Linked by Thom Holwerda on Wed 31st Mar 2010 14:41 UTC
Windows As geeks, we're well aware of the importance of running as a normal user instead of as root (UNIX/Linux/BSD) or administrator (Windows). However, while this should be common knowledge to anyone reading OSNews, it's often hard to illustrate just how important it is - until now, that is. A report by BeyondTrust looked at how many security bulletins issused by Microsoft are mitigated by simply... Not running as administrator.
Thread beginning with comment 416206
To read all comments associated with this story, please click here.
Many programs cannot run as power user
by funny_irony on Wed 31st Mar 2010 14:57 UTC
funny_irony
Member since:
2007-03-07

Things are not as simple as it seem. Many windows programs cannot run in power user mode. In power user mode, power user do not access permission to many important system folder. Access permission cause many run time errors.

Many malwares have ability to run as administrator even if you log in as power users. My company have tried to reduce malwares by changing to power user. However, the changes cause many problems to users without reducing the the number of malwares. The anti-virus cannot delete the malware because power user don't have permission to delete the file.

However, many malwares are autorun virus. By disable autorun and autoplay, the malwares are reduce dramatically.

Reply Score: 3

yoshi314@gmail.com Member since:
2009-12-14

that's because they are poorly written. most programs can work just fine or regular account.

only exceptions i can think of are security related programs, like antivirus and firewall, which should run as services with different privileges.

Reply Parent Score: 4

biffuz Member since:
2006-03-27

Only problem is, many apps are very difficult or costly to fix. And this includes open source/free stuff... the largest the company, the highest the cost of any change, even minimal. And today companies are saving every penny.

Reply Parent Score: 1

nt_jerkface Member since:
2009-08-26

You can run as admin inside Windows 7's XP mode if that helps at all. It's just an integrated VM of XP.

Part of the problem is that MS wasn't doing much to encourage multi-user aware programs in the XP days. A big part of this had to do with the central registry system. The virtual registry in Vista/7 is a major improvement in this regard.

Reply Parent Score: 3

bannor99 Member since:
2005-09-15

That's great if you can have enough horsepower to run the additional virtualized OS and if you can spare the disk space.
For most desktops, that's not an issue but the sales and project mgm't folks here prefer the really small laptop or near-netbook machines and those have some significant tradeoffs.

Better to run either BeyondTrust Privilege Manager or Avecto Privilege Guard if you have a domain.

Reply Parent Score: 2