Security running as Administrator in XP

Discussion in 'Computer Security' started by Peter James, Jan 4, 2004.

  1. Peter James

    Peter James Guest

    Just how much of a security risk is running Windows XP as
    administrator? I know this is severely frowned upon in Unix/Linux,
    yet Microsoft don't seem to want to admit that there could be a risk
    here.
    I've been running XP for the past year as sole user Admin, and if
    there is a risk my problems would be:
    What would happen to all of the programmes I've installed in that
    time.
    If I set up a user with limited rights, would that user be able to
    access all of the software?

    I did look up past postings on this NG and there did not seem to be
    any consensus of opinion on this topic. I hope I haven't opened a
    "can of worms" here. Any advice appreciated.
    --

    Peter James
    Change AT to @ to reply
     
    Peter James, Jan 4, 2004
    #1
    1. Advertising

  2. Peter James

    Pete Guest

    "Peter James" <> wrote in message
    news:...
    > Just how much of a security risk is running Windows XP as
    > administrator? I know this is severely frowned upon in Unix/Linux,
    > yet Microsoft don't seem to want to admit that there could be a risk
    > here.


    Whether this is factually right or wrong, I think of it in terms of what
    would happen if I was to get infected by a virus or trojan whilst running
    with full administration privileges. This unwanted foreign body would I
    think be able to assume the same level of control over the computer as the
    Administrator him/herself.

    If no other safeguards were in place (anti-virus, firewall, properly
    configured that is) then my computer could in theory then be 'owned' by that
    foreign body. (I'm trying not to say 'malicious' here ... doh ..)

    Now if I was to run as a normal user or one with less power than an
    administrator, then the risk decreases. That's all it is for me. It's not
    perfect, but it just decreases the possibility of a total system take-over,
    if it's used in conjunction with security-concious computer housekeeping.
    Notice I didn't say 'security-minded' ... ugh ...bugger.

    I don't understand where you're coming from with the sentence 'yet Microsoft
    don't seem to want to admit that there could be a risk here'.

    > I did look up past postings on this NG and there did not seem to be
    > any consensus of opinion on this topic. I hope I haven't opened a
    > "can of worms" here. Any advice appreciated.


    I'm interested in other peoples opinion on this too. And yes, you probably
    have ...

    Regards,

    Pete.
     
    Pete, Jan 4, 2004
    #2
    1. Advertising

  3. Peter James

    Peter James Guest

    On Sun, 4 Jan 2004 11:54:40 -0000, "Pete" <> wrote:


    >snipped
    >I don't understand where you're coming from with the sentence 'yet Microsoft
    >don't seem to want to admit that there could be a risk here'.
    >

    Maybe my choice of words was unfortunate. What I meant was, if there
    is a security problem, it's not one that Microsfot publicises.
    Linux/Unix on installation go all the way to ensuring that the user
    sets up an Administrator and User, and ensures that the user is aware
    of the security issues. That doesn't seem to be Microsoft policy on
    this issue.
    --

    Peter James
    Change AT to @ to reply
     
    Peter James, Jan 4, 2004
    #3
  4. Peter James

    James H. Fox Guest

    Peter James wrote:
    > Maybe my choice of words was unfortunate. What I meant was, if there
    > is a security problem, it's not one that Microsfot publicises.
    > Linux/Unix on installation go all the way to ensuring that the user
    > sets up an Administrator and User, and ensures that the user is aware
    > of the security issues. That doesn't seem to be Microsoft policy on
    > this issue.


    I have noticed this also. Having set up Win2K/XP many times, I have long
    known that you are "Administrator" by default, but Microsoft at no point in
    the setup program advises you to switch to a "User" account. My conclusion
    is that it makes installing programs too difficult for most people, and MS
    does not want to grapple with the support problems.

    Now for your other question, you will in many cases have to allow additional
    security rights to a program to get it to run in a User account. Just
    right-click on the folder in Program Files, and set it with the same rights
    as Power User, which works in most cases. Sometimes you have to go into the
    registry (using regedt32, not regedit) and grant additional permissions to
    the software group in question under either Current User or Local Machine,
    if I remember correctly. However, a few utilities may not work at all no
    matter what permissions you give, or else work with limited functionality.
    In that case, use the "runas" command to run as Administrator each time you
    start the program. One little-known trick in WinXP is that you can get
    Runas to remember you Administrator password; use the "/savecred" switch. A
    comparable effect can be had in Win2K by using the Sanur utility
    (http://www.commandline.co.uk/sanur/). You can also run as a service using
    FireDaemon (http://www.firedaemon.com/).

    I am not a programmer, so I have had to figure these out myself over a
    period of time. But if everyone used them, at least 90 percent of the
    trojan and virus problems would be solved with no additional software
    whatsoever, at zero cost.
     
    James H. Fox, Jan 4, 2004
    #4
  5. Peter James

    Mimic Guest

    "Peter James" <> wrote in message
    news:...
    > Just how much of a security risk is running Windows XP as
    > administrator? I know this is severely frowned upon in Unix/Linux,
    > yet Microsoft don't seem to want to admit that there could be a risk
    > here.
    > I've been running XP for the past year as sole user Admin, and if
    > there is a risk my problems would be:
    > What would happen to all of the programmes I've installed in that
    > time.
    > If I set up a user with limited rights, would that user be able to
    > access all of the software?
    >
    > I did look up past postings on this NG and there did not seem to be
    > any consensus of opinion on this topic. I hope I haven't opened a
    > "can of worms" here. Any advice appreciated.
    > --
    >
    > Peter James
    > Change AT to @ to reply


    with XP you can setup access rights and groups for software and files, you
    can also run admin privelaged programs from a limited account by right
    clicking, run as... choose user and input password. Just like su.

