeing,
particularly with network shares.

 

[deebs]

Thanks for the reminder Kerry.

I'll endeavour to be a user rather than admin/user from henceforth.

it was/is my own oversight that I can only put down to still being in
the middle of things.

 

[Jimmy Brush]

There shouldn't be any reduction of UAC prompts from an admin vs non-admin
account by default, if you use the two accounts in exactly the same way.

One thing to note is that if you open a program "as administrator" (whether
running as an administrator or a normal user), you supress any UAC prompts
that program would have given you, and if that program starts any other
programs, its UAC prompts as well, and so on, and so forth.

For example, attempting to create and rename a bunch of files in a
permissions-restricted folder from an admin account will cause a UAC prompt
for each action - very annoying.

However, if you run explorer as administrator, you will only get 1 UAC
prompt, the first one, and all other UAC prompts are suppresed from within
explorer and any program launched from that explorer.

This holds true whether you are logged in as an administrator or as a normal
user.

I'm sure Microsoft's thinking on the explorer fiasco is that they only want
to ask for admin when absolutely necessary (ie right before the restricted
operation) - but the current implementation is fried.

It is rediculous to have to elevate to create a file/folder in a
permissions-restricted folder, type a name for the file/folder, and then
have to elevate yet again for the rename - little things like this seem
poorly thought out in my opinion, and there are alot of these types of
issues when working with explorer.

- JB

Vista Support FAQ
http://www.jimmah.com/vista/

 

[Kerry Brown]

You're probably right about this. I have been trying to use Vista as I do
Linux. Whenever I need admin access I automatically use an elevated cmd
prompt or Run as administrator so that's probably why I don't see a lot of
UAC prompts.

 

[Kerry Brown]

I don't know about F but definitely somewhere below C- It does seem to be
getting better as builds progress. Hopefully by the RTM it will at least be
up around a C somewhere.

 

[Jimmy Brush]

Actually, to be precise, there may be some UAC prompts that won't show when
running as a non-admin.

Applications can request that they run with the highest available
permission. If these apps are ran from an administrator account, they will
prompt for elevation. When they are ran from a standard user account, they
will not prompt and simply run with whatever permissions the user has.

Not sure how many apps like this there may be in windows, there could be a
few.

- JB

Vista Support FAQ
http://www.jimmah.com/vista/

 

[Mark D. VandenBerg]

The "Performance Diagnostic Console" immediately comes to mind.