Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Running Windows Without Administrator Privs?

Cliff posted more than 8 years ago | from the got-root-but-don't-want-it dept.

239

javacowboy asks: "For a while now, I've been advising friends who run Windows to try running as a regular user, as opposed to running as administrator, which is the default setting. However, I switched to Mac a year and a half ago and I haven't run Windows since, so I'm probably not the best person to be giving this advice. Still, on a philosophical level, *trying* to run Windows as a non-admin, given the prevalence of viruses, worms, trojans, and spy-ware, seems to make sense. Have any of you tried to run Windows as a non-admin, and how did it work out for you? Are there certain tasks or certain software you need to be admin to run? How realistic is it to expect a Windows user to run their OS as non-root?"

Sorry! There are no comments related to the filter you selected.

one experience (5, Informative)

yagu (721525) | more than 8 years ago | (#15385180)

A friend's computer shared by the entire household was unendingly compromised. We restored XP many times from scratch but the result was always the same, within a month XP was toes up again.

We did manage to trace the culprit pretty certainly to one of the kid's AOL sessions. No emphasis and teaching was enough to stop a trusting click to wreak trojan horse havoc. (I don't blame the kid, she was using in good faith and only talked to friends, and only clicked when she was assured they were "being good". Unfortunately, in the world of XP running with admin privelege, this is not enough.)

We finally bought a separate computer with discrete accounts, and only one had admin access. The kids' accounts were non-admin. This new machine remains uncompromised, but with a price.

The non-admin accounts, while unable as expected to install software, have random and mysterious failures. I've been able to track some down to exactly what I (and most) feared -- applications which expect to have admin access. Not one example was legitimate in the sense the failure point was performing work requiring admin access, it was just presumptive development by the application. (Interestingly, one of the applications that works fine in admin access but not in non-admin access is Windows Media Player 10.)

Unfortunately this turns out to be a common symptom running non-admin in XP. Lots of applications will work fine. Lots won't.

The machine remains partitioned as described, but the ultimate result has been the kids gravitating back to the unprotected computer for unfettered access. I expect that machine will continue to need its periodic re-imaging.

These problems in XP aren't rare and are artifacts of an infrastructure with security tacked on in ugly layers again and again, all as afterthoughts. I hope Vista proves better at this, but wonder how many applications will continue as problematic because of a murky and muddled and shifting security architecture.

For the record, I'm simply amazed Microsoft has gotten away with this for so long... it's ample empirical evidence more deals on shop architectures are being made on the golf course and not around the white boards.

And, also for the record, Microsoft has the money and power to fix this once and for all. I'm sure some will defend Microsoft's incremental work on this, but for too many years my observation has been Micosoft using their money to buy additional fingers with which they point at others to blame rather than work to solve comprehensively the security and system integrity problems.

  • Bottom line:
I still recommend PC owners create separate non-admin accounts with only one admin account. Applications that won't/can't play nice I recommend they uninstall and ask for their money back. This isn't optimal, but it keeps the machine healthy longer.

Sigh.

Re:one experience (3, Informative)

exKingZog (847868) | more than 8 years ago | (#15385226)

We run all our staff accounts as limited users at work. We have two pieces of software that don't like running under regular accounts, and in both cases the solution is to give users modify access on that app's folder in %program files%. Also, I'm puzzled by WMP 10 not working - works fine for our staff, and my girlfriend's account on my PC, and the guest account I set up for a friend once.

The main culprit is almost always always programs trying to store data in their installation folder rather than the user's appdata directory.

Re:one experience (2, Interesting)

Jaruzel (804522) | more than 8 years ago | (#15385751)

However, modifying %ProgramFiles% is fine for us SysAdmins, but your average Joe User isn't going to have a clue on how to do it - The application will barf, and Mr Dad will say 'Sod it. I'll give myself Admin', because life is simply too short to faff about with these things.

Vista's approach, while not perfect does redress problem somewhat. If an app needs admin, Vista pops up a dialog asking for User/Pass of an admin account (a bit like an automatic SU) - I'm not sure if Vista knows each app and what it need via some list, or if code analysis is at play (I doubt it), but my experience of the Vista betas, seems to indicated that this system CAN work.

Now, the real question is, why can't MS add that functionality to XP ?

-Jar.

Re:one experience (1)

michrech (468134) | more than 8 years ago | (#15386207)

Now, the real question is, why can't MS add that functionality to XP ?

It *is* in XP; at least in PRO. I know it works when one is connected to a domain, however, I've never run my own machine as anything but "admin", so I don't know if it does the same when not connected to a domain.

If anything, that functionality is directly from XP (only possibly modified to work when not connected to a domain, if in fact it works only when connected to a domain).

Re:one experience (3, Informative)

skinfitz (564041) | more than 8 years ago | (#15385296)

applications which expect to have admin access

...don't want to sound like a Windows fanboy at all but there are many *NIX apps that expect to have root - ethereal for example. Sure they are usually system admin related, but it doesn't mean that you have to run the entire session as root because you can simply use su.

In Windows you can use the runas command similar to su to give elevated privs to individual apps. You can also use a switch to cache credentials (like chown +x root) that the admin can use to give users the ability to work with awkward apps so it's not really a big deal for the odd application if the machine is set up correctly.

Re:one experience (1)

bakes (87194) | more than 8 years ago | (#15385515)

I take your point, but I think the GPP was groaning more about the apps that expect admin access but don't really need it, not just the fact they expect to have admin access. Kodak Easyshare is one example I have come across - why should a photo album manager need admin privileges to my box? I run as a regular user all the time, using Administrator account only to install/upgrade software, and the Easyshare program came up EVERY TIME with a WARNING!!!! THIS PROGRAM MAY NOT FUNCTION CORRECTLY blahblah BECAUSE YOU ARE NOT ADMINISTRATOR. What it was really complaining about was that it couldn't catalogue all the photos in some directories under 'Documents and Settings' because regular users can't see in other users folders.

The other example from the GPP was Windows Media Player 10. Why does that need to run as admin? Maybe it's like my HP Printer software - it likes to check the internet and upgrade itself when I'm not looking.

Re:one experience (1, Insightful)

Bert64 (520050) | more than 8 years ago | (#15385647)

Programs which check for updates like that are incredibly annoying...
Having a whole heap of programs looking in different places for updates is horrendously stupid. The OS should provide a centralised place from which you can update the entire OS and all your apps in a centralised and consistent manner.

Re:one experience (1)

skinfitz (564041) | more than 8 years ago | (#15385763)

Amen to that - my personal pet hates are 'Install Shield Update Manager' and JAVA that constantly tries to update itself.

Where is yum for Windows!

Re:one experience (1)

skinfitz (564041) | more than 8 years ago | (#15385759)

Oh I agree totally; I've seen lots of Windows programs that warn about admin rights but in most cases I think it's just poorly written software by lazy programmers who couldn't be bothered spending time actually working out what permissions to set or just thought they'd keep files they need to write to constantly somewhere where the user really should not be able to write to such as under the Windows folder.

Easyshare sounds like a crappy piece of software so in my situation I'd simply find an alternative, however you can't really blame Microsoft for poorly written software (except Windows...) I agree that it should not need admin rights just for a photo sharing program but in this case I'd shoot the programmers not MS.

Re:one experience (0)

Anonymous Coward | more than 8 years ago | (#15385860)

Maybe it's like my HP Printer software - it likes to check the internet and upgrade itself when I'm not looking.

The last printer driver I saw like this was a Dell all-in one driver. Although the official reason was to update, the real reason was to display popups to sell printer supplies long before they were actually needed! Crap like this guarantees Windows will remain insecure.

Re:one experience (2, Informative)

Bert64 (520050) | more than 8 years ago | (#15385641)

Ethereal only requires root if you want to actively sniff the interface with it (as opposed to reading logs you captured earlier), there are obvious reasons why non root users can't sniff network traffic especially on a system which was designed to be multi user rather than having multi-user support kludged in as an afterthought.

In many unixes nowadays you can use capabilities, to give a program that normally would require root, whatever access it requires without giving it full root (such as raw socket capability etc)...