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Jan 4, 2004
    #5
  6. Peter James

    Mimic Guest

    "Peter James" <> wrote in message
    news:...
    > On Sun, 4 Jan 2004 11:54:40 -0000, "Pete" <> wrote:
    >
    >
    > >snipped
    > >I don't understand where you're coming from with the sentence 'yet

    Microsoft
    > >don't seem to want to admit that there could be a risk here'.
    > >

    > Maybe my choice of words was unfortunate. What I meant was, if there
    > is a security problem, it's not one that Microsfot publicises.
    > Linux/Unix on installation go all the way to ensuring that the user
    > sets up an Administrator and User, and ensures that the user is aware
    > of the security issues. That doesn't seem to be Microsoft policy on
    > this issue.
    > --
    >
    > Peter James
    > Change AT to @ to reply


    Microsoft like to employ a technique of eye candy over security :p

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Jan 4, 2004
    #6
  7. Peter James

    johns Guest

    "Administrator" is a known user name on most computers.
    Anyone hacking in, is going in as "administrator" .. not some
    unknown user. Malicious code is not going to run at the user
    level either .. maybe some, but not the bad stuff. If you are
    located in an office, and others can wander in and play
    around on your computer, then don't leave it on. What I've
    noticed is that most users who run as administrator simply
    don't care if their systems are trashed, and most won't even
    use a password .. especially in XP or '98. I can't really write
    down what I think of these individuals, but they deserve what
    they get ... and WORSE ... we don't deserve what they cause.
    What is going to happen is ... just like getting your drivers
    license, you are going to have to train to be ALLOWED to
    use a computer. And, just like driving the streets, you are
    going to have to obey the laws of Computerdom, or get
    hauled into Computer Court and fined ... possibly lose
    your computer license .. or WORSE. Hmm, thinking .....
    what is a suitable punishment for being a Stupid User ???

    johns
     
    johns, Jan 6, 2004
    #7
  8. Peter James

    stew Guest

    Re: Re: Security running as Administrator in XP

    How about sending them to Stupid Jail
    On Tue, 6 Jan 2004 14:27:48 -0800, "johns" <> wrote:

    >"Administrator" is a known user name on most computers.
    >Anyone hacking in, is going in as "administrator" .. not some
    >unknown user. Malicious code is not going to run at the user
    >level either .. maybe some, but not the bad stuff. If you are
    >located in an office, and others can wander in and play
    >around on your computer, then don't leave it on. What I've
    >noticed is that most users who run as administrator simply
    >don't care if their systems are trashed, and most won't even
    >use a password .. especially in XP or '98. I can't really write
    >down what I think of these individuals, but they deserve what
    >they get ... and WORSE ... we don't deserve what they cause.
    >What is going to happen is ... just like getting your drivers
    >license, you are going to have to train to be ALLOWED to
    >use a computer. And, just like driving the streets, you are
    >going to have to obey the laws of Computerdom, or get
    >hauled into Computer Court and fined ... possibly lose
    >your computer license .. or WORSE. Hmm, thinking .....
    >what is a suitable punishment for being a Stupid User ???
    >
    >johns
    >
     
    stew, Jan 6, 2004
    #8
  9. Peter James

    John Larger Guest

    James H. Fox wrote:
    > Peter James wrote:
    >
    >>Maybe my choice of words was unfortunate. What I meant was, if there
    >>is a security problem, it's not one that Microsfot publicises.
    >>Linux/Unix on installation go all the way to ensuring that the user
    >>sets up an Administrator and User, and ensures that the user is aware
    >>of the security issues. That doesn't seem to be Microsoft policy on
    >>this issue.

    >
    >
    > I have noticed this also. Having set up Win2K/XP many times, I have long
    > known that you are "Administrator" by default, but Microsoft at no point in
    > the setup program advises you to switch to a "User" account. My conclusion
    > is that it makes installing programs too difficult for most people, and MS
    > does not want to grapple with the support problems.
    >
    > Now for your other question, you will in many cases have to allow additional
    > security rights to a program to get it to run in a User account. Just
    > right-click on the folder in Program Files, and set it with the same rights
    > as Power User, which works in most cases. Sometimes you have to go into the
    > registry (using regedt32, not regedit) and grant additional permissions to
    > the software group in question under either Current User or Local Machine,
    > if I remember correctly. However, a few utilities may not work at all no
    > matter what permissions you give, or else work with limited functionality.
    > In that case, use the "runas" command to run as Administrator each time you
    > start the program. One little-known trick in WinXP is that you can get
    > Runas to remember you Administrator password; use the "/savecred" switch. A
    > comparable effect can be had in Win2K by using the Sanur utility
    > (http://www.commandline.co.uk/sanur/). You can also run as a service using
    > FireDaemon (http://www.firedaemon.com/).
    >
    > I am not a programmer, so I have had to figure these out myself over a
    > period of time. But if everyone used them, at least 90 percent of the
    > trojan and virus problems would be solved with no additional software
    > whatsoever, at zero cost.
    >
    >

    It doesn't really matter if you run in "user" mode or "administrator" if
    so many processes are owned by "system."
     
    John Larger, Jan 7, 2004
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Marc
    Replies:
    8
    Views:
    665
  2. parabh_sleth
    Replies:
    2
    Views:
    563
    Wolf Halton
    Jun 25, 2005
  3. Jaya

    trouble running as administrator

    Jaya, Jun 16, 2007, in forum: Windows 64bit
    Replies:
    0
    Views:
    386
  4. century.dave

    need administrator...but no administrator

    century.dave, Dec 8, 2007, in forum: Windows 64bit
    Replies:
    2
    Views:
    561
    Carlos
    Dec 9, 2007
  5. onwire
    Replies:
    2
    Views:
    1,122
Loading...

Share This Page