As geeks, we're well aware of the importance of running as a normal user instead of as root (UNIX/Linux/BSD) or administrator (Windows). However, while this should be common knowledge to anyone reading OSNews, it's often hard to illustrate just how important it is - until now, that is. A report by BeyondTrust looked at how many security bulletins issused by Microsoft are mitigated by simply... Not running as administrator.
To read all comments associated with this story, please click here.
Member since:2006-11-14
Instead, Microsoft should force the creation of the admin password AND a normal user during installation.
Most window users do not install heir own operating systems. OEM ship computers with windows setup with a user with administrative privileges because they do not want to get support calls asking why they are prevented from doing A or installing application B.
Windows 2000 shipped with three users,winxp shipped with two, normal and admin. Microsoft gave people options and OEM passed on a bad choice to their consumers to reduce their costs and consumers did change the bad option and the bad option stuck as default and expected option.
It is required in new york to take couple of hours of road safety lectures and workshops before a drivers license is issued. Should computers users be required to do the same?
Member since:2009-12-14
Member since:2006-02-15
Honestly, most Linux distro's enact the first user as the 'root' user too.
I am not aware of any such distro. I don't use that many distros though, but atleast the one I use a lot, Mandriva, does NOT enact the first user as root. No, you always have to enter root password separately if you wish to install applications or do other similar system administration tasks, just as it should be.
Could you now then elaborate which distros actually do enact the first user as root?
Member since:2008-07-15
Actually, I suspect what the OP meant is that all Linux and UNIX systems have the root user as the first user. It's always there, it has uid 0. That is the first user, there's no arguing that.
That being said, there's a critical difference between what XP and older did for admin versus what *NIX systems do. In the case of XP, any user marked as admin has *full* access to everything just as the first user, which is administrator, does. In *NIX, while the root user is the first user, the installers typically do one of two things. First, they disable the root user and the first account created has sudo privileges (e.g. Ubuntu and Mac OS X), or they make you set a root password and create a user without sudo privileges (e.g. OpenSUSE). Both of these have their advantages and disadvantages, but they do accomplish one thing evenly. That password prompt makes you stop and consciously decide to continue, rather than just letting your user do anything root could do.
With Vista and 7 the situation is slightly better, but only slightly. Administrator accounts do get prompted by UAC but, unlike limited user accounts, they do not get asked for a password. This means that there's no conscious decisions involved, the click-through habit takes over and most users just click continue to get the dialog out of the way. If Microsoft revised UAC to always prompt for a password, we'd probably see a drastic drop in the number of stupid infections. It won't kill infections completely, but even just that split second is often enough to tell you that something's wrong and that greeting card you clicked on shouldn't be asking for your system password.
Member since:2005-11-12
He/she probably means distros like Slackware, Gentoo and ArchLinux which require the user to make a user account manually, since by default they use is root.
I've always said that Windows users right from XP should have been tutored into creating passwords and one for administrator from the installation.
All OEM machines should have been set-up so that the user would need to set both passwords or some sudo equivalent, like Ubuntu has for example.
Member since:2007-08-22
I am not aware of any such distro. I don't use that many distros though, but atleast the one I use a lot, Mandriva, does NOT enact the first user as root. No, you always have to enter root password separately if you wish to install applications or do other similar system administration tasks, just as it should be.
Could you now then elaborate which distros actually do enact the first user as root?
Being the OP...
Distro installers always ask you to enact a password for root. That is the first user enacted during the installation.
After that, you can then add a normal user to use.
Member since:2006-01-26
Debian does... (at least, it does with Debian 5.0 and earlier)
During install, it first prompts you for the root password, and then prompts you for the "first" (second) user and that user's password.
Edit: Oh, you mean that it creates only *one* user at all... nah, dunno.
Edited 2010-03-31 18:10 UTC
Member since:2006-02-05
It is the problem though, if you give someone broad sudo priviledges, all it takes is a sudo bug and you effectively have full control. If you do not run as the user with full privileges, it takes a lot more effort. With linux its a fairly moot point though, because the people interested in hacking it are only targeting environments that would never run that way.
Exact same principal for windows. First windows user is in the "administrators" group, but they still need to go through a dialog for something to execute with admin rights. Proper way to do it is not run daily stuff under an admin account, and run things as the admin account as needed.
The problem is that people are so irritated with having to hit "Ok" to run something as admin, they would be even MORE irritated if it required a username/password.
Member since:2007-08-22
Users must be part of the 'wheel' group AND be added to /etc/sudousers in order to have access to sudo. Additionally, to use sudo you have to enter your own password. It's not specifically allowed. Once you use it successfully it will let you continue issuing additional commands via more calls to sudo without a password but only for a given amount of time between calls.
'su' doesn't require any group - just that you know the password for that user, root or otherwise.
Not quite.
On Linux/Unix there is typically only one administrator user - root. Rarely do you ever add another user to the 'root' group. Instead, you give people the privilege to switch user to the root user using su or sudo. See above.
On Windows you actually add users to the Administrators group. To properly do it the UNIX/Linux way you would not do that, but use the 'runas' command instead. It can be successfully done - I've done it before - but it is a major PITA as Windows is not designed to work that way.
Under UNIX/Linux, this is how all software is designed to run.
However, Microsoft has historically contributed to pushing for users to need Admin rights in order to use their daily software. Until Office 2002/2003, Office required Admin rights to run. Only recently (VS2005/2008/2010?, not sure which) did Visual Studios drop the requirement for developers to need admin rights in order to debug software.