Also, you have to be careful *WHICH* programs you give increased privileges to, some are simply not designed with that in mind, or perhaps just poorly programmed.

Re:one experience (1)

kestasjk (933987) | more than 8 years ago | (#15385686)

Yes, but the difference is ethereal requires root to get low level access to network devices. Why does Windows Media Player 10 need to be run as admin?

Re:one experience (2, Funny)

skinfitz (564041) | more than 8 years ago | (#15385718)

Why, to sniff your network to send anything it finds to the government of course! ;)

Re:one experience (2, Informative)

cortana (588495) | more than 8 years ago | (#15386305)

If you run ethereal as root then you're asking to be compromised.

You should be capturing packets with tcpdump (as root), and opening the file it creates with ethereal as an unpriviliged user.

Re:one experience (2, Insightful)

drsmithy (35869) | more than 8 years ago | (#15385505)

(Interestingly, one of the applications that works fine in admin access but not in non-admin access is Windows Media Player 10.)

What problems did you have ? Because while I don't use WMP frequently, I've never had a problem using it in a non-admin account.

These problems in XP aren't rare and are artifacts of an infrastructure with security tacked on in ugly layers again and again, all as afterthoughts.

The security infrastructure in NT (ie: XP) has been there from the get-go and certainly wasn't "tacked on" as an "afterthought".

I hope Vista proves better at this, but wonder how many applications will continue as problematic because of a murky and muddled and shifting security architecture.

It's got nothing to do with the architecture and everything to do with poor developers.

And, also for the record, Microsoft has the money and power to fix this once and for all. I'm sure some will defend Microsoft's incremental work on this, but for too many years my observation has been Micosoft using their money to buy additional fingers with which they point at others to blame rather than work to solve comprehensively the security and system integrity problems.

How do you propose Microsoft "fix" it ? By writing everyone's applications for them ?

Re:one experience (2, Insightful)

Bert64 (520050) | more than 8 years ago | (#15385670)

The security infrastructure in the (NT) kernel was there from the start, but the frontend interface that most people interact with comes from win3.1/9x which most certainly has no concept of security.

When merging the 2 together, they decided that a consistent (ish) interface was more important than security, so the underlying security features got bypassed or papered over.

Re:one experience (1)

zootm (850416) | more than 8 years ago | (#15386157)

Probably more of a case of "backwards compatibility" (something MS have shot themselves in the foot to preserve before), but yes. NT has a completely capable security system — a modern and functional one — but as you point out it is quite simply not used on the default home installation.

It's a bit of a sad situation really. The biggest problem is applications which aren't written to work in unprivileged user mode, though, and hopefully those will be largely fixed after Vista is released. No guarantees of that, though.

Re:one experience (1)

gutnor (872759) | more than 8 years ago | (#15386134)

For some unknown reason I had several issues with WMP using a non-admin account every time you tried to play something from the network. ( webradio, ... even without DRM )

However, after a fresh install (still non-admin), it was working fine.

The concept of UserRights made its way very slowly in Windows development expecially for cross-platform applications designed to run on WinMe and Win2000.
And the Windows API didn't made thinks easy, with some duplicated functions or parameters ignored on Win9x, ... Even if the security design of WinNT was ok Microsoft could have done something to ease the pain of cross-platform ( Win9x-WinNT ) development ! Like I don't know, patch Win9x to reproduce the same folder hierarchy like document and setting even if with only one user in it - flag in Visual Studio dangerous with API like the system hooks that were extremly used even for silly tasks - ...

Only since WinXP, it seems it is getting beter and even small OpenSource software/shareware are non-admin account ready those days.

Give the kids a VM (2, Interesting)

Anonymous Coward | more than 8 years ago | (#15386276)

www.vmware.com

Back it up when it's in a pristine state, then anytime they mess it up, delete it, restore from the backup.

Windows Media Player works fine (1)

spideyct (250045) | more than 8 years ago | (#15386296)

WMP does not require admin priveleges. You are probably just trying to read media files, or have your entire library stored, in a folder that the non-admin user does not have access to. Put the files in the My Documents (or Shared Documents) tree, or grant permissions to the folder you are already using.

Aaron Margolis (5, Informative)

BSDevil (301159) | more than 8 years ago | (#15385183)

Runs "The Non-Admin Blog" - one of the most useful resources for this. He's a Microsoft staff consultant, and often has tips for it you won't find elsewhere.

Check it out at http://blogs.msdn.com/aaron_margosis/ [msdn.com]

Re:Aaron Margolis (1)

adam1101 (805240) | more than 8 years ago | (#15385776)

Probably the most important utility on his site is the MakeMeAdmin [msdn.com] script. It's can raise your priviledges for one session (say of CMD.EXE), somewhat like SU. It differs from RunAs in that you retain the non-admin user profile, so file ownership, permissions, home directories etc are set to more useful values than with RunAs.

Annoying (1)

hop_uy (976156) | more than 8 years ago | (#15385184)

It's somewhat annoying, to me at least. If you have to make a change in global confguration, install an application or just use some special hardware (parallel port), you'll have to switch users. You'll have to stop whatever you are doing, close your session if you are at a domain, do your stuff and restart what you where doing. A waste of time.

Re:Annoying (2, Informative)

datafr0g (831498) | more than 8 years ago | (#15385354)

I agree that it is annoying in general however in XP Pro, installing an application is usually pretty painless.

Just "right click" the installer executable and select the "Run as" option to run the installer as a user with privilages.

Re:Annoying (1)

scsa (929805) | more than 8 years ago | (#15385904)

Except that right-click-run-as doesn't work on MSI files.

Time to either train Mom on using command-line runas, or right-click-run-as on IE in the quick launch (not the desktop, mom!), hope Mom 'gets' that this IE window and this window only has special install powers, remember to open the folder list somehow with the View menu, rebrowse to the same location, assuming the admin account has permissions on her profile folders and start the MSI from there.

Re:Annoying (1)

kanzels (975208) | more than 8 years ago | (#15385504)

Ever heard of Fast User Switching feature in Windows XP? You don't have to close your programs, just logon as new users by pressing Windows+L (if you turned on this feature), install programs and then return back to your work.

The Problem is with Clueless Users (-1, Redundant)

Canar (46407) | more than 8 years ago | (#15385185)

I run Win XP as admin, usually without firewalls or antivirus. The only thing I've ever been hit by is msblast.exe, and I have record uptimes of over a month on my main (ie. constantly-used) box. Yes, those long stretches were achieved by not rebooting after updating, yet I'm still fine.

The problem is that most users are clueless morons. You don't need to be anally-retentive about security to be secure, just not stupid.

Re:The Problem is with Clueless Users (4, Funny)

Russellkhan (570824) | more than 8 years ago | (#15385276)

So, you run XP as admin with no firewalls or antivirus despite having been hit by a virus in the past, and you don't reboot after updates, which means basically that your updates are not applied to your machine...

What is it exactly that the 'clueless morons' do that you don't?

Re:The Problem is with Clueless Users (1)

HaydnH (877214) | more than 8 years ago | (#15385731)

"What is it exactly that the 'clueless morons' do that you don't?"

Post on /.? Even a windows user who runs admin with no av or firewall and reads /. has to be a geek right?? =P

Re:The Problem is with Clueless Users (0)

Anonymous Coward | more than 8 years ago | (#15386242)

And if you had a firewall, you wouldn't have been hit by MSBLAST. By the way, thank you for spreading that one - my log files have been mucked up ever since by the noise that thing spews.

I run as non-admin (1)

Fulkkari (603331) | more than 8 years ago | (#15385188)

I have always used the NT, 2k and XP as non-admin. It works somewhat in my experience, but not as good as in Mac OS X.

Microsoft Office works as it should and with Visual Studio you would maybe want to add your user to the Debuggers-group (or something like that). Otherwise Microsoft's own apps works in my experience.

To me most problems occur with large (non-Micorsoft) commercial applications, especially games. You have to hack around to get it running as non-admin, and when you finally get it running it crashes on some feature, like multiplayer in games. Stupid. If you only have a couple of such games/apps, you could use the "Run as" (administrator user) option with Windows. There are also some 3rd party applications that allow you to do a wrapper application/script to allow running as admin.

