Linked by Thom Holwerda on Wed 31st Mar 2010 14:41 UTC
Windows As geeks, we're well aware of the importance of running as a normal user instead of as root (UNIX/Linux/BSD) or administrator (Windows). However, while this should be common knowledge to anyone reading OSNews, it's often hard to illustrate just how important it is - until now, that is. A report by BeyondTrust looked at how many security bulletins issused by Microsoft are mitigated by simply... Not running as administrator.
Thread beginning with comment 416229
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Not entirely...
by darknexus on Wed 31st Mar 2010 16:30 UTC in reply to "RE: Not entirely..."
darknexus
Member since:
2008-07-15

Actually, I suspect what the OP meant is that all Linux and UNIX systems have the root user as the first user. It's always there, it has uid 0. That is the first user, there's no arguing that.
That being said, there's a critical difference between what XP and older did for admin versus what *NIX systems do. In the case of XP, any user marked as admin has *full* access to everything just as the first user, which is administrator, does. In *NIX, while the root user is the first user, the installers typically do one of two things. First, they disable the root user and the first account created has sudo privileges (e.g. Ubuntu and Mac OS X), or they make you set a root password and create a user without sudo privileges (e.g. OpenSUSE). Both of these have their advantages and disadvantages, but they do accomplish one thing evenly. That password prompt makes you stop and consciously decide to continue, rather than just letting your user do anything root could do.
With Vista and 7 the situation is slightly better, but only slightly. Administrator accounts do get prompted by UAC but, unlike limited user accounts, they do not get asked for a password. This means that there's no conscious decisions involved, the click-through habit takes over and most users just click continue to get the dialog out of the way. If Microsoft revised UAC to always prompt for a password, we'd probably see a drastic drop in the number of stupid infections. It won't kill infections completely, but even just that split second is often enough to tell you that something's wrong and that greeting card you clicked on shouldn't be asking for your system password.

Reply Parent Score: 4

RE[3]: Not entirely...
by Soulbender on Wed 31st Mar 2010 16:50 in reply to "RE[2]: Not entirely..."
Soulbender Member since:
2005-08-18

It's always there, it has uid 0. That is the first user, there's no arguing that.


Why would he mean that? It has absolutely no bearing whatsoever on the topic at hand.

Reply Parent Score: 3