It's not that administrators did not want to force people to not have admin rights to use their computer. It's that the software available for Windows - even software from Microsoft - required it!
It's only a problem so long as software is designed to require admin rights to function.
Vista and Win7 are making a big show of it. You don't see so many issues now with it because either the vendors got smart and updated their software to not need it (which has happened), or (where that was not possible, or available yet to the user) people turned it off; and with Win7 the default level was toned down.
"At the end of a week in which Electronic Arts confirmed it wasn't developing a thing for the Wii U, one of the software engineers in EA Sports' Canada studio, in a series of since-deleted tweets, disparaged the console as 'crap' and suggested Nintendo should give up on hardware altogether. 'The Wii U is crap. Less powerful than an Xbox 360. Poor online/store. Weird tablet', tweeted Bob Summerwill, listed as a senior software engineer at EA Canada, in a reply to a tweet posting a link about EA's no-Wii U news. 'Nintendo are walking dead at this point'." The Wii U is turning into the 21st century's Virtual Boy.
"In NixOS, the entire operating system - the kernel, applications, system packages, configuration files, and so on - is built by the Nix package manager from a description in a purely functional build language. The fact that it's purely functional essentially means that building a new configuration cannot overwrite previous configurations. Most of the other features follow from this." Interesting approach. A Linux distribution, sure, but with some very refreshing ideas about system configuration.
Google added, among other features, C/C++ support to its new version of AIDE. From Android-IDE, "Now you can write parts of your app or your whole app in C/C++ on your device. AIDE supports the Standard Android NDK toolchain (GCC 4.6 + Bionic, STL, ...). No changes are necessary if you want to build an app developed on a PC with Eclipse. C/C++ development is fully integrated: Build errors appear in the error list and files can easily be navigated to with Go to file. The editor supports C/C++ syntax highlighting."
Ars nails it: "The answer is that Google did announce what amounts to a fairly substantial Android update yesterday. They simply did it without adding to the update fragmentation problems that continue to plague the platform. By focusing on these changes and not the apparently-waiting-in-the-wings update to the core software, Google is showing us one of the ways in which it's trying to fix the update problem."
"It is good for programmers to understand what goes on inside a processor. The CPU is at the heart of our career. What goes on inside the CPU? How long does it take for one instruction to run? What does it mean when a new CPU has a 12-stage pipeline, or 18-stage pipeline, or even a 'deep' 31-stage pipeline? Programs generally treat the CPU as a black box. Instructions go into the box in order, instructions come out of the box in order, and some processing magic happens inside. As a programmer, it is useful to learn what happens inside the box. This is especially true if you will be working on tasks like program optimization. If you don't know what is going on inside the CPU, how can you optimize for it? This article is about what goes on inside the x86 processor's deep pipeline."
"It was the only moment I heard regret slip into Otellini's voice during the several hours of conversations I had with him. 'The lesson I took away from that was, while we like to speak with data around here, so many times in my career I've ended up making decisions with my gut, and I should have followed my gut,' he said. 'My gut told me to say yes.'" The world would've been a much different place - Apple would have been less dependant on Samsung for its chips, which probably would've meant less money for Samsung to develop its Galaxy business.Glass is getting some love at Google I/O as well. New applications have been released - Facebook, Twitter, Evernote, Elle, Tumblr, and CNN. Perhaps more interesting: the newly announced Google Glass Developer Kit will allow offline applications and direct hardware access - great for hacking and expanding Glass' potential. This kit will really allow hackers to put Glass through its paces."But Beck and Merrill decided that simply banning toxic players wasn't an acceptable solution for their game. Riot Games began experimenting with more constructive modes of player management through a formal player behavior initiative that actually conducts controlled experiments on its player base to see what helps reduce bad behavior. The results of that initiative have been shared at a lecture at the Massachusetts Institute of Technology and on panels at the Penny Arcade Expo East and the Game Developers Conference." Absolutely fascinating stuff. I'm a League of Legends player, and to be honest, the community isn't nearly as bad as some make it out to be. I'm happy Riot games has the guts to employ science to address the issue.
"Android and iOS, the number one and number two ranked smartphone operating systems worldwide, combined for 92.3% of all smartphone shipments during the first quarter of 2013 as Windows Phone crept past BlackBerry for 3rd place. According to the International Data Corporation Worldwide Quarterly Mobile Phone Tracker, Android smartphone vendors and Apple shipped a total of 199.5 million units worldwide during 1Q13, up 59.1% from the 125.4 million units shipped during 1Q12." Windows Phone doubles from a few to twice few, iOS loser market share as its growth is slower than that of the overall market. BlackBerry continues slide into irrelevance."According to the latest research from our Wireless Smartphone Strategies service, global Android smartphone profits reached US$5 billion in total during the first quarter of 2013. Samsung dominated and captured an impressive 95 percent share of all Android smartphone profits." Wow.
Member since:
2007-08-22
Honestly, most Linux distro's enact the first user as the 'root' user too. That's not the problem.
Instead, Microsoft should force the creation of the admin password AND a normal user during installation.
Additionally, Vista + Win7 shed light on the software requiring admin rights to run issue, and has helped to resolve software that is being updated and maintained. However, there is still a vast amount of software out there that businesses use that is not being upgraded or maintained for numerous reasons; software that still requires admin rights to run.
So as another said - it's not so simple.