Administrator - less secure?

I'm happy with UAC, and unlike most people don't object to Windows telling
me when something potentially risky is about to happen.

However, at the moment I've set my account up as an Administrator so I don't
have to type the admin password into the UAC prompt each time.

Are there any security risks doing this? I seem to think that even
Administrator level accounts run in non-Administrator mode most of the time,
which is why I thought it would be OK.

Thanks,

Steve

Steve Thackery wrote:
> I'm happy with UAC, and unlike most people don't object to Windows telling
> me when something potentially risky is about to happen.
>
> However, at the moment I've set my account up as an Administrator so I don't
> have to type the admin password into the UAC prompt each time.
>
> Are there any security risks doing this? I seem to think that even
> Administrator level accounts run in non-Administrator mode most of the time,
> which is why I thought it would be OK.
>
> Thanks,
>
> Steve
>
>


Routinely using a computer with administrative privileges is not
without some risk. You will be more susceptible to some types of
malware, particularly adware and spyware. While using a computer with
limited privileges isn't the cure-all, silver bullet that some claim it
to be, any experienced IT professional will verify that doing so
definitely reduces that amount of damage and depth of penetration by the
malware. If you get infected/infested while running as an
administrator, the odds are much greater that any malware will be
extremely difficult, if not impossible, to remove with formating the
hard drive and starting anew. The intruding malware will have the same
privileges to all of the files on your hard drive that you do.

Vista's UAC adds an additional layer of protection, even if you
don't enter a password each time it warns you; the important thing is
that you're being warned, and can then make your own decision. A
technically competent user who is aware of the risks and knows how to
take proper precautions can usually safely operate with administrative
privileges; I do so myself. But I certainly don't recommend it for the
average computer user.


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell

Thanks for those comments, Bruce.

But is the Administrator account *really* running with administrative
privileges in Vista? I thought the administrative privileges were switched
off, so in effect even an Administrator runs as a normal user until a UAC
prompt comes along.

Or is there more to it than that?

Sorry for being a bit thick!

Steve

Hello,

An administrator account in Vista is essentially an "admin user on
demand" at program-level granularity.

So, programs that do not prompt are semantically running in a standard
user account, while programs that do prompt are running with all the
privileges assigned to your admin account.

However, when logged in as an administrator, both admin programs and
non-admin programs are running inside of your admin user profile.
There are not really two different accounts here, it is just pretend.

This is different than when logged in as a standard user. When logged
in as a standard user, programs that don't need admin power run inside
of your standard user profile.

However, when you run an admin program from inside a standard user
account, the admin program is running inside the profile of the admin
user account that you authenticated with in the credentials prompt.

This makes running as a standard user and elevating-on-demand to a
seperate administrator account more secure, since the profiles are
seperated (this can prevent certain types of attacks).

Also, this extra seperation can cause progam compatability issues as
well, although UAC does try to mitigate these as best as possible.

It's hard to say how much extra security you get from running in a
standard user vs. administrator on vista this early in the game.

--
-JB
Microsoft MVP - Windows Shell
Windows Vista Support FAQ - http://www.jimmah.com/vista/



On Wed, 16 May 2007 09:16:29 +0100, "Steve Thackery"
<thack@nowhere.net> wrote:

>I'm happy with UAC, and unlike most people don't object to Windows telling
>me when something potentially risky is about to happen.
>
>However, at the moment I've set my account up as an Administrator so I don't
>have to type the admin password into the UAC prompt each time.
>
>Are there any security risks doing this? I seem to think that even
>Administrator level accounts run in non-Administrator mode most of the time,
>which is why I thought it would be OK.
>
>Thanks,
>
>Steve
>

Steve Thackery wrote:
> Thanks for those comments, Bruce.
>
> But is the Administrator account *really* running with administrative
> privileges in Vista? I thought the administrative privileges were switched
> off, so in effect even an Administrator runs as a normal user until a UAC
> prompt comes along.
>


I don't know if administrative privileges are entirely "switched off,"
but they're most definitely "toned down" until elevated in response to a
UAC prompt, so the affect is - as near as I've been able to determine so
far - the same.


> Or is there more to it than that?
>

No, I don't think so. I suspect we've more of a semantics issue than
anything else.


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell

Excellent replies, and very helpful. Thanks, guys.

Steve