I have always said that the biggest problem with Windows security is that everyone is running as an Admin by default. I never really preached the LUA principle on Windows machines though. Unfortunately, I’m guilty of using an account with administrative privileges for my day to day stuff too. In fact I have been running windows boxen with Admin rights for years. So I can I really advise or recommend it to anyone if I haven’t tried it? I decided to put my money where my mouth is and try to live in the XP Home environment as a “Limited User” for a little while. I figured that if I can do it, it will give me the right to get on my high horse, and preach LUA to everyone around. This post is sort of a wrap up, describing my week long experience.
Installing software, and performing administrative tasks as a limited user is not a big problem. At least not as big as I expected. There are many tools out there that help you to temporarily elevate your privileges so that you don’t have to log out and log in as a different user to accomplish something. For example I used LaunchAdmin to open up terminal windows, and control panel with appropriate privileges which was working relatively well for a while. And I have to say, I didn’t really have many issues installing software or tweaking my system configuration this way.
But there was a problem I could not solve. You see, I’m a lazy bum. I do not like to do tedious administrative tasks such as downloading and installing patches. I schedule that stuff to occur when I’m asleep, or at work. When I come back home, I want my machine all to myself. I don’t want it wasting cycles on updates, I don’t want to be prompted to reboot. That shit is supposed to be done when I’m not around.
Unfortunately, automatic windows update does not work if you are a limited user. Neither does the McAfee auto update feature – or at least not every time, because some updates require write access to the Program Files folder. So the only reliable way to update your system is to switch to administrative account, and run manual updates on all the software that usually updates itself automatically. There is no real way to schedule these things to run with elevated user privileges.
Oh, and did I mention that the only way to run Windows Update manually is by logging in as Admin? Apparently, by design, the update system requires the current user to be an administrator. You can’t use the Run As feature, and by extension most of the tools mentioned above. It also seems to have issues when you elevate your privileges using the MakeMeAdmin script which is what LaunchAdmin was using.
I don’t want to do system and AV updates manually. It is a waste of my productive time and an annoyance. I tend to procrastinate and forget about things like that. And so, I will sooner or later end up with a system that is un-patched, and behind on anti virus updates.
For me, this whole experiment boils down to a simple choice. Do you want:
- A patched system, with up-to-date AV, running as Admin
- An un-patched system, with outdated AV running as Limited User
On one hand, this may seem like a fair trade-off, especially considering the fact that running as Limited User makes you inherently more secure. So perhaps keeping your system up to date is not that important when you are not running as Admin on regular basis. Or is it?
As I said earlier – I have been running as Admin for years. The only time I got 0wned was back in 99 when the CIH virus totally destroyed my Win 95 machine. It overwrote my MBR, and messed up the BIOS making the machine completely unusable. And guess what – I didn’t have any backup plan in place back then. So in a blink of an eye I lost everything, and ended up with an unresponsive, unusable piece of junk on my desk.
That was my big wakeup call. Ever since then I have been anal about security, and extremely careful of what I run on my machine. In over 8 years now I haven’t been infected by a single virus, or contracted a single piece of spyware. Looking back at that track record, its fairly obvious that the chances of me catching some random piece of malware that requires Admin privileges to install itself is fairly low. Good instincts, browsing habits and software choices can and will protect you from most of the malicious crap out there.
Of course, at one point or another I will get exposed to some sort of malware. However, that if the creators of this thing are smart enough to trick me into running it on my machine, they are also smart enough to use one of the numerous privilege elevation hacks that are out there. And if the do, it won’t really matter if I run as Admin or not. I’ll get owned anyway.
At least with an up-to-date system, there is a hope that whatever security hole the attacker chooses to use was already patched, or that my AV can detect and stop the attack.
So, will I be continuing to run as Limited User? Nope. I switched back to Admin. While there are good reasons to run with LUA, the security gain for a power user like me is not big enough to make up for all the annoyances, and all the hoops you have to jump through to perform normal day-to-day activities. And I’m actually concerned that because of my laziness, and procrastination running as non-admin would effectively lower my systems security instead of increasing it.
I hear Vista is actually a little bit better about this with it’s new security access model. But I’m not switching yet. I’ll wait till after they release Service Pack 1, and DirectX 10 becomes ubiquitous till I even entertain the thought of purchasing a Vista OEM with a new gaming computer.
[tags]windows, xp, xp home, least user access, lua, limited user, administrator, non admin, noadmin, least user privilege, run as, makemeadmin, launchadmin[/tags]