I've been running my Windows install as a non-admin user, but it's gotten to be too much of a pain, prompting me to switch to admin. Yeah, I know I shouldn't; but with RunAs not always doing its job, and no framework for privilege granting like sudo on *nix... It's just much easier to handle things as superuser.

So, for the rest of you guys running Windows... Do you run as admin, or as a restricted user?

- If you're on WinXP or older, and you're not running as admin - how do you handle it?

- If you're on Vista or 7 and you're running as admin - why?

I run Win2K and Win98. On both I've used SSM (pro and free respectively) to set up separate user and administrator modes. On both systems, installing software, updates, patches, system configuration, etc are treated as administrator tasks that can't be done in user mode. When in user mode, a strict default-deny policy is in place, and only the whitelisted user apps can be run. There's no access to the registry editor, system tools, firewall settings or any of the configuration screens. Users are restricted to "using" the installed software. Stitching to administrative mode is as simple as entering the password for SSM and connecting its interface.

I normally run in user mode. The other users don't have the SSM password so they're restricted to user mode. It's not as inconvenient as it might sound. Each user has access to the software they use. The rules/permissions for each account/profile are matched to their needs. There's no real restrictions on web browsing except that Internet Explorer can't be used, not whitelisted. The only thing users can't do is install software without my approval.

The setup has worked very well. It's stayed clean for over 4 years with no AV, anti-spyware, etc installed.

-{ Quote: "I've been running my Windows install as a non-admin user, but it's gotten to be too much of a pain, prompting me to switch to admin. Yeah, I know I shouldn't; but with RunAs not always doing its job, and no framework for privilege granting like sudo on *nix... It's just much easier to handle things as superuser.

So, for the rest of you guys running Windows... Do you run as admin, or as a restricted user?

- If you're on WinXP or older, and you're not running as admin - how do you handle it?

- If you're on Vista or 7 and you're running as admin - why?" }-

Also lock down access to all your network shares to the person who's the Admin and not level Everyone, Guest, Users, Bla, Bla have access to shares. I delete those crap. So if I do setup a Guest account no one has access to my doc folder shares an etc. I can't have anyone just come in and take what is mine from the network. I had an in-law tap into my music media server and was helping himself to my music library connected to his Sansa 16GB without my permission. Never again will that happen.

Admin account is renamed on all my systems when you login it doesn't say the real name it's aliases. Admin account has it rights but you don't want to let a kid have access to the admin account, very dangerous.

Hence, the poll shows why there is such an issue with security on windows platforms....

Tipstir: I turned off network shares... Don't need it now, don't expect to need it ever.

I actually have never yet tried running as a limited user.

My concern is if I run as a limited user would it not also interfere with my HIPS Programs by reducing their rights and powers??

-{ Quote: "Tipstir: I turned off network shares... Don't need it now, don't expect to need it ever." }-

Run a file, web, mail server here and most of the media is on HTPC which is the media server for the extenders so those folder are shared out. Caller ID server is wireless that needs to be shared out. So pretty much everything is network share here. Every OS and server OS is patched.. Again I can't run as limited user just not going to cut it. HIPS does a fine job on what is access. I guess none of you here run NDM (network drive manager) you can use truecyrpt on mounted network shares. Lets me know which shares are not active meaning the system is done by a red x in the link drive. Still not bad.

-{ Quote: "I actually have never yet tried running as a limited user.

My concern is if I run as a limited user would it not also interfere with my HIPS Programs by reducing their rights and powers??" }-

You found the old program below I use to have this years ago for DCOM disabled So you're using it today..

http://gladiator-antivirus.com/forum/upload/post-133-1085752407.jpg

-{ Quote: "My concern is if I run as a limited user would it not also interfere with my HIPS Programs by reducing their rights and powers??" }-
No.The HIPS are some of the first items loaded on a system, well before the user logs in. It has full access to the system, no matter what the users level of priveledge is.

Personally, I've never had trouble running as limited user on XP, but then again my XP system is single user. Some old games and their helper programs are troublesome, but for them I simply create a script on my desktop to automatically run the whole bunch of them as admin.

On Vista there's probably no reason at all to not run as standard user.

-{ Quote: "Hence, the poll shows why there is such an issue with security on windows platforms...." }-
The sad thing is that this is a geek security forum, among the general populace out there the proportion of admin to limited users is probably much, much higher.

