Linked by Thom Holwerda on Wed 31st Mar 2010 14:41 UTC
Windows As geeks, we're well aware of the importance of running as a normal user instead of as root (UNIX/Linux/BSD) or administrator (Windows). However, while this should be common knowledge to anyone reading OSNews, it's often hard to illustrate just how important it is - until now, that is. A report by BeyondTrust looked at how many security bulletins issused by Microsoft are mitigated by simply... Not running as administrator.
Permalink for comment 416492
To read all comments associated with this story, please click here.
Member since:

The advantage of malware being forced into user mode is that it is detectable.

Something opening a network connection? root can see it. Something added to the startup items? root can see it. Want an audit listing of what files were modified, when and by what program? root can do that.

Now, if the malware is running as root, it can insert its code into the OS driver level where it has the power to do anything. Detecting rootkits is very difficult and is a race between the latest rootkit and the latest detector.

Reply Parent Score: 2