So in summary, I'd say that if you are mostly using Windows for web, e-mail and Office, non-admin is the way to go. If you are doing some other stuff too, you will most likely need at least some tweak in filesystem permissions with the bigger apps to allow write or read access. And if you play games, then there's a 50-50 chance that you need admin-rights or not... But you can always use "Run as", to be safe with other apps!

Some advice (4, Informative)

VGPowerlord (621254) | more than 8 years ago | (#15385189)

I'm running Windows XP Pro as a Limited User right now. The important thing to remember is that some programs, games in particular, don't like it if you don't change the file (and sometimes, registry) permissions.

Registry permissions can be set using reged32.

Installers are also a problem. Since Windows program like making a mess (i.e. putting DLL files in the system and system32 directories), you usually need to run then as Administrator. The "Run As..." menu item can be used to elevate priviliges for a single program. This appears in context (right-click) menus by default, unless you're in the Control Panel. In that case, hold down shift when right-clicking.

Windows Explorer can be started as a different user, if you set the option to run Explorer Windows in a separate thread. This option needs to be turned on for the user you're changing to, not for the current user. You can find this option in Control Panel (Classic View), Folder Options..., View tab, Launch folder windows in a separate process.

Here's a few sources to consult:

I'm sure I missed some things, but other posters will point them out.

Another good site (1)

spideyct (250045) | more than 8 years ago | (#15386280)

http://nonadmin.editme.com/ [editme.com]

Thought you probably would have found that via Aaron Morgosis' Blog.

I have my wife setup as non-admin, and she doesn't really notice. I run as non-admin at home and its fine. Sometimes it gets messy during development when you need to attach a debugger to a system process (IIS), but there are ways to resolve each issue, and they are documented at the above sites.

Administer a bunch of Windows XP (1)

Mr.Ziggy (536666) | more than 8 years ago | (#15385192)

Running as a standard User (NOT power user) is possible, and has gotten a LOT better in the past 3 years.

Still, the Runas command doesn't work like SU in Unix, and there are many problems.

In the corporate/business environment it's somewhat possible if the business is locking down users and not letting them admin their machines, install odd programs, etc. And it does prevent some malware and worms.

In the home environment, so much of the software used wants/needs to be admin, it's very difficult and often impractical. Things like personal finance, CD burning software, games, etc.

The trick: You gotta get used to running Regedt32 and with file/folder permissions. Find *where* the program is doing odd writes to the registry and give them Full Control of those portions. Quite a bit of trial and error involved.

The assumption in with this is that the malware isn't trying to write to those particular keys... which is actually usually true.

Regmon Filemon (3, Informative)

pedestrian crossing (802349) | more than 8 years ago | (#15385384)

You can eliminate the guess work by using Regmon and Filemon from here [sysinternals.com] .

These utilities log all file and registry access attempts, successful or unsuccessful.

Most applications that "need" admin rights, actually only need the correct rights on a specific reg key or directory. Granting only the needed rights gets the app working without adding unnecessary rights/risks.

It can take some tweaks, but... (1)

dqbiggerfam (844707) | more than 8 years ago | (#15385195)

When I was interning for the tech school I was going to, I was envolved in setting up a batch of machines for use in the library. One program(something to do with the culinary course) required users have write access to it's program files in the system folder in order to get around having every culinary student be a power user.
Typically, you can email the program's developer or publisher for details on what permissions need to be set in order to run a progarm while a limted/standard user(it helps to be running XP Pro on a domain when dealing with the permissions though).

I could hear it now.... (4, Funny)

Zanth_ (157695) | more than 8 years ago | (#15385197)

Considering most users like to install the latest kitchy program, I would assume it would be quite a trial in the current format, to have a user run without admin access. I could only imagine the calls the local techy friend would get, instead of "can you pleeeeease come and fix my malwared/spywared/virused/trojanned/fubar'd computer" it will now be "can you pleeeease come and install happybloggeryp2pdownloadmeforfreeporntoday.exe"

Re:I could hear it now.... (2, Funny)

Bert64 (520050) | more than 8 years ago | (#15385680)

To which you can say "NO!" and hang up... Much easier than trecking over there and spending a few hours reinstalling the whole system!

It's actually fairly easy (1)

Aglassis (10161) | more than 8 years ago | (#15385216)

I've been running Windows NT machines (and later) for almost 8 years without using superuser permissions for normal use. You just have to become very familiar with "runas". In some cases you will need to actually be logged in as an Administrator to do certain tasks, but that is fairly rare. Some examples: if you need to access your control panel you can use:

runas /user:Administrator "C:\program files\internet explorer\iexplore.exe c:"

and then navigate there (though I recommend you rename your 'Administrator' account). Another useful program is mmc (and after a year or so you will memorize all the component names).

I should note, however, that it may seem that a runas for cmd might be useful. Sometimes it is. But some of the functionality is limited. For example, if you have an Administrator priviledged cmd prompt and you type "start .", you will open up a directory in explorer with the logged in user priveledges, not the superuser priveledges. That is why you must use "iexplore.exe c:" to get Administrator priveledges.

Windows XP is sort of nice now that you can right click for a runas. If you are frequently using runas, you may find that that feature is helpful. Finally, I should note that you shouldn't do highspeed tasks with a program loaded with runas. You will definately see a performance drop, especially with programs that make extensive use of the windows API.

Re:It's actually fairly easy (1)

Aglassis (10161) | more than 8 years ago | (#15385237)

Minor correction: I meant superuser logins for normal use. Obviously if I used runas I was using superuser permissions (though not always, wink, wink!)

Re:It's actually fairly easy (1)

Kha Na Set (976591) | more than 8 years ago | (#15385690)

...and you call this easy? It seems to me that this is the exact sort of thing that Windows users like to rip on Linux users for; i.e. the "That's simple, all you have to do is *insert paragraph of technical chatter*!" Why on EARTH would any decent operating system require you to go through all that, just to avoid running as a user that has enough permissions to hose your system? Under any recent GUI for Linux, and in OS X, all that happens is a window pops up asking you for your root/admin password, with some optional additional info if you're suspicious and want to know exactly why. While I'm not going to go overboard like so many often do on this site and claim that Microsoft should be disbanded and BGates thrown in jail for this or something, I still think it's rather irresponsible of Microsoft to leave this gaping wide open (yeah, yeah, goat.cx and all that) vector of attack in their operating system. You can't expect the average user to go through the steps you've outlined above, just like you can't expect the average user to go through, for example, a Linux install.

Running "most" of my applications from an Explorer window (thus opening it up to the aforementioned security risks), and occasionally having to log out completely and log back on as another user for a few others, just so you don't have to run as Admin? No thanks. I dual boot into Windows for games I can't otherwise play, and even that reboot time has me keeping a close eye on the progress of virtualization projects just as Parallels.

~KNS

I'm succeeding but there are many pitfalls (1)

Beryllium Sphere(tm) (193358) | more than 8 years ago | (#15385217)

By all means read Aaron Margosis's blog, get used to Run As, and be prepared to debug apps that don't want to run in a normal account (often it's just a few files or registry keys. Edit the ACLs for them and it may fix things).

A few months ago, Windows Update somehow stopped working from Run As. Annoying, but you only need to run it once a month.

Re:I'm succeeding but there are many pitfalls (1)

Sepodati (746220) | more than 8 years ago | (#15385346)

I use runas to open up Explorer/IExplore and then go to the Control Panel to run the Windows Update. Or just go to the website in IE opened with Runas. I use automatic download and install, so I haven't done this in a while, but I seem to remember it working. Does that not work now?

---John Holmes...

Doing it right now (1)

Captain Chaos (13688) | more than 8 years ago | (#15385219)

I'm posting from a limited account on an XP box right now. I've been doing this for a while now in Windows, but it isn't always a pleasant experience. It seems a lot of programmers out there write software that requires admin when there is really no need to do so. I had to get friendly with Run As so I don't need to switch users when I have to run a program with admin priviledges. I can understand my atomic clock sync program needing admin since limited accounts are unable to change the time or date, but a usenet reader? I tried NewsBin Pro and it doesn't work unless running under an admin account.