-{ Quote: "My concern is if I run as a limited user would it not also interfere with my HIPS Programs by reducing their rights and powers??" }-
No, but chances are that it will make them unnecessary.

Nowdays I dont boot into Windows that often. But before I switched to *nix I ran as a limited user in XP (and UAC in Vista). I used the nice little app SuRun to elevate privileges in XP.

I never had any problems running as limited user. I just dont understand why I ran as admin for so long (well, i do actually. I believed all the people who said it was a pain rather than test it my self)

I run Windows as Administrator and I use DefenseWall HIPS policy-based sandbox.

Everyone in my family has a computer. My computer is only accessible to me (Passworded) and every time I tried to run it as a standard user, I had some kind of time consuming problem. I also think that having Vista with UAC on, makes it safer to run as admin (I know this has been the topic of many lengthy debates), but I personally will always have my computer in admin mode.

Strictly LUA and when guests come, guest account in Windows. In Lin I create a guest account as well. SuRun makes life quite easy running with LUA.

I've taken the same route as Creer. I run as Admin but use Defensewall to achieve protections that I would get running as a Limited User.

Lately I have given up describing Defensewall as a Hips or Sandbox as I find people get confused. I find if I describe it as a Software Rights Control application that people grasp what it does a lot easier.

Yep, have been running Admin for some time and plan to keep doing so. Sandboxie and Avast have kept me safe for far too long now to be screwing around with "ultimate security" bs and risking something not working right.

Just disable all the accounts, create aliases admin rename Lock down the guest, everyone and all others access to shared folders. Then use your protection software to get on the internet.

No, Power User is my choice ::) I gave up Limited User because too many programs don't work correct - too much trouble! :(

Nope.
Because, I don't know how run Vista as LUA. :'(

-{ Quote: "Nope.
Because, I don't know how run Vista as LUA. :'(" }-
Hello,
control panel,users
change your everyday account to standard user account.
make sure there is one admnistrator account and it has a strong password.
then log out and back in.

-{ Quote: "Hello,
control panel,users
change your everyday account to standard user account.
make sure there is one admnistrator account and it has a strong password.
then log out and back in." }-

Just that?
Thanks!

-{ Quote: "Just that?
Thanks!" }-
Just that!

Lots of horror stories floating around, but all you really need to do is try it and see for yourself. ;)

-{ Quote: "Just that!

Lots of horror stories floating around, but all you really need to do is try it and see for yourself. ;)" }-

May I ask you what the horror stories are? :o
Thanks!

-{ Quote: "May I ask you what the horror stories are? :o
Thanks!" }-
Just read this thread. People don't try it because they hear that it's too difficult, that their programs will stop working, etc.

-{ Quote: "Just read this thread. People don't try it because they hear that it's too difficult, that their programs will stop working, etc." }-

Alright!
Thanks!

Regards

Most of the time No. Can be a real pain in XP when some softwares want to update their versions.

Yes, but with lower privileges most of the time. I use Sandboxie, Online Armor, and NOD32. The first two have settings to run programs with lower privileges. I run all internet apps, browsers and emai clients sandboxed, and with lower privileges. I have to unblock consciously even zip files before I can open them. I am prevented from downloading questionable files. I have to deliberately bypass the security. Limit accounts are a pain. I haven't been infected yet. This security I have with XP Pro SP3 and above apps.

-{ Quote: "I run all internet apps, browsers and emai clients sandboxed, and with lower privileges. I have to unblock consciously even zip files before I can open them. I am prevented from downloading questionable files. I have to deliberately bypass the security. Limit accounts are a pain. I haven't been infected yet. This security I have with XP Pro SP3." }-

Likewise for me, on XP + Vista :)

philby

No, I don't. Of course I don't. :) Limiting the privileges of the logged-in user and anything executed by said user is one of the essential basic steps in running a secure system. It helps against malicious software, malicious/stupid users (as long as you don't give them the admin password), and even against badly coded programs that may accidentally delete/corrupt stuff they weren't supposed to delete (many examples of this around). I run a non-admin account in Windows, and obviously run a user account in Linux, not root. It is not difficult. It is very easy. But then, I do not use software that is so poorly coded it fails to run on a non-admin account (assuming the software doesn't have a legitimate need for admin privs).

