One of the interesting conundrums these days with users running Microsoft Windows XP is how an operating system built on Windows NT should require so much help to be “secure.” How is it that a product designed with security in mind be so insecure as to require so many additional tools to keep us free of spyware and other malicious attacks? While you can argue that the evolution of invasive technology requires us to be more vigilant, any security expert who has been around a while knows the answer is rooted not in technology but in our human behavior.
How many of you run Windows XP all the time with administrator rights? Even among a more technical crowd, the percentage of people running as Admin on their system is pretty high. This is, of course, what makers of malicious software are counting on. If they can survive the gauntlet of firewalls, anti-virus, and spyware detection programs, they can usually count doing what they want because you as Administrator have granted them that right.
Why do people run as Administrator? The simplest answer is that it’s easier than running as Standard User. Adding devices or installing software usually requires running as Admin. Programs can and do fail to either run or function correctly unless you are logged in with admin rights. Of course, that is also why worms, Trojans, and viruses like the environment as well.
The use of User Access Control in Windows Vista (formally known a LUA and other names) will help with this problem in some ways. When a program or task requires a higher level of access, Windows Vista will ask you for permission to give it that access. Will this help? Probably. Will be annoying? Very likely. One way to get a jump and reduce that annoyance is to start running as Standard User right now in Windows XP. That way you can understand and perhaps correct problems before you can confronted in Windows Vista..and be more secure as well.
One person committed to that course is a Aaron Margosis. Aaron is a Senior Consultant with Microsoft Consulting Services. He also runs weblog subtitled “The Non-Admin blog – running with least privilege on the desktop.” Over the last few years, Aaron has been running as Standard User on Windows XP and documenting how he has been doing it on his blog. Aaron has developed tools, scripts, and strategy to keep him from logging into his Admin account when he starts up.
Aaron also speaks at conferences about this topic and advocating developers write applications that do not require administrative access. His point is that developers usually build their applications while running as Admin and do not test those applications as Standard Users. This often results in unnecessary or irrelevant calls to files or registry entries fail when logged in as Standard User. Aaron often illustrates his point by makes changes what permit certain applications to run without this problem.