I just ran belatedly across a blog by G. Andrew Duthie with followup comments by Frans Bouma about the idea of saving your computer from hackers, with a side effect of saving the world. OK, I made the saving the world part up, but the message is that having hacked computers is bad for everyone, and that by running as a non priv user, we can reduce the amount of times we get hacked. Frans takes the point of view that you can’t prevent all the hacks, so don’t give yourself a false sense of security when you run as joe user and at the same time live with the major inconvieniences of running that way.
Fair enough. I continue to run as a non admin at home. Look into my past blogs, and you’ll see I have had bit of interest in this topic, both for my office, and home computers. It continues to be a pain, but not nearly so bad for me as it was for the rest of my family when I put my big foot down and had everyone else run without admin rights. The results were humbling really, pointing out how poorly my assumptions about what can be done in various situations translate to real live normal users. Here are some examples. Thier computer runs XP Home. The runas command in xp home must have to delegate all it’s work to an overworked offshore resource, in between coffee breaks. It is so slow it’s completely unusable. That took away just about every solution I had to work around the problems associated with not having rights. Second, as gaming is a big activity for my kids, and game software being just about the absolute worst at assuming one user, one machine, many simply did not run or crashed at weird times. This fits with my earlier points saying that regardless of what Microsoft does, until software developers, rather than users, start to think multiuser, multiuser features are a dead on arrival part of windows desktops. But the final hard lesson is this. As Frans points out, it doesn’t prevent attacks. This non rights approach wouldn’t have helped with Slammer, Blaster, the ASN vulnerability and many more. It wouldn’t have prevented from installing Kazaa which as far as I can tell, happily loads all it’s stuff in your Documents and Settings folder. It wouldn’t prevent a spyware app from adding a link to your Startup folder or from adding a Run key to HKEYCurrentUser. While I could logon later as a priv user and not be affected by my kids mal-surf habits, the computer could still have been hijacked for a denial of service attack while they were using it.
I will continue to try to work this out. At the office, I have a large number of my office users running as non admins. It has saved me twice already when a virus appeared before a pattern file matched it. Since we have much more control over what can be run, this still seems a prudent course. At home I run as a non-admin and haven’t really had problems in VS.net once I got things setup correctly. Runas works nicely and I have a customized mmc console that does a lot of the admin stuff I normally need to do that is runas administrator. Since I’m running Windows 2003 Server, I can remote desktop myself and have even fewer problems. Basically, for me it works, and I think I have reduced my attack surface quite a bit. I also use IE very sparingly, and regard it as the worst of the honypots. If MS hasn’t been able to fix one single program, after all these years, with all this attention, bad publicity, high profile breaches, warnings from outside companies and orders from Bill Gates, it is just a fight with fultility. Give it up and use Mozilla. Unfortunately, this is just one problem.
I hate to say it, but having fought through the most breaking security updates I have ever encountered at work, the seemingly unsolvable spyware/adware problems on my family’s computer, exchange bugs I have never encountered before, watching experienced user get enticed to open malicious content targeting windows, and all in the last 6 weeks, I have restarted my exploration on Linux. Nothing like wading through hundreds of megabytes of shared code to prevent you from a wholesale move to a new OS.