Linked by Thom Holwerda on Thu 15th Dec 2005 00:41 UTC
Windows The gospel according to LUA (least-privileged user account) took center stage at Microsoft's Security Summit East here with a pair of Redmond consultants pitching the idea of a well-funded security deployment repository to help developers create applications for non-admin users. The LUA principle, which promotes the use of accounts with fewer access rights than Administrator accounts, has been largely ignored by end users, but if Aaron Margosis and Shelly Bird have their way, code writers will have a central place to get tools and training to create least-privilege applications.
Thread beginning with comment 73224
To read all comments associated with this story, please click here.
What a bizarre idea!
by jgmills on Thu 15th Dec 2005 03:40 UTC
Member since:

So, every user logs in with administrator privileges,
but all of the applications are fixed to run with
ordinary user privileges. Wouldn't it be better for
users to log in as ordinary users in the first place?
Then, only the applications that won't run in that
environment need to be fixed.

Reply Score: 2

RE: What a bizarre idea!
by cilcoder on Thu 15th Dec 2005 04:02 in reply to "What a bizarre idea!"
cilcoder Member since:

But if the user creates an "ordinary user" and tries to use a certain app/games(games tend to be terrible at such things) and it doesn't work, what will the user do? They'll either a) switch back to the admin user and start using it again. b) Call the application maker's tech support which will tell them to switch back to the admin user. So fixing the applications would be a good thing to do now and then they can get people to run as "ordinary users".

Reply Parent Score: 1

RE[2]: What a bizarre idea!
by rhowell on Thu 15th Dec 2005 04:13 in reply to "RE: What a bizarre idea!"
rhowell Member since:

Indeed. And when an "ordinary user" inserts a new Sony/BMG music CD he just purchased to listen to his music, and it insists that he listen as an admin, he'll log in as an admin.

I think Microsoft would do a good thing by making the Admin account ugly and boring to use. You know, like 16 colors only, a grey desktop, no 3D acceleration, etc, etc.

Reply Parent Score: 1