It is possible to run as limited depending on what applications you use without much of a hassle, but it would be a good idea to show your friends how to run programs as administrator. Also try and teach them it isn't a good idea to do that for any program that asks, only ones they know are safe. I've locked down a number of systems that friends and family ask for help with and it has made a major reduction in the number of calls I get about problems with their computers. I generally don't have many worries about spyware or viruses myself as I try to be careful with what I run, but it gives me peace of mind. I know I have another layer of protection to assist me in keeping my system clean.

Re:Doing it right now (1)

Jaseoldboss (650728) | more than 8 years ago | (#15386173)

I always run as non-admin on Windows too after a few nasty runins with malware. I feel vulnerable doing anything else, which is how it should be. I seem to remember the analogy that a surgeon doesn't walk around all day holding his scalpels etc.

Unfortunately, games mostly spoil this situation. Some state that they need admin on the packaging but others just assume that you're running a PC freshly delivered from the local store running XP Home with full rights. This is even worse when our local software outlet refuses to take returns to prevent copying or using up CD keys. They insist that you check the minimum spec before purchase, now what if the publisher doesn't say that you need to run as admin? Imagine trying to explain that to the assistant, especially as every PC that you buy will run it by default. My solution to that one is a spare hard drive for games which can be trashed at will.

These days, most things Just Work (1)

Curien (267780) | more than 8 years ago | (#15385221)

I ran Win2k Pro at home with a non-admin user just fine several years ago. Back then, there were still quite a few day-to-day programs (especially games and burning software) that required elevated privileges. It's not hard to set up a "run as" link for those apps, though.

I work in a corporate-type environment where almost no one has admin on their machine. Folks here run all sorts of applications, burn CDs, etc with no problems. In fact, we deny everyone write access to the C partition (where the OS and programs live; the Documents and Settings folder is on D in our image). Usually, programs that won't run as non-admin just try to write to their program directory, which can be easily worked around.

Ignoring the security model... (1)

Hymer (856453) | more than 8 years ago | (#15385224)

Several games are insisting on running as admin without ANY real need except programmers lazyness. Several applications has been seen to do the same (Adobe has f.x. been a real pita some years ago).
The real blame for this should however be placed hos Microsoft who accepted that software didn't use Windows security model when it got the "Designed for Windows" mark.
--
This sig is designed for painless integration with the comment...

The info is out there...if you can read German ;-) (2, Informative)

D4C5CE (578304) | more than 8 years ago | (#15385235)

The staff at Heise, publishers of c't (one of Europe's major IT mags) have dedicated much time, effort, and a series of extensive articles to this question. [heise.de] Some of them are online for a free read, in particular on the pages subsequent to the above link.

Learning German is probably an effort on par with trying to replicate their years of work and experience. ;-)

There was even a database detailing which application caused how much trouble without administrator privileges [archive.org] .

However, in all of this the question comes to mind whether the best way to obtain as much as possible of Mac-like security and ease of use on PCs wouldn't simply be installing Linux in the first place.

I always run as a user (1)

kestasjk (933987) | more than 8 years ago | (#15385242)

It just makes sense; on UNIX you wouldn't do non-administrative stuff as root, but I'm not big on gaming, so I'm not sure how gamers would get on as User. But for all the usual non-gaming tasks running in a user account doesn't get in the way at all.

One thing not many people mention; to get the best out of running as a user you should change the permissions on the drive Windows NT is installed on. On XP users can create folders outside of their home folder by default, but it'll keep things much cleaner and a throw a spanner in the works of most spyware if you turn this permission off (You have to turn off simple file sharing to do this, which unfortunately you can't do in XP Home).
Running as user, and with disk access limited to your home folder, you get some of the best of UNIX's security settings on Windows.

Forget it. (2, Insightful)

lukas84 (912874) | more than 8 years ago | (#15385257)

You can Windows as a normal user under the following circumstances:

a) You are in a company, working with a professional IT environment, with a helpdesk and administrators with knowledge

b) You are an administrator with knowledge

Running windows as non-admin is not for the faint of heart. While most Microsoft software runs flawlessly as non-admin, there is a large percentage of third party software which does not. This can be fixed in most circumstances, changing permissions in C:\Program Files\, the HKLM Key in the Registry, giving some Special Permissions to users, etc. pp.

Most games still don't work as non-admin. Installing a new application becomes a rather tremendous task of trying to find out what doesn't work. Sometimes these missing permissions cause rather subtle errors, which aren't obvious to figure out.

You will need to use sysinternals filemon/regmon each time you install an application.

It's not a problem to create a professional company network with only restricted users, if you have staff which is always available (-> You are not using a service provider). And if you have a rather restricted set of applications which is in use (You don't upgrade apps on a weekly basis - might happen if you're using SPS or PBX configuration tools).

My usual recommendation to home users are the following points:

* Use COMMON SENSE, think about what you're doing
* Keep a recent image of your machine on a seperate USB Harddisk
* Run your machine behind NAT of some sort
* Keep an updated Antivirus/Antispyware solution on your machine
* If you can, buy a Mac

The latter is a good choice, as long as macs aren't to popular.

Re:Forget it. (3, Insightful)

senatorpjt (709879) | more than 8 years ago | (#15385897)

Unforunately, only the people with the knowledge of how to prevent Windows from being compromised by running as Admininstrator in the first place are the only people who know how to set it up to run as a limited user.

It seems like Windows was set up so that the Administrator uses the Administrator account all the time, and if it's your personal computer, that's you - limited users are for when someone else is the Administrator.

It works (1)

Jarlsberg (643324) | more than 8 years ago | (#15385261)

I have a friend who hoses his Windows system every now and then. The last time he did it, I reinstalled Windows (and no, he doesn't *want* any other OS on the machine), created a non-admin account and told him to only log in as admin when he needs to install something. So far - about six-seven months running - he's had no problems. It works for him, and that's *very* ok with me. :)

Personally, I think running as non-admin is a good idea, but I don't really like the way it's implemented in Windows, so I don't do it myself.

Re:It works (1)

squidsuk (850172) | more than 8 years ago | (#15386021)

... friend who hoses his Windows system every now and then. I reinstalled Windows (and no, he doesn't *want* any other OS on the machine) ...

I won't do that any more, not for friends or family or anyone. Maybe for pay on a time and material basis at standard billing rates, but on no other basis, and they can take it to a shop at that rate and not bother me anyway.

If someone wants to leave Microsoft behind, then I'll help. But it doesn't help anyone to keep helping them hurt themselves. Tough love makes sense here - if someone doesn't want to leave their beloved but crappy Windows behind, that's fine with me, but they can fix it themselves or pay commercial rates to have it done professionally.

Admin account (1)

Enderandrew (866215) | more than 8 years ago | (#15385265)

I can't tell you the number of computers I repair that don't even have a password set on the admin account itself. Most users don't know this account even exists. Even if you use a non-admin account, many hackers use the password-less Admin account itself.

Re:Admin account (0)

Anonymous Coward | more than 8 years ago | (#15386144)

How are they using the Administrator account?

I don't bother setting an Administrator password, because this way RunAs cannot be used for it, while any remote access via SMB is prevented by the firewall.

Truthfully? (1)

Ryvar (122400) | more than 8 years ago | (#15385280)

How realistic is it to expect a Windows user to run their OS as non-root?

About two months ago I tried it. It was absolutely fucking horrible, and just a colossal pain in the ass. It may just be because I'm constantly installing/uninstalling both software and hardware, tweaking the system settings, etc. but it was flat out unusable. I've managed to avoid getting any virii, trojans, rootkits, etc. for the past decade - but even if I were to have to do a completely random system wipe once a year (in addition to my four quarterly reformats each year) I would still be way, way ahead in productivity compared to running as admin.

It's simply not worth the hassle.
--Ryvar

Re:Truthfully? (1)

Mad Merlin (837387) | more than 8 years ago | (#15385510)

...but even if I were to have to do a completely random system wipe once a year (in addition to my four quarterly reformats each year) I would still be way, way ahead in productivity compared to running as admin.

