More on running as low privilege user

I have been using myself as a test subject in my quest to run my windows computer in the same fashion that I run my Linux box. The key difference is that under Linux, I am always running as a “normal” user, and can very simply choose to run other processes as a different user with more rights, such as root.  That way, I browse, compile, test my heart away, and then when I really want to change my system, I run as root to do the install or config change.

In Windows, there are many provisions to do this.  “Run As” command, “Run As…” context menu option and shortcuts setup to prompt to be run as a particular user.  I have had some success, but a few things remain very difficult to do, and some applications are still in the Windows 95/98 mindset where they believe they have the right to access or modify any part of the system.  Most Microsoft applications have been well behaved.  But here is a list of the things I have been having the most trouble with.

  • Installers that spawn other processes.  These must be spawned in a different user context (the low priv one) than the process was started in.  For example, I launch an installer as Administrator, it extracts something, and launches it.  This is actually a theory, not definitive, but some installers work and some don’t
  • The environment is always that of the new user. So I launch an install as Administrator, it puts files in the Administrator’s Local Settings directory, and I’m still dead.  Unix/Linux has more capabilities in the environment that a process is launched under and I really miss that, or I don’t know how to accomplish the same thing in Windows
  • Using the mmc tool run as an admin user with the normal system administration tools works great. However, you can’t administrate the file system that way.  Windows Explorer can’t be run as a different user. The command line is too slow for many file system tasks. The trick of running IE as a different user works when you access a local or network directory, but there is no security tab.  Also, adding a folder is awkward because you have to go through this refresh, rename, refresh cycle to see your changes.
  • I have used both the sysinternals tools (regmon, filemon) and the application compatibility toolkit, but trying to figure out why a particular misbehaving app is failing remains tedious at best.  Granted, the biggest problem is the the Windows 95, I own this damn computer, I’ll do anything I want attitude has got to go when writing applications.  While MS products mostly run fine as a non admin user, most don’t.  The worst part is that while I am able to get most programs running if I devote enough time to the task, I don’t seem to be able to train others to do it.  Part of the problem is the artificial segregation of programmers and system administrators. Because of incomplete understanding of how software, OS and hardware work together, neither is able to form a complete model in their minds to figure out problems like these.
  • Inconsistencies in how downloaded plugins, embedded objects and the like are supposed to install.  There is no easy answer here.  Should or could shockwave be a system wide install?  Should all plugins have the local user only option?  Should activex ever be allowed? This requires industry consensus and there hasn’t been enough work to provide a reference.  I think the Mozilla extensions mechanism is the closest, but even that isn’t consistently done.

I will try to keep my progress on this up, because as I have said before, this is probably the biggest reason the Windows products have such a bad security rap.


Comments are closed.