-{ Quote: "Hence, the poll shows why there is such an issue with security on windows platforms...." }-

Indeed. If even the people who are actually interested in security run as admin...

-{ Quote: "Yes, but with lower privileges most of the time. I use Sandboxie, Online Armor, and NOD32. The first two have settings to run programs with lower privileges. I run all internet apps, browsers and emai clients sandboxed, and with lower privileges. I have to unblock consciously even zip files before I can open them. I am prevented from downloading questionable files. I have to deliberately bypass the security. Limit accounts are a pain. I haven't been infected yet. This security I have with XP Pro SP3 and above apps." }-

I don't mean to insult with this question, but I'm just honestly curious (as well as somewhat flabbergasted).

You say that limited accounts are a pain.

And yet, you are running Sandboxie, Online Armor and NOD32, and "have to unblock consciously even zip files before you can open them." How is that not a pain? Even a much greater pain than using a limited account? I am honestly confused.

I, like many others here, have a history of trying out many security software for various reasons. I have used HIPS products, sandboxes, all kinds of stuff. And all of it was much more a pain in the posterior than running as a limited user (even with a software restriction policy). And a lot more expensive to fund and to support.

You guys who consider limited accounts a pain should sometimes try spending as much time getting your limited account working comfortably as you spend configuring, tweaking, updating and so on your various security software. You might be surprised at just how easy it is. :)

But tastes differ, as they say. To each his own...

-{ Quote: " but with RunAs not always doing its job, and no framework for privilege granting like sudo on *nix... " }-
Try SuRun (http://www.wilderssecurity.com/showthread.php?t=196737) - it makes LUA life considerably easier.

-{ Quote: "
You guys who consider limited accounts a pain should sometimes try spending as much time getting your limited account working comfortably as you spend configuring, tweaking, updating and so on your various security software. You might be surprised at just how easy it is. :)
" }-

.. and a LUA isn't expensive ;D

-{ Quote: ".. and a LUA isn't expensive ;D" }-

Exactly. :) It also does not introduce any new vulnerabilities into the system (whereas running third party security software does, without making the vulnerabilities already in Windows going away either).

-{ Quote: "Exactly. :) It also does not introduce any new vulnerabilities into the system (whereas running third party security software does, without making the vulnerabilities already in Windows going away either)." }-

Indeed. In other words: The more security software you use the larger is your attack surface.

Yes - Nowadays with UAC :)

I run as admin, with uac set to max :D

I also run as admin. Being the only user I find it much more convenient to run only one account. :D

indeed more convenient, but less secure. Its a tradeoff and depends on personal taste.

I run a limited account. I do agree that adding more 3rd party programs increases surface attack, and LUA doesn't hurt performance like 3rd party scanners that scan every single read/write to the HD do.

also read other benefits on this wiki page, these are benefits no one talks about: http://en.wikipedia.org/wiki/Principle_of_least_privilege

3rd party security apps are rooted deep into the system and have unrestricted access. This naturally hinders stability and performance and security. This is a key reason for UAC, to force software developers to make their software so it doesn't hook so deep in the kernel.

-{ Quote: "indeed more convenient, but less secure. Its a tradeoff and depends on personal taste.

I run a limited account. I do agree that adding more 3rd party programs increases surface attack, and LUA doesn't hurt performance like 3rd party scanners that scan every single read/write to the HD do.

also read other benefits on this wiki page, these are benefits no one talks about: http://en.wikipedia.org/wiki/Principle_of_least_privilege

3rd party security apps are rooted deep into the system and have unrestricted access. This naturally hinders stability and performance and security. This is a key reason for UAC, to force software developers to make their software so it doesn't hook so deep in the kernel." }-

Under 'Limitations' at the end of that very page;
"We have no method to evaluate a process to define the least amount of privileges it will ever need to perform its functions. That is because it is not possible to know all the values of variables it may process, all the addresses it will need, the precise time it needs etc"

" In real practice, it is almost never possible to control a process's access to memory, or processing time, or I/O device addresses or modes with the precision needed to eliminate the precise set privileges we can be sure a process will not need."

Running LUA is not what some make it out to be. I don't want a situation where every single action is scrutinized as to what privlege has been granted. I run Admin to speed up my entire computer time. There are plenty of light, practically fool-proof programs out there (sandboxie, returnil) to defeat malware.

trust me I'm not trying to make LUA sound like a perfect solution in every instance, their are some inconveniences involved. Again, its a tradeoff and depends on personal taste.