It's simply not worth the hassle.
--Ryvar

Wow... you consider reformatting 4 times per year, on purpose, acceptable, yet attempting to run as non-admin in Windows is too much hassle? Now that's saying something. Just attempting to install Windows once and get it to a usable state would be enough to make me blow it away -- simply not worth the hassle.

As usual, the answer is: it depends. (1)

thalakan (14668) | more than 8 years ago | (#15385282)

My user account (SID) on my x64 windows machine at home isn't in the administrator group, and I occasionally run into problems. Most software works ok, though.

The typical problem is that the programmer or software architect didn't account for user-specific config settings. Just like on unix, Windows lets you keep user-specific stuff in the user's profile. However, Windows has the ability to synchronize the user's profile across the network -- including the HKEY_CURRENT_USER subkey from the registry, so it's not as simple as just writing a bunch of stuff to a dotfile.

The WinNT kernel actually has an entire subsystem in its executive layer dedicated to handling its elaborate permission system: the security manager. It isn't nearly as easy to learn as the unix permission system, but it is capable of doing some pretty nifty things, like creating audit entries every time someone accesses a driver endpoint, or requiring someone to be logged onto the system console before allowing them to do something.

The problem is that it's just like xlib: you'd have to be crazy to use the APIs directly. So, programmers have the option of either:

A) Write hundreds of lines of code to implement graceful fallback using those APIs to test whether a privilege is available (and gracefully handle errors that occur when calling those APIs), or

B) Write one line of code to call MessageBox() and throw up a dialog telling the user they're boned if some API fails and GetLastError() returns 5 (access denied).

Both ways will result in working software -- as long as the user is running as administrator. Your typical profit-oriented software house doesn't have any financial incentive to help the users run with least privilege, so they nearly always choose option B if they have a choice about it. This is why a lot of people hold a grudge against certain application packages for throwing up uncomprehensible error messages. It's not that the programmers don't know how to do it right, it's just that they don't want to.

As a specific example, Cadence's capture product for EE work will throw up this helpful dialog [thedailywtf.com] if you don't have write access to the HKLM registry key, which is only writable by the Administrator and LocalSystem users by default.

By the way, the poster's use of the word "root" is a little misleading. In Windows terms, "root" is really the LocalSystem user, which has full access to everything, including \Device\PhysicalMemory and other juicy objects. The Administrator user has the ability to escalate privileges to LocalSystem, but it requires a few extra steps.

As far as helper software goes, there are only two things you need to know: the RUNAS command and the *.MSC files. The *.MSC files are Microsoft Management Console profiles, which are used by MMC to throw up dialogs like Local Users and Groups (lusrmgr.msc), Disk Management (diskmgmt.msc), and Device Manager (devmgmt.msc). You can even run them from the run dialog or the command prompt, since the MSC extension is associated with the MMC program by default. Go try it, I'll wait.

But how does this help you if you don't have privileges to modify disks or devices? Enter the RUNAS command. If you've heard of sudo, you can think of this as sudo for Windows. In fact, I usually do this on Windows boxen where I'm non-root:

C:\>cd %userprofile%
C:\Documents and Settings\myself>mkdir bin && cd bin
C:\Documents and Settings\myself\bin>copy CON SUDO.CMD
@ECHO OFF
REM sudo -- run program as administrator
runas /user:administrator %*
^Z
1 file(s) copied.

C:\Documents and Settings\myself\bin>sudo "mmc devmgmt.msc"
Enter the password for administrator: *************
Attempting to start mmc devmgmt.msc as user "MYBOX\myself" ...

C:\Documents and Settings\myself\bin>

Then the device manager dialog pops up on my desktop, with administrator privileges. From now on, you can say "sudo whatever" when you want to run something as administrator, regardless of your user's permissions. And if you want a command prompt with administrator privileges, just say "sudo cmd".

Re:As usual, the answer is: it depends. (0)

Anonymous Coward | more than 8 years ago | (#15385594)

The typical problem is that the programmer or software architect didn't account for user-specific config settings. Just like on unix, Windows lets you keep user-specific stuff in the user's profile. However, Windows has the ability to synchronize the user's profile across the network -- including the HKEY_CURRENT_USER subkey from the registry, so it's not as simple as just writing a bunch of stuff to a dotfile.

Mouting the users home directory from a NFS server in a NIS domain seems to work quite well, it's as simple as just writing a bunch of stuff to a dotfile.

Re:As usual, the answer is: it depends. (1)

drsmithy (35869) | more than 8 years ago | (#15385754)

However, Windows has the ability to synchronize the user's profile across the network -- including the HKEY_CURRENT_USER subkey from the registry, so it's not as simple as just writing a bunch of stuff to a dotfile.

Er, yes it is. You drop a config file into %USERPROFILE% or write it to HKEY_CURRENT_USER (where you should be putting it *anyway*) and the system takes care of the rest.

By the way, the poster's use of the word "root" is a little misleading. In Windows terms, "root" is really the LocalSystem user, which has full access to everything, including \Device\PhysicalMemory and other juicy objects. The Administrator user has the ability to escalate privileges to LocalSystem, but it requires a few extra steps.

Strictly speaking, Windows has no equivalent of root, as it has no concept of a 'superuser'.

Not hard to do on a home computer... (2, Interesting)

Rank_Tyro (721935) | more than 8 years ago | (#15385300)

Three years ago my girlfriend took her machine to a friend of hers to get it fixed. The guy installed a bootleg copy of XP on the machine, as well as an install of Norton AV.

When I had to clean the malware off, I noticed that there were no service packs, and the Norton had not been updated in over a year and a half.

I backed up all the pictures and work documents, then installed a legal version of Win2K Pro, Anti Vir, Clamwin, Firefox, spybot and Ad Aware.

The hardest part was convincing her to use her newly created user account. She did not like the idea of not having privledges on her own computer.

After alot of explaining, she agreed that maybe I knew a little bit more than she does about maintaining a computer. I had to give her the root password, but made her promise not to use it.

Now, the box has had no malware infections for over a year and a half. The only programs not useable by the user accounts are StarCraft, and Bit Commet. Neither of wich she cares to use.

The three different accounts all have different wallpaper, admin has a very large picture wich is predominantly red....signifying "stop", or "Danger". If she wants to start browsing, she checks to see if anything is running, and then shells out into her user account.

My user account has a wall paper picture wich is a green background with a Templar in blue and green hues...signifying "go", or "Safe."

Her account has a nice picture of the San Francisco wharf, taken from a boat. There is no way for her to infect this machine unless she does it maliciously. And even then, the I keylogger installed will probably help me figure out what she did, as well as when.

Re:Not hard to do on a home computer... (0)

Anonymous Coward | more than 8 years ago | (#15385394)

And even then, the I keylogger installed will probably help me figure out what she did, as well as when.


Yeah right!

Re:Not hard to do on a home computer... (2, Interesting)

scsa (929805) | more than 8 years ago | (#15385919)

And even then, the I keylogger installed will probably help me figure out what she did, as well as when.

You'd better check the logs and make sure your girlfriend doesn't read Slashdot. Wait, what am I saying? Don't worry about it.

Re:Not hard to do on a home computer... (3, Insightful)

biglig2 (89374) | more than 8 years ago | (#15386069)

You put a keylogger on your gf's machine? I hope she doesn't read slashdot.

works great (1)

pintomp3 (882811) | more than 8 years ago | (#15385308)

most places don't give users local admin, including at mine. once in a while you'll find an app that won't work right that way, but most mainstream apps that are written properly work just fine. the biggest complaint i've heard is not being able to double click on the clock to get the calender. users and guests can't do this by default, but this can be enabled in the local security policy. one big perk is that if you aren't logged in as admin, automatic updates will just be downloaded and installed without being prompted, so you don't have to worry about users ignoring their updates. we've also not had any viruses in over a year (knock on wood). i've found most apps that initially don't work right under user accounts will work if you give the user write access to that apps directory under "program files"; much better than giving full blown access.

Re:works great (1)

Bert64 (520050) | more than 8 years ago | (#15385733)

This dialog says it all:
http://gallery.ev6.net/v/stupid-doze-crap.png.html [ev6.net]

Even tho your logged in as non admin, and dont have privilege to reboot the machine, it pops up the dialog telling you about new updates and asking if you want to reboot. Only you can't reboot, nor can you cancel the dialog, it will sit there until someone reboots for you.

