[vox] Exploits for non-admin accounts in Windows?
Gregory Young
gyoung at outland.cc
Wed Mar 23 22:50:00 PST 2005
On 23 Mar 2005, at 21:32, Richard Crawford wrote:
> I was told today by the IT manager in our office that if you don't run
> your Windows computer as an administrator, you never need to worry
> about
> adware and spyware and viruses. This seems like an awfully fishy claim
> to me, but maybe I'm just over-paranoid. Am I?
>
Think of it like any Unix or Unix-like OS... You don't typically log
in as root. Adding your daily account to the Local Admins group on
Windows is like making your regular Unix account UID 0. You're not
risking the entire installation, only your own profile or files
owned/writable by you.
I would request 2 accounts, one for daily use that is a member of
Domain Users or Local Users, as appropriate, and another account that
is a member of Local Admins. Since W2K, Windows has added a new option
to the contextual menu for executables, "Run As..." This allows you to
run things, after authenticating, as a different user.
IAMNA Developer. Windows, in it's mysterious ways, may require Admin
access for some development processes. Consult your Microsoft KB.
Regards,
Greg
More information about the vox
mailing list