Always Administrator8)

Always > Limited User Account 8)

-{ Quote: "Under 'Limitations' at the end of that very page;
"We have no method to evaluate a process to define the least amount of privileges it will ever need to perform its functions. That is because it is not possible to know all the values of variables it may process, all the addresses it will need, the precise time it needs etc"

" In real practice, it is almost never possible to control a process's access to memory, or processing time, or I/O device addresses or modes with the precision needed to eliminate the precise set privileges we can be sure a process will not need."

Running LUA is not what some make it out to be. I don't want a situation where every single action is scrutinized as to what privlege has been granted. I run Admin to speed up my entire computer time. There are plenty of light, practically fool-proof programs out there (sandboxie, returnil) to defeat malware." }-


That Wikipedia article is looking at least privilege from a theoretical perspective. Those "issues" presented in the article are pretty much irrelevant to any normal user. The article attempts to go for the theoretical extreme in least privilege, asking the question: "What are the absolute minimal privileges I need to get job X done?" In real life, modern operating systems don't try to tackle such questions using user accounts. When it comes to "limited" user accounts, the question would instead be: "What is the minimal set of privileges I need to get typical daily use jobs like X, Y and Z done without having privileges that grant me administrative control over the entire system?" LUA in Windows, for example, isn't even trying to get the absolute minimal privileges theoretically possible. Instead, it's trying to get a set of privileges that is both convenient and still limiting enough to prevent full control of the system from a non-privileged user. When (or more accurately if) someone actually wants to go for the theoretical absolute minimum privileges, mandatory access control can be used.

So, in reality, with LUA, there is no "situation where every single action is scrutinized as to what privlege has been granted." It's simply that when you log on, you're given a limited set of privileges and that's that. Every action then happens using those privileges. There is no special scrutiny on every action so as to, for example, assign a relatively high privilege set A to process X, and then a lesser privilege set B to process Y. Instead, everything gets the same single set of limited privileges.

Running LUA does not slow down a system, and it doesn't even slow down most users. The type of user that would experience slow down as compared to running as admin is the type of user who does things to their computer (constantly tweak system-wide settings for some unknown reason, constantly add new hardware and drivers, constantly install new software system-wide, etc), as opposed to doing things with the computer (browsing, email, multimedia, office type work, playing games, anything that doesn't involve system-wide changes). On the other hand, there's always the factor that most "fool-proof" security programs cause slow down as well. Some also cause instability. For users of HIPS products or sandboxes a nice little test is opening their browser with the HIPS or sandbox enabled, and then opening their browser when such HIPS or sandbox software is not installed. Time it, and observe the difference - the slow down caused by the security software.

Finally, of course, there's the issue that not running as admin isn't even supposed to defeat malware. After all, you can still run software, even new software, without admin privileges, and that includes malware. But, what not running as admin will do is give you the most basic essential security measure of not giving everything that runs and everyone that uses the system absolute full control over the system. It's kind of like not giving every person you meet a copy of your car and home keys and not leaving the doors and windows wide open and unlocked. ;D That won't make your car and house burglar proof, but it sure will cut down on random people walking right in to steal your stuff.

-{ Quote: "On the other hand, there's always the factor that most "fool-proof" security programs cause slow down as well. Some also cause instability. For users of HIPS products or sandboxes a nice little test is opening their browser with the HIPS or sandbox enabled, and then opening their browser when such HIPS or sandbox software is not installed. Time it, and observe the difference - the slow down caused by the security software.
" }-

Good post Windchild, I want to add to this part because for me its not really about browser performance. I do tell a difference in overall gaming and multitasking and overall windows performance since my limited account runs basically identical to a new windows install. The more programs you install that require low level access and impact the Windows kernel the more stability and performance is impacted. I like keeping windows as stable and fast as a fresh install and is why i can take a 5 year old computer and run a game, a defrag, audio & recording program + other apps at the same time and have perfect performance & stability ie http://www.youtube.com/watch?v=SZx8YsvBPDQ

Several times I've used a friends computer with better specs than me but tons of programs that require low level access installed (ie Norton internet security, superantispyware, a regcleaner, a 3rd party defrag, plus 2-3 other scanners). Even if you disable those programs and launch a game or multi-task it is clear stability and performance is compromised when my ancient computer runs much better.