It just shows how the whole interface was never designed with multiple users in mind, it's one big nasty kludge.

Read slashdot (1)

SmallFurryCreature (593017) | more than 8 years ago | (#15385335)

Even MS itself has admitted that it can't be done. Even its own software forces you to run as admin. Office is the most wellknown example.

There have been a number of stories about it in the last few years even interviews with MS people in wich this was adressed.

Basically, it can be done but not easily and not without a lot of hassle. MS knows this and is supposed to be working very hard on this. Vista is supposed to cure it all.

So for now it seems you are condemned to run with higher privileges then necessary.

Well unless you are willing to just set up your machine right and then not mess with it as a user. You know like it is being done if offices around the world?

No, a regular user can't install many software packages because they need admin. So? Yes this is different from unix systems but is it all that bad?

The entire point of virusses and trojans and userlevels is overrated anyway.

I run as admin on my gaming box all the time because as far as I know games need admin and never been infected in all the years of windows. It just takes a bit of common sense. No this doesn't mean avoid P2P. I never had a dud file via P2P. I don't understand how people manage it. Fake movies? The only fake movie I downloaded was Doom, they took my action movie and turned it into an aliens wannabe.

Guess I am just to smart to fall for trojans and virusses eh?

Then again, I don't get much spam either. Nobody likes me :( The I love you virus totally skipped me.

Somebody spam me? Please!

Re:Read slashdot (1)

Baloo Ursidae (29355) | more than 8 years ago | (#15385406)

Vista is supposed to cure it all.

Didn't they say that about 2000? And before that, didn't they say that about NT? Does it really take more than 20 years and 7 major versions to fix a broken model? Ouch.

Yeah well (1)

SmallFurryCreature (593017) | more than 8 years ago | (#15385447)

I never said I believed it. But that is what is claimed. Surely MS won't think it can pull the same crap again?

4000 users say you are wrng (1)

ishmaelflood (643277) | more than 8 years ago | (#15385591)

"Office is the most wellknown example" We run office, we are not administrators. Where's your evidence that you have to be admin to run office?

It _can_ be done, but I have stopped suggesting it (1)

Noksagt (69097) | more than 8 years ago | (#15385358)

First off: the windows administrator account isn't EXACTLY root. The "System" account is the most privileged account. Of course, it is fairly easy to escalate Administrator privileges to do anything that System can (you just have to jump through a few hoops).

I've run my own machine (when I ran windows) and machines which I have had to support as non-admin. It is completely doable if the workstations have to run only a few programs and/or there are IT people backing up the attempt. Many programs will be need to be modified to be run as a non-admin & many of those must run some things with escalated privileges. Some of those have holes in them.

It isn't something I'd suggest to mom -- her support is me & I don't have time to make sure she can do everything she needs to as non-admin. Non IT people would have to jump through too many hoops to do basic things.

It is feasible to do MANY things as a non-admin & switch to an admin account when you absolutely must. Superior SU [stefan-kuhr.de] is handy for this. I'd suggest setting the admin's desktop to an obnoxious red color so you can tell the difference. PrivBar [msdn.com] is also useful to see your rights.

There are a handful of LUA sites to help you find other tricks in general or to get specific programs to run as non-admin (some of which are below). Usually, this involves installing as admin & granting read & execute privs to dlls and executables. Sometimes you need to grant write access to what SHOULD be protected directories.

Some sites:

Re:It _can_ be done, but I have stopped suggesting (1)

drsmithy (35869) | more than 8 years ago | (#15385775)

First off: the windows administrator account isn't EXACTLY root. The "System" account is the most privileged account. Of course, it is fairly easy to escalate Administrator privileges to do anything that System can (you just have to jump through a few hoops).

From a technical perspective, Windows doesn't have any equivalent to 'root'.

Entirely doable... (1)

ErMaC (131019) | more than 8 years ago | (#15385364)

...but in a corporate setting. At home I wouldn't dare run without admin, too much stuff doesn't work. But in an office setting like that it's very easy to manage without admin.

My recommendation is setup shortcuts that use runas.exe whenever you have something that needs admin access. Use /env to use the current uesr's profile as this fixes most problems that installers and programs have. As long as you setup things to use admin that need them, you can have a workable system. I've done that for a couple family members and it's worked out fine. And no spyware for them!

Re:Entirely doable... (1)

Bert64 (520050) | more than 8 years ago | (#15385745)

Well surely then if it's not suitable for running at home in a safe manner, then it's "Not ready for the desktop".

People rag on about how difficult they perceive linux to be, but in terms of running the system safely today's linux distributions are much easier than windows.

On the other hand you have OSX, which is about the only OS that really is "Ready for the desktop".

Start here: (1)

imess (805488) | more than 8 years ago | (#15385370)

http://blogs.msdn.com/aaron_margosis/archive/categ ory/5785.aspx [msdn.com]

(Btw, I personally prefer "Folder Options->View->Launch folder windows in separate process" to MakeMeAdmin, because I remember that's the only way to properly run Windows Update from Internet Explorer as Admin from non-Admin account)

Admin and power... (1)

Old Spider (948471) | more than 8 years ago | (#15385378)

I've run Microsoft OSes from DOS 3x up to Win2k and the one thing I've gotten used to is screwing everything up and having to reload the system from scratch. It's just something I have to do. I can load in Win2k and several CDs full of crap in about 4 hours --that includes setting up Apache/PHP/MySQL, setting up my start menu folders, and thinking vaguely about getting a shower after I'm done. But this happens about once every two months and not because someone from outside comprimised my system, but because I flipped the wrong switch. Why all this trouble? Because I can't stand not having 24/7 administrative access. I have to be able to jigger with things I shouldn't be jiggering with and I have to have that 'in control' feeling. Security isn't the issue --but it might be... you see, through all that trouble I've had to learn to be more careful. You don't get that when you can stumble all over the place and have the system lock you out of anything that'll get you and it into trouble. But you've gotta have some serious patience to pull that off, so it's not for most people. The last thing the average user wants is to take the resposibility for dropping an OS and losing a day or more of someone else's work. For some reason I can pull that off, but I imagine that those of the non-insane world would rather avoid the trouble.

No sudo (1)

Baloo Ursidae (29355) | more than 8 years ago | (#15385389)

The problem with not running as Administrator constantly for most Windows users is they value their own laziness over security. As if the security flaws in the Windows codebase itself weren't bad enough, it also has to compound the problem by encouraging everyone to run as Administrator by 1) making it the default and 2) not providing "Run as user..." in places you might realistically need to run as root, such as control panels instead of the current situation of only arbitrary binaries getting that option...

Troublesome (1)

DrMorris (156226) | more than 8 years ago | (#15385421)

Some software vendors haven't bothered much to make their product running _well_ in a multi user environment. Configuration files should not be stored in the application directory, but rather in the user profile.

Other thing to consider would be to run the browser as other (totally unprivileged) user, I guess the next incarnation of Windows has something like this onboard.

Small Problem (1)

Elitist_Phoenix (808424) | more than 8 years ago | (#15385439)

Your last sumnary contains an oxymoron. I don't think realistic, running windows and security should be combined into one article.

Oh and while your fixing it say "hi" to (-5, Flamebait) for me :)

A lot of games don't work - but less virii (1)

Michael Snoswell (3461) | more than 8 years ago | (#15385441)

I have separate user accounts that my kids use and about 1/2 of their games don't work. So when I let them log in on an account with admin priv to run their games they invariably exit the game and do "web stuff" later on and the next day I sit down to do work and there's all sorts of crud installed.

Recent games (the last couple of years) are behaving better eg World's of Warcraft runs as a regular user but previous Blizzard games didn't. The Sims2 runs as a user but puts multi 100 megs of files in each users profile.

You have to find out what programs ppl will be using. Many CAD/Animation packages need to be administrator to run. If it's just Office or websurfing then user admin accounts are fine and safer (and as you say, the user is less likely to screw things up).

