To Make Windows 7 Safer: Remove Admin Rights
Windows 7 is hard to hack if the user account doesn't have administrator rights.
Windows 7 is the safest and most secure desktop operating system from Microsoft yet, but it's still not impervious to attacks. But according to IT solutions firm BeyondTrust, 90-percent of critical Windows 7 vulnerabilities can be mitigated by the removal of administrator rights from Windows users
Key findings from this report show that removing administrator rights will better protect companies against the exploitation of:
- 90-percent of critical Windows 7 vulnerabilities reported to date
- 100-percent of Microsoft Office vulnerabilities reported in 2009
- 94-percent of Internet Explorer and 100 percent of Internet Explorer 8 vulnerabilities reported in 2009
- 64-percent of all Microsoft vulnerabilities reported in 2009
The findings aren't earth shattering by any imagination. Even Microsoft shares this best practice advice in the "Mitigating Factors" portion of Microsoft’s security bulletins: "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
While most readers of Tom's Hardware may prefer to operate in their Windows 7 environment with admin rights, those in charge of computers for a group or enterprise should without a doubt configure user accounts without administrative rights.
Read more about the report at Ars Technica.
Running with UAC on and admin turned off?
No way in hell will that ever happen bud. I like to be able to use my OS.
I'd bring my own PC to work. If they said no, I'd run their PC and my laptop side by side, doing all work on the laptop and just transferring whatever data I need...
Securing elevated privileges is the FIRST thing any competent systems administrator does. You NEVER EVER EVER do day-to-day business / work / operations with an account that holds elevated privileges. Instead you use a "normal" user account to do everything, browse internet / check email / play games, and only login with "administrative rights" to update drivers / install software. Heck this goes right up there with renaming the local administrator account and disabling the local guest account. Ohh and f*ck UAC, its just Window's method of attempting to do sudo. My view is that if your account doesn't have rights to do it, then do NOT do it with that account. Instead login with the admin account and install / update whatever it is you were doing, then log the f*ck out.
If someone can not do this, then they deserve to be attacked by malware.
Really ... doesn't anyone read DISA STIGS anymore...
Not everyone intends to be switching accounts 20 times a day. I am constantly making changes, thus the choice for me is to use admin rights for day to day use.
Last I checked, the only way someone illicitly got to my banking info was the old fashioned way. Not involving a computer at all.
Now if you excuse me, I'm going to do a driver update, without logging off.
That's why any decent OS has this amazing new technology called elevation of privileges. Even administrators don't need to run with administrator privileges all the time, and should either use a limited access account or run with lowered privileges by default.
No user should run with higher privileges than they need. It's security 101 and MS didn't learn it until they developed Vista (recall that the default XP account is Admin). Sadly, their implementation of elevation (UAC) is poor. A password should be required so that if the computer "administrator" is logged in a random family member can't come along and elevate themselves so that they can install software. UAC is a step in the right direction, but only in concept.
Updating the driver requires a reboot, so you actually need to log off anyway - what does running with scissors - er, running as admin saves you from?
On another note, software certified 'designed for Windows XP' entails that it must be tested to be perfectly and completely usable on a simple user account, except for software that requires admin rights for admin jobs - which must warn the user at start time.
Current games, for example, can perfectly be installed as an admin and played as a limited rights user.
Moreover, bringing your own machine to work and storing company data on it could be considered data theft. As far as I know, this is liable to have your contract terminated, you prosecuted and put in jail with a heavy fine.
And that would be perfectly normal, even outside the brain-dead US legal system.
@hollowtek: UAC is a bit more than sudo. It is more a combination of sudo (which allows a user limited rights escalation) and the POSIX user rights system, which allows a user to access a process that doesn't run in its user space (provided the user identified correctly). It is a good idea, done in the best way one can think of.
It is however, due to its after-the-fact implementation, a heavy drain on resources (UAC actually has to control a software's influence and monitor any attempt by the process to do stuff outside a normal user's parameter range), that's why disabling UAC on Vista/7 is annoying - because the Linux way (opening a terminal, running su to become root, start an app in the root space, do whatever, then close it, the whole thing without leaving your user session screen) is rather hard to emulate in Windows: you need at the very least to switch session with fast user switching, which is slow, prevents stuff such as the clipboard to work, and doesn't allow you to have, say, a user-mode web browser window open and an admin-mode app open at its side to administer your system.
So yes, UAC is useful. No, running as a normal user when you spend a lot of time doing REAL admin work is impractical.
What it comes down to.
- if you typically spend your time doing 'normal' user stuff: browsing, chatting, gaming, office work, then you can shut down UAC and set up a password-protected account and a normal user account. That will save 5-20% CPU time and 100 Mb of RAM. Just remember to sometime log in as admin, do all your software updates and system management and you're done.
- if you typically do admin stuff on your machine (you're a software developer): keep default settings. I'd recommend increasing UAC levels to max in 7, to replicate what Vista does (which is, actually, more secure than 7 by default).