Opt
out of administration to increase computer security
by
Alan Zisman (c) 2009 First published in
Business
in Vancouver March 24-30, 2009; issue 1013
High Tech Office column
If
you’re like most computer users, you’re logged-on to your computer as
an “administrator.” That means you have complete power over it. You can
install software, rename, move or delete files, apply updates –
whatever your computer can do, your wish is its command.
I
suspect most of us aren’t aware that there’s any other way to be
logged-on to a computer. And why, after all, would you want to be using
a computer if you weren’t allowed to tell it what to do?
A
recent BeyondTrust report titled Reducing the Threat from Microsoft
Vulnerabilities examined all of Microsoft’s 2008 security bulletins.
Its conclusion: users would have been less susceptible to 92% of last
year’s critical vulnerabilities if they had been logged in as a limited
user. Running as a limited user would have provided protection against
94% of last year’s Microsoft Office exploits, 89% of Internet
Explorer’s and 53% of Windows’ vulnerabilities.
The basic idea:
when you’re logged-in to a Windows system (at least a pre-Vista Windows
system) with administrative rights, the assumption is that you’re in
total control. As a result everything that your computer is asked to do
is presumed to be with your full knowledge and consent. That may have
been true at one time, but it’s no longer the case in this era of
drive-by online malware installations.
What’s needed instead is
the principle of least privilege: when logged-in to a computer you
should have the power only to do the things that you need to.
No
plans to install software right now? Then you shouldn’t have the
ability to install software at this time. If that’s the case, you can
rest assured that no rogue website is going to be able to install
software either.
For a long time, though, Microsoft didn’t make
it easy to work this way. In earlier Windows versions, newly created
users were automatically administrators. You had to take extra steps to
make them limited users. It was easy to create all-powerful
administrative users without passwords, so anyone with physical access
or any rogue software process could take over their computers.
And
many applications – even games – wouldn’t run if a user was logged in
with limited privileges. Trying to work that way was theoretically more
secure. But it was so frustrating that many users who tried it soon
gave up.
Mac and Linux systems, in contrast, have long been
better designed in this regard. User accounts need to have passwords
and users better remember them: they’re asked to confirm most software
installations, system updates and more. As a result, it’s much more
difficult for malicious software to install itself on a Mac or Linux
system.
In Windows Vista, Microsoft tried to do the right thing
with what it called User Account Control (UAC). Users are prompted to
give permission for program installation and other actions.
It didn’t get it right, however.
On
the one hand, UAC prompts pop-up too often in response to benign
actions like renaming a desktop icon, training users to treat them as
meaningless annoyances (if they don’t turn them off altogether).
And if you’re logged in as an administrator, UAC prompts don’t require
a password, leaving me wondering whether they’re secure.
In
pre-release versions of Windows 7, Microsoft has toned down UAC, making
it less likely to pop up in response to commonplace user actions. But
in making it less annoying, it may also be less secure. Blogger Long
Zheng recently demonstrated how Windows 7’s UAC can be disabled without
user interaction.
It’s easy to use Windows (any version) more
securely: create a new user account, setting it as a standard or
limited user, and start logging-in to that account for most of your
day-to-day computing. (Definitely set up your kids with limited
accounts at home!)
Just don’t forget your full-powered
administrative log-on name and password. You’ll find yourself needing
to use them from time to time.•