I had thought to allow the kids their own computer each and they can do whatever they want as administrator, but the time taken fixing their machines and the bandwidth taken by malicious sw meant it wasn't worth it so I quickly gave up on that idea.

do the opposite (1)

Bill Dog (726542) | more than 8 years ago | (#15385480)

How realistic is it to expect a Windows user to run their OS as non-root?"

Unfortunately, completely un-. I've tried at home -- too much of a PITA. I have to at work (corp. policy), and when it is a PITA, it's a huge PITA.

Hopefully this will all change in Vista, but until then, do the opposite, continue to log in as admin, but run network-facing programs, esp. IE, under a limited user account. On XP there's DropMyRights [microsoft.com] . I run 2K at home, which doesn't support what that utility needs, so I achieved similar manually, described in my journal, here [slashdot.org] and its addendum [slashdot.org] .

I've been doing it for for ~10 years now (1)

drsmithy (35869) | more than 8 years ago | (#15385486)

Ever since I switched to NT4 back in '96.

Back then it was a bit of a pain, as some maintenace tasks actually required logging in as an Administrator and didn't work with "Run As". Plus, "Run As" required you to actually download and install a PowerToy, rather than being part of the context menu by default.

Nowadays pretty much everything necessary is doable via "Run As" - and the few things that aren't XP users can simply use Fast User Switching to bounce into an Adminstrator account (I use Win2k3 on my desktop which, sadly, lacks this feature). Windows 2000 users will need to start up a CMD prompt or Explorer window running as Administrator and go from there, or in rare cases actually login to an Administrator account.

The biggest hurdle is teaching "ignorant" end users the distinction between an "Administrator" and a "Regular User". Once you've achieved that, teaching them how (and when) to do stuff in "Administrator mode" is relatively easy.

Unfortunately, running as an Admin is only effective today because the vast bulk of malware is as poorly written as much consumer software and craps itself when faced with a non-admin account. As non-Admin accounts become more common - and malware writers become more competent - this will change and most of the protection offered by a non-admin account offers will evaporate.

It's not especially difficult to run as a non-Admin, assuming the user actually understands what that means, but IMHO - after having put some thought into this recently - a good set of well maintained antivirus and antispyware software will provide a level of protection as good, if not better, and do it less invasively and more sustainably. The usefulness of unprivileged accounts - particularly on the typical single-user desktop - is overstressed by people who have histories of heavily multiuser environments (or like to pretend they do) and think that the principles there translate directly into the "appliance computing" the typical PC is used for.

If the user in question will have a relatively static application load and someone to set it up for them initially, with the occasional spot of maintenance, then running as a regular user is trivial (my mum was using Windows XP in a regular user account for ~4 years until I bought her an iMac last year - I think I had to do some maintenance on the machine maybe 3 times, one of which was the SP2 install).

Certain apps have problems (1)

JumperCable (673155) | more than 8 years ago | (#15385499)

But for the most apps this is not a problem. Some apps have issues running out of the "Program Files" directory in user mode. But there are simple ways around that.

I've yet.. (1)

joshetc (955226) | more than 8 years ago | (#15385547)

To come across an easy way for instant elevation (run as admin, w/e) in XP. Maybe I'm not looking hard enough? Not many issues as far as spyware / virii. I'd def give it a shot if I wouldnt have to reboot every time I install an application.. thats why I'm usually at least a week or two behind on patches, I hate rebooting.

As a general user that doesn't know how to install programs on their own anyway and has issues doing simple things like sending an e-mail attachment there is no reason to run as admin. So for yourself or more savvy users I could recommend possibly running as admin and for the less-knowledgable without it.

Of course there is the 3rd case where people are able to do admin tasks and you don't want them to.. that one should be obvious though :)

Makes sense? No it doesn't. (1)

Telastyn (206146) | more than 8 years ago | (#15385563)

As a user, what's the most painful thing a virus could delete or steal? Delete: my files that aren't backed up recently (or for home users, ever). Steal: my CC and similar info, which is either in said files, web caches, or even email for some.

What's the common thread for all of those? Right, you as the non-admin user still have full privs over them.

Re:Makes sense? No it doesn't. (1)

Bert64 (520050) | more than 8 years ago | (#15385767)

Which puts the security of *YOUR* details in *YOUR* hands...
If a machine has multiple users, I don't want other stupid users getting owned and exposing MY details, what they do with their own files is their own problem however.

Also when your the one expected to fix someone'e totally screwed machine, it's better if the system as a whole won't get shafted, it's much easier to reset their user account to defaults.

And finally if something is running in userspace it can't really hide itself, it can't hook into the kernel to hide the fact it's running like a rootkit does. You can see the malicious process executing and kill it.

Pretty standard in corporations (1)

NerveGas (168686) | more than 8 years ago | (#15385632)

Apart from programmer/developpers, you'd be surprised at how many people in medium to large corporations run as non-priveliged users.

Once you make users non-priveliged, a *HUGE* number of support problems go away. Before I handed off desktop support to an assistant, people would often come to me and ask for admin privs. Everyone who asks for admin priveliges will swear upon everything that they find holy that *they* would never cause any problems. Like prisoners, they're *all* innocent. And yet, without the admin rights, things go sooooo much more smoothly.

steve

Some hardware drivers make it impossible (1)

ErrorBase (692520) | more than 8 years ago | (#15385636)

A working 'Safe' setup I have set up a windows 2000 box about 4 years ago for my parents and put them directly in user mode. (also disallowed IE to the internet and stop Outlook Express from starting using Kerio Firewall). This fast became a problem because it was impossible to use the video grabbing software. I ended up to make an administrator account with less icons visible. In the past 4 years I have taken about 6 evenings to fix some odd stuff. And one complete reinstal because of an hardware upgrade. I also explained that when then needed to install some software they needed to use the 'video grabbing' account for installing software if they needed to. They have installed some software for a digital camera, some tax programs and quite a lot of other tools that my father deemed to be safe. He is not prolific in eigther English or IT in general but he never managed to kill the box. Enter 'The Expert' Two months ago they took up ADSL with WiFi. The technical support guy installed the drivers (in user mode, because he did not recognize it) After about 2 hours he began asking my father questions about why it might not work and my father ended up giving him access to his Video grabbing account. Then the driver did install and it worked almost immediately. The biggest trouble is that the whole freaking driver does not work in user mode. You need to be admin to use network. The box is now in stable and I probably have to reinstall the whole thing. Using a pci WiFi card instead of the 'free' USB crap. All in all, it seems the 'tech' had never encountered a locked down windows box and even managed to kill a perfectly working system. That's probably what you get when you are on vacation and have to rely on 'colleagues' :)

It's almost useless in that context (1)

Xamusk (702162) | more than 8 years ago | (#15385667)

Non-admin use of windows can be quite useful when running Windows in a company/corporate environment, as the admin is able to give or take permissions from the users. This is specially true as the support team has a fixed portrait of what a user has or not in his/her computer, which is quite useful as the average user does not install (voluntarily or not) any software that is not approved by the admin team. However, that type of restriction can be quite a pain if one wants to install this OS in a home desktop system. There are some causes to that: 1) the average user does not understand thoroughly the admin/normal user scheme used; 2) some (not many really) manuals take notice that this scheme can be in place, but usually just say "You have to be an Administrator" or something like that, failing to say HOW to be an Administrator; 3) to get Admin privileges in Windows is slow (at least the way I know how to do it), you have to switch users and do what you want, instead of just using su or sudo without having to close/switch the session, this forward-backward motion usually takes time that the average user does not want to lose if all he wants to do is install a small tool; 4) many people complain that the computer or connection is slow, but does not even know what a malware is or how to prevent it, believe, the best way to avoid that stuff is education; 5) there are some people that know that they have malware installed and don't worry about that... I know some that even access bank sites in that condition. Note that by "average user", I mean the people-out-there, who use the computer just as a tool, unlike most people here on /. which just prefer a better OS, or who at least know how to handle that kind of problem on their own. Anyway, although I have dualboot in case I have to use some esoteric software, I do not take this OS very seriously, so take my advice with a truckload of salt.

