Ok - so I'm pn-site with a client today, and log in to an XP Pro SP2 workstation.  The login script fires off, and proceeds to update Trend's OfficeScan module.  In order to do the update, the OfficeScan service is stopped which results in one of our Security Center balloon notifications saying that 'Your computer might be at risk . . . '    Which got me thinking . . .  The SP2 team did a great job with the Security Center, keeping an eye on Patching / Firewall / Anti-Virus.  However, I'd like to turn it up a notch.  Specifically, I want another Security Center warning:

WARNING:  Your computer *is* at risk because you are running with elevated (Power User or Administrator) privileges.  Click here to understand why this is dangerous and how to correct this issue.

Furthermore, I think IE should be automatically set to high-security (just like our Win2k3 servers are by default) whenever anyone with Administrative privileges logs in. 

I'm so freakin fed up with all of the nasty stuff that is out in the wild - preying on the innocent.  The simple fact of the matter is that all of this stuff is virtually harmless if we're running with least privilege.  Malware launched by a web site we visit is stopped in it's tracks because our user account doesn't have the necessary rights to install software.  If it can't install - it can't hijack our browsers, track our surfing habits, or throw pop-ups at us.  And I'm getting equally disgruntled at OEMs who's answer to every support call is to insert the recovery CD . . .

I want everyone to repeat after me:

*  I have a right to have a safe & secure online experience!
*  I have a right to take control over my PC!
*  I don't have to suffer through dozens of SPAM messages daily!
*  Software vendors do NOT have the right to force me to subject myself to risk and accept lower security in order to use their product!
*  OEMs do not have the right to disregard my data and insist on a complete format & reinstall of the operating system before supporting their machine!

It is time we took back control of our computing experience - recapture it from the OEMs, the ISPs and the Software Vendors.  It is time we stand up, and fight back.  It is almost 2005 . . .  Judas - look how long the security model of Win2k / XP has been around - there is ABSOLUTELY NO REASON THAT SOFTWARE VENDORS SHOULD BE REQUIRING LOCAL ADMINISTRATOR RIGHTS AFTER THEY'VE HAD YEARS TO GET THIS RIGHT! 

And I'm sorry - but this is not a Microsoft problem.  This, unfortunately, is the evolution of the internet.  I don't care if you're running Windows, Mac OS X or some flavor of Linux - you've got security issues to patch for.  I don't care if you're browsing with IE, Firefox or Netscape - you have security issues to patch for.  I for one refuse to change my OS or my browser - because I will not let the perpetrators of these attacks (and yes, I believe malware and viri are in deed attacks) dictate my computing environment.  Yes - I use Windows.  Yes - I use Internet Explorer.  I have never had a single virus on any of my machines.  With the exception of the occassional tracking cookie, I've never had any form of malware on any of my machines.  It can be done - and with surprisingly little effort.

So - I want to challenge everyone.  We're a little over 5 weeks from 2005, but I want everyone to start thinking / acting on a New Year's Resolution:  if you have clients who aren't running least-privilege on their desktops, find out what applications need tweaked, and get those desktops down to least privilege.  Then take those applications and submit them to www.threatcode.com.  Educate your clients and users - explain that they have the power to take back control of their online experience.  We will not be intimidated, manipulated or scared into changing our operating systems or web browsers, or allowing 3rd parties to dictate our security levels!