Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Administrator - less secure?

microsoft.public.windows.vista.security






Speedup My PC
Reply
  #1 (permalink)  
Old 05-16-2007
Steve Thackery
 

Posts: n/a
Administrator - less secure?
I'm happy with UAC, and unlike most people don't object to Windows telling
me when something potentially risky is about to happen.

However, at the moment I've set my account up as an Administrator so I don't
have to type the admin password into the UAC prompt each time.

Are there any security risks doing this? I seem to think that even
Administrator level accounts run in non-Administrator mode most of the time,
which is why I thought it would be OK.

Thanks,

Steve


Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 05-16-2007
Bruce Chambers
 

Posts: n/a
Re: Administrator - less secure?
Steve Thackery wrote:
> I'm happy with UAC, and unlike most people don't object to Windows telling
> me when something potentially risky is about to happen.
>
> However, at the moment I've set my account up as an Administrator so I don't
> have to type the admin password into the UAC prompt each time.
>
> Are there any security risks doing this? I seem to think that even
> Administrator level accounts run in non-Administrator mode most of the time,
> which is why I thought it would be OK.
>
> Thanks,
>
> Steve
>
>



Routinely using a computer with administrative privileges is not
without some risk. You will be more susceptible to some types of
malware, particularly adware and spyware. While using a computer with
limited privileges isn't the cure-all, silver bullet that some claim it
to be, any experienced IT professional will verify that doing so
definitely reduces that amount of damage and depth of penetration by the
malware. If you get infected/infested while running as an
administrator, the odds are much greater that any malware will be
extremely difficult, if not impossible, to remove with formating the
hard drive and starting anew. The intruding malware will have the same
privileges to all of the files on your hard drive that you do.

Vista's UAC adds an additional layer of protection, even if you
don't enter a password each time it warns you; the important thing is
that you're being warned, and can then make your own decision. A
technically competent user who is aware of the risks and knows how to
take proper precautions can usually safely operate with administrative
privileges; I do so myself. But I certainly don't recommend it for the
average computer user.


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell
Reply With Quote
  #3 (permalink)  
Old 05-16-2007
Steve Thackery
 

Posts: n/a
Re: Administrator - less secure?
Thanks for those comments, Bruce.

But is the Administrator account *really* running with administrative
privileges in Vista? I thought the administrative privileges were switched
off, so in effect even an Administrator runs as a normal user until a UAC
prompt comes along.

Or is there more to it than that?

Sorry for being a bit thick!

Steve


Reply With Quote
  #4 (permalink)  
Old 05-16-2007
Jimmy Brush
 

Posts: n/a
Re: Administrator - less secure?
Hello,

An administrator account in Vista is essentially an "admin user on
demand" at program-level granularity.

So, programs that do not prompt are semantically running in a standard
user account, while programs that do prompt are running with all the
privileges assigned to your admin account.

However, when logged in as an administrator, both admin programs and
non-admin programs are running inside of your admin user profile.
There are not really two different accounts here, it is just pretend.

This is different than when logged in as a standard user. When logged
in as a standard user, programs that don't need admin power run inside
of your standard user profile.

However, when you run an admin program from inside a standard user
account, the admin program is running inside the profile of the admin
user account that you authenticated with in the credentials prompt.

This makes running as a standard user and elevating-on-demand to a
seperate administrator account more secure, since the profiles are
seperated (this can prevent certain types of attacks).

Also, this extra seperation can cause progam compatability issues as
well, although UAC does try to mitigate these as best as possible.

It's hard to say how much extra security you get from running in a
standard user vs. administrator on vista this early in the game.

--
-JB
Microsoft MVP - Windows Shell
Windows Vista Support FAQ - http://www.jimmah.com/vista/



On Wed, 16 May 2007 09:16:29 +0100, "Steve Thackery"
<thack@nowhere.net> wrote:

>I'm happy with UAC, and unlike most people don't object to Windows telling
>me when something potentially risky is about to happen.
>
>However, at the moment I've set my account up as an Administrator so I don't
>have to type the admin password into the UAC prompt each time.
>
>Are there any security risks doing this? I seem to think that even
>Administrator level accounts run in non-Administrator mode most of the time,
>which is why I thought it would be OK.
>
>Thanks,
>
>Steve
>

Reply With Quote
  #5 (permalink)  
Old 05-17-2007
Bruce Chambers
 

Posts: n/a
Re: Administrator - less secure?
Steve Thackery wrote:
> Thanks for those comments, Bruce.
>
> But is the Administrator account *really* running with administrative
> privileges in Vista? I thought the administrative privileges were switched
> off, so in effect even an Administrator runs as a normal user until a UAC
> prompt comes along.
>



I don't know if administrative privileges are entirely "switched off,"
but they're most definitely "toned down" until elevated in response to a
UAC prompt, so the affect is - as near as I've been able to determine so
far - the same.


> Or is there more to it than that?
>


No, I don't think so. I suspect we've more of a semantics issue than
anything else.


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell
Reply With Quote
  #6 (permalink)  
Old 05-17-2007
Steve Thackery
 

Posts: n/a
Re: Administrator - less secure?
Excellent replies, and very helpful. Thanks, guys.

Steve


Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
New blog from F-Secure Paul Security News 0 05-02-2007 15:08
New blog from F-Secure Paul Security News 0 04-27-2007 18:54
Secure printing Paul Security News 0 03-19-2007 19:24
Is Vista Secure Jackie Conner microsoft.public.windows.vista.general 23 02-28-2007 22:13
System Administrator vs. Application Administrator Dave R. microsoft.public.windows.vista.administration accounts passwords 1 02-28-2007 14:12




All times are GMT +1. The time now is 05:16.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120