XP as non-admin is fine, it's the apps (1)

scdeimos (632778) | more than 8 years ago | (#15385734)

I've been running XP (and 2000) as non-admin for a while now. Most tasks are fine, with the usual problems being post-installation for new apps and games after you've logged out as admin and actually want to use them.
The most common problems I encounter are Registry-related, apps trying to open HKLM keys in read/write mode for example, and are primarily due to the software developers running as admin on their own machines and never testing with lesser-privilaged accounts.
I usually contact the developers with specific information as to why their apps aren't working as non-admin, generally getting positive responses and updates to the offending apps. The best experience I ever had was with Holger Matz, developer of the FL Datastorm program (a companion app to the MS Freelancer game) who, after a couple of back-and-forth e-mails had a new release fixing the problems in 2 hours and 2 minutes. How's that for service! :)
Unfortunately, most mom and pop users wouldn't have a clue how to use APIspy and Regspy to diagnose these sorts of problems.

using win2k here, not a real problem (0)

Anonymous Coward | more than 8 years ago | (#15385782)

I've been using win2k as a restricted user for probably 5 years now. It's basically a non-issue, since I don't have to install stuff often. However, some programs (usually always the same publishers) require admin-priviledges. Some even can't be used utilizing Runas.
Some of the worst offenders:
* Nero Burning ROM (notice: I use an older Version, as I am a student and can't afford to by newer stuff if the older ones work fine)
* Every newer game (probably since 2003) by Electronic Arts. I'm especially looking at you, Battlefield 2!
* Miranda IM won't work without admin priviledges, although there might be a mythical way to work around this that I haven't yet discovered.
* Steam...but that's rarely used, anyway.
* Origin 7.0 (same as steam)

And,on the other hand, there are programms, that work perfectly:
* Firefox (even the automatic updates!)
* Thunderbird (same)
* OpenOffice

On the whole, not a real issue, running without admin priviledges. But sometimes,you've got programms that won't work.For example: my girlfriend's laptop's wifi won't work unless in admin-mode. great, if you're logging into a university network...it's a fujitsu siemens with Intel M processor.

Registry Keys (1)

Captain Chad (102831) | more than 8 years ago | (#15385915)

The biggest problem I had with this was when I ran WinNT (and I'm assuming it still holds for later versions). Certain programs would require administrator access to install correctly, so I'd log in as administrator to do the install. Once I was back on my non-admin account, the security permissions in the registry (for keys created by the install) didn't allow me to access those keys--and the program wouldn't run correctly.

If I recall correctly, XP has a feature whereby you can allow a program to run as a different user. So maybe this isn't a problem anymore. I finally got sick of it all and just run as an administrator.

write access to system dirs (1)

oyenstikker (536040) | more than 8 years ago | (#15385985)

You really want to be safe? Don't allow the regular users write access to WINNT and Program Files. WINNT proved not to be a problem. But when you block write access to Program Files, about half of the programs I use simply do not work. Another handful work, but don't retain settings. Its not really the fault of Windows, but the fault of the application creators. For all of the inconsistencies in Unicies, you know that you store user data in dot files in ~, and temporary files in /tmp. Windows has Documents and Settings and /WINNT/temp, but application developers just don't use them. You could probably write a book on the paradigm differences between Windows and UNIX that results in this symptom.

Things to look out for... (1)

jonadab (583620) | more than 8 years ago | (#15386004)

First: games. If it's a computer you plan to play a lot of games on, you're pretty much screwed, because many of them won't work, and they won't give you a decent error message as to exactly what permission they're missing. Quasi-educational games for children are the worst offenders, but games intended for adults will give you trouble too. My recommendation is to have a separate computer for nothing _but_ games, don't do anything important with it, don't store any important data on it, run as admin, and when (not if) it's compromised, just fdisk and reinstall.

Another problem area is automatic updates -- not Windows Update, those work fine, but automatic updates for other applications, such as antivirus software, web browsers, extensions, plugins, and the like, will often not happen until somebody logs in as admin. For this reason, somebody needs to log in as admin on a regular basis, preferably daily. Most home users will not appreciate the ritual of having to log in as admin but then log out and log back in under another account to do stuff, so unless you've got a geek around that can take care of that sort of thing there could be significant... issues, in terms of getting that to happen.

Finally, the problem that bothers more savvy users who try to do this is that, as near as I can determine, there's effectively no reasonable, convenient equivalent for su or sudo. If someone can tell me an easy way to log into XP as a limited user and open a cmd prompt with admin privs on my otherwise-limited-privs desktop, without logging out or using the Switch User feature, I'll be more grateful than you can know. Surely I must be missing something, but for the life of me I cannot locate this feature.

Re:Things to look out for... (1)

alexgieg (948359) | more than 8 years ago | (#15386182)

Some days ago I was reading the replies to a Slashdot article (I don't remember which one) and one poster had this link as his signature:

http://winsudo.toadlife.net/ [toadlife.net]

I haven't tried this tool, so I don't know how it behaves, but you can give it a try if you wish. :) If you do, please post a reply saying whether it works or not. Maybe I'll start using it too.

Not enough support for non-admin user (1)

hotpotato (569630) | more than 8 years ago | (#15386186)

Speaking from personal experience, I can say that running as a non-admin is very annoying, mainly because switching to admin isn't easy.

This is mostly because configuration is all performed though GUI interfaces. So instead of just doing 'sudo something ...', you have to do 'runas' a GUI program (e.g. 'control'), and it's not always clear which program you should run.

On top of this, the 'runas' program isn't always sufficient. For example if you need privileges for doing things in the 'explorer.exe' program, 'runas' probably can't help you. Add to this the fact that when you're in a domain, you can't login as two different users simultaneously (admin and non-admin), and you've got yourself a royal pain in the ass.

user accounts (1)

zenray (9262) | more than 8 years ago | (#15386189)

We have found that a lot of programs that want to run as administrator really just want to have write access someware that a normal user can't write to. Once you figure this you just give that user write access. Easy to say - hard to do. Some programs required a registery edit to make it work in just userland. These took a lot of research on the internet to find someone's answer. One could claim that it is not Microsoft's fault but blame the software applications; BUT, Microsoft is just as guilty as everybody else in not programming for normal users running their applications and it is Microsoft's OS that is being abused.

Works For Me (1)

Goo.cc (687626) | more than 8 years ago | (#15386201)

I've been doing this at home on my WinXP Pro computer and it works fine for me. The only time I bump into problems is when I need to install software, which is rarely now that I have finished setting up the system. I also use Firefox for web browsing and I use web based email, so two of Windows biggest problems (Internet Explorer and Outlook Express) are never used.

Personally, I would like to see more Windows software support drag and drop installation, like most Mac OS X software does.

Power user (1)

weird7192 (926866) | more than 8 years ago | (#15386228)

Set up a Power User account (if you're using XP Pro). It's not as restrictive as a regular user and it'll be less exposed than an Admin account. I don't know whether any games have problems running in p-user mode, but of all the apps I've tried I've not come across any problems yet. (except System Mechanic, but you'd expect that as it really needs the access privileges) Of course power-user is still vulnerable to installing of trojans/malware but I suppose for that education is the best solution, teach whoever will be using the computer that not all software plays nice.

Silly (1)

Henry V .009 (518000) | more than 8 years ago | (#15386265)

The Unix crowd gets excited about non-Administrators in Windows every now and then. In fact, it's fairly pointless. The root user was designed for multi-user systems (hence the administrator). Single-user systems don't need it. On a single-user system, the most important thing is not the system files: those can be recovered from the factory install disk—it's the user files.

There are a lot of advantages that Linux and Mac security have over Windows. It's sad that anyone thinks that their most useless security tool for home users (the root user) is actually responsible for any of that security advantage. How often do you hear about a Linux user who has lost user data from a non-root exploit? Pretty rare, huh? So it can't be the root user that saves the day. It's the Unix security design philosophy that's the real advantage. (And low popularity...)

Not that Microsoft doesn't have some cool stuff coming out. IE 7 runs in a sandbox on Vista. This is an impressive security advantage. IE 7 won't even have the privileges of the user running it. It's an application of least privilege; that's a security model that I'd like to see a lot of software use. Least privilege philosophy is leap ahead of root versus user-level privilege, and is what real security people are debating.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?