Run Xp As Administator?

[shanenin]

Do most of you run XP as an administator? I make my children run with limited accounts, but both my wife and I run as admins. I would not think of doing this on my linux box(but yet i do it on windows). I think A may have to change this policy soon.

edit added later//

I suppose it is much easier with linux to get administartor privelges, just one command and a password. With windows I need to logout, and log back in.

Edited February 28, 2006 by shanenin

[TheTerrorist_75]

Check these tips out.

How to login as Administrator in Windows XP?

[jimras]

I log in as myself but I have administrator privilages.

Does that count?

I use the computer 95% of the time anyway.

[jsbowen]

I wouldn't even think about trying to do useful work in XP without having admin privileges.

[jamaicaman]

yeah, everyone on my comp has administrator priveleges, but we used to have limited with a "dadmin" (admin but i was my dad's).

[rhema7]

We never run with Admin privileges for day to day use. It takes a little longer to setup limited account with enough flexibility to not be a hindrance but it is worth it in the long run just for security purposes.

it was a good point the poster made. You would not think of running ROOT in Linux but most people run as admin in windows which is far greater a security risk.

Preston

[xxkbxx]

You can't keep kids from messing around with settings - that's the only reason I learned how to fix computers (from breaking them)

[Martint]

Rhema, just curious.

Can you explain to me why running in root in linux and admin in windows is more of a security risk?

[jamaicaman]

i think it is more of a risk (note: im getting this from what my dad told me) because a admin has all the privileges, so if someone hacks into your computer, they can change a whole bunch of things and mess up you computer, while also mybe put in a viruse, delete tons of info, delete whol accounts etc.

there my be more reasons why but i dont know them/cant think of them.

Edited February 28, 2006 by jamaicaman

[Guest Tony]

My login is the only login on my comptuer and that has admin rights, but before using my computer I have to trust the person and they have to know what there doing with computers BEFORE then even touch mine.

[TheTerrorist_75]

http://blogs.msdn.com/aaron_margosis/archi.../17/157962.aspx

Why you shouldn't run as admin...

First, let’s define terms. This may be oversimplifying, but for the purpose of this discussion there are only two types of users: Administrators, and Users. They are essentially distinguished by membership in the “Administrators” and “Users” local groups. “Administrators” have complete and unrestricted access to the computer/domain. “Users” are prevented from making accidental or intentional system-wide changes.

Narrowing down to two user types is not entirely arbitrary. In fact, this is exactly how Windows XP Home Edition distinguishes users. Under the hood, its Computer Administrators and Limited Users are members of Administrators and Users, respectively. And besides, membership in groups such as “Power Users” or “Backup Operators” is tantamount to being an Administrator. When I talk about running as non-admin, I am not suggesting running as Power User instead.

OK, so if you are one of those people who is allowed (or required) to administer your own computer, why wouldn’t you just want to log on as an admin all the time? Well, if you were a surgeon, would you always want to hold an unsheathed scalpel in your hand? Or would you prefer to keep it in a safe place until you actually need it? Does that metaphor work? How about “running with sharp scissors”? Well, let’s skip the metaphors, then.

The #1 reason for running as non-admin is to limit your exposure. When you are an admin, every program you run has unlimited access to your computer. If malicious or other “undesirable” code finds its way to one of those programs, it also gains unlimited access. A corporate firewall is only partial protection against the hostility of the Internet: you still browse web sites, receive email, or run one or more instant messaging clients [added 2004.06.25] or internet-connected games. Even if you keep up to date on patches and virus signatures, enable strong security settings, and are extremely careful with attachments, things happen. Let’s say you’re using your favorite search engine and click on a link that looks promising, but which turns out to be a malicious site hosting a zero-day exploit of a vulnerability in the browser you happen to be using, resulting in execution of arbitrary code. When an exploit runs with admin privileges, its ability to compromise your system is much greater, its ability to do so without detection is much greater, and its ability to attack others on your network is greater than it would be with only User privs. If the exploit happens to be written so that it requires admin privileges (as many do), just running as User stops it dead. But if you’re running as admin, an exploit can:

install kernel-mode rootkits and/or keyloggers (which can be close to impossible to detect)

install and start services

install ActiveX controls, including IE and shell add-ins (common with spyware and adware)

access data belonging to other users

cause code to run whenever anybody else logs on (including capturing passwords entered into the Ctrl-Alt-Del logon dialog)

replace OS and other program files with trojan horses

access LSA Secrets, including other sensitive account information, possibly including account info for domain accounts

disable/uninstall anti-virus

cover its tracks in the event log

render your machine unbootable

if your account is an administrator on other computers on the network, the malware gains admin control over those computers as well

and lots more

[jcl]

I suppose it is much easier with linux to get administartor privelges, just one command and a password. With windows I need to logout, and log back in.

runas. Either the command-line utility or the shell extension. Similar to sudo but with more features. IIRC Vista is going to provide a more convenient UI as part of the effort to get people to stop using Administrator accounts.

[rhema7]

Rhema, just curious.

Can you explain to me why running in root in linux and admin in windows is more of a security risk?

In Linux most of the threat is internal not running as Root is to protect you against yourself and or others on a multi-user machine. you gotta admit with an enviroment that lends itself to great flexability and customization like Linux and other Open Source OSs run in a non-Super User mode saves you many hours of self-loathing for doing something stupid and having you fix it without the help of a commercial off the shelf app like you can with Windows. As for windows TheTerrorist_75 explained more eloquently and Complete than I could.

Preston