I used to run as admin in the past, even arguing against LUA. However since switching to Win7 I gave LUA another go and find now there is no need whatsoever to run as admin.

I always thought that a correct LUA could be all set up as admin - and then later changed to Lua. That is what is described by Tlu here; http://www.wilderssecurity.com/showpost.php?p=1167109&postcount=34

But then later in that same thread he states how that approach is wrong;
"Since your limited account used to be your old admin account there are still some unwanted remnants: If you check your permissions with the tool AccessEnum you will find that your limited account has write permission to at least some subfolders in c:\Windows and c:\Program Files - that's dangerous and contradicts the purpose of a LUA approach!"
http://www.wilderssecurity.com/showpost.php?p=1201866&postcount=146

Anyone that says that setting up a LUA is easy needs to read that headache of a post. Now that post was made in March of 2008 while XP has been here since Sept of 2002 ...... 6 years later and an advocate of this is still having to learn it? Ok, let that go - most here advocate LUA plus SRP and state that it is all native to Windows so no conflicts ----- but you have to add Surun to make it even minimally tolerable. So it hinges on Surun - let's look at that. Well right at the bottom of Suruns page is a long list of *fixed* bugs in the program - true they are fixed in the latest version, but they existed for a time. How do you know that just the very act of having Surun installed doesn't make you more susceptible to malware attack - the malware doesn't have to work around Windows or LUA or SRP - just Surun. Microsoft is continuously issuing patches against elevation of privileges attacks - how do you know that Surun isn't conflicting with some new patch or even corrupting it. It adds 'Run as Admin' to every menu you have ....

So all of that verses programs such as sandboxie and returnil (which do not slow your system down). And to post so high and mighty that anyone running admin is either insane or needlessly tweaking their system "for some unknown reason" - just look at the difference between Suruns page and the level of participation from Tzuk and Coldmon. I use common sense and pass.

-{ Quote: "but you have to add Surun to make it even minimally tolerable. " }-

You've got some fair points here but I think you need to distinguish between the different windows platforms. With Win7 you certainly don't need Surun. LUA runs just fine, and with no inconvenience, by itself.

Would I just run LUA by itself though? No way. Something like SBIE or DW will always be the primary armor. But with Win7 there is just no need to run as admin any more.

I thought Surun was a registry hack to enable SRP on home versions of windows? Regardless, that is a headache of a thread that I won't be reading and is probably why I don't know what Surun is. I use LUA and SRP without Surun and its completely tolerable, I only have to switch accounts to add/remove software. Games, downloads, office stuff, ripping dvd's, etc work fine under my LUA and thats about all I use my PC for really. Mechbgon has the best and most simple guide for LUA and SRP - http://www.mechbgon.com/build/security2.html#srp

I wouldn't install Surun. In the future I might weigh the pro's and cons of replacing a LUA with something like returnil/sandboxie/geswall. I've tested sandboxie which was probably more work than my limited account b/c I would turn off sandboxie before games, then on before browsing, and I'm a weird guy about background apps and apps that require low level access as I mentioned. If someone doesn't have those concerns that I do, I'd say geswall and other virualization apps are excellent solutions.

-{ Quote: "You've got some fair points here but I think you need to distinguish between the different windows platforms. With Win7 you certainly don't need Surun. LUA runs just fine, and with no inconvenience, by itself.

Would I just run LUA by itself though? No way. Something like SBIE or DW will always be the primary armor. But with Win7 there is just no need to run as admin any more." }-
Yes, I agree. I am speaking XP Pro. Win7 actually takes LUA into a level where it is much more the correct decision to run LUA.
If I were to run LUA, it would have to be just native Windows with SRP - and nothing else and it would have to follow the guidelines in Tlu's post 146. I just would appreciate it if those that are advocating it would also point out what the true pros and cons really are.

-{ Quote: "I thought Surun was a registry hack to enable SRP on home versions of windows? Regardless, that is a headache of a thread that I won't be reading and is probably why I don't know what Surun is. I use LUA and SRP without Surun and its completely tolerable, I only have to switch accounts to add/remove software. Games, downloads, office stuff, ripping dvd's, etc work fine under my LUA and thats about all I use my PC for really. Mechbgon has the best and most simple guide for LUA and SRP - http://www.mechbgon.com/build/security2.html#srp

I wouldn't install Surun. In the future I might weigh the pro's and cons of replacing a LUA with something like returnil/sandboxie/geswall. I've tested sandboxie which was probably more work than my limited account b/c I would turn off sandboxie before games, then on before browsing, and I'm a weird guy about background apps and apps that require low level access as I mentioned. If someone doesn't have those concerns that I do, I'd say geswall and other virualization apps are excellent solutions." }-
I believe the registry hack you are thinking of is to bring XP Home up to XP Pro - it is also somewhere in that long Tlu thread. So XP Home users have an even extra step. I guess the very first question on LUA should be "What is your OS?

-{ Quote: "Anyone that says that setting up a LUA is easy needs to read that headache of a post. Now that post was made in March of 2008 while XP has been here since Sept of 2002 ...... 6 years later and an advocate of this is still having to learn it? Ok, let that go - most here advocate LUA plus SRP and state that it is all native to Windows so no conflicts ----- but you have to add Surun to make it even minimally tolerable. So it hinges on Surun - let's look at that. Well right at the bottom of Suruns page is a long list of *fixed* bugs in the program - true they are fixed in the latest version, but they existed for a time. How do you know that just the very act of having Surun installed doesn't make you more susceptible to malware attack - the malware doesn't have to work around Windows or LUA or SRP - just Surun. Microsoft is continuously issuing patches against elevation of privileges attacks - how do you know that Surun isn't conflicting with some new patch or even corrupting it. It adds 'Run as Admin' to every menu you have ....

So all of that verses programs such as sandboxie and returnil (which do not slow your system down). And to post so high and mighty that anyone running admin is either insane or needlessly tweaking their system "for some unknown reason" - just look at the difference between Suruns page and the level of participation from Tzuk and Coldmon. I use common sense and pass." }-

Setting up LUA is easy. I've said it before and I'll continue to say it, based on quite a lot of experience. Posts on the internet don't really much change reality and perhaps should not be used to make too far-reaching conclusions on matters. Sure, you can make things difficult if you do things that cause permission issues, for example: if you change your admin account into a limited account, you may run into problems. Solution? If you want to set up LUA in an easy way, just create a new limited user account, don't change an old admin account into a limited user. That's it. That's all the setting up you need to do. Like with any new account, you'll have to customize the account's settings to your liking, of course. But if that takes long, you're doing something wrong.

As for SuRun being necessary, it's absolutely not necessary to use LUA comfortably. I've been running XP systems on LUA for quite a few years, and have never felt any need for anything like SuRun. And sure, as I've said before, if you install SuRun, you are adding more software to the system and also more vulnerabilities. So if you don't need it, don't install it - that's the rule of all software if you're looking to minimize the amount of vulnerabilities in your system. To use the average user, or even myself as an example, why would I need SuRun? Normally, I'm not doing anything that requires admin privileges, so SuRun is useless most of the time. And when I do want to, for example, install a new piece of software system-wide, why would I not simply log in as admin to do it? It takes a couple of seconds and saves me from having to install additional software like SuRun on the system...

High and mighty? Nah, just interested in practical reality, and, of course, security. LUA is a simple and essential security measure. Assuming one has any interest in security, it would be smart to run LUA. It would be even smarter to recommend the average user to run LUA instead of admin.

As for people who run as admin by choice, I don't recall anyone saying that they have to be either a) insane or b) just tweaking their systems for unknown reasons. There are entirely valid reasons to run as admin all the time, like for example if you just install a whole lot of software and hardware all the time. That's admin stuff, and for that, it makes sense to be admin. Some people, of course, just have different tastes. Maybe one is allergic to seeing "access denied" messages, and therefore always wants to run as admin. That can happen. But users who have any of these qualities really aren't the majority in my experience, and therefore the advice of don't run as admin is generally valid. Those people who feel they need to be admin can easily continue to be.

Finally, SRP. Really, SRP is in no way the same as LUA. They may make good bedfellows, but a lot of people that would want to run LUA would not want to run with a default-deny SRP. Even I - someone who is considerably more interested in computers than most people - have systems where a default-deny SRP would be completely unacceptable and detrimental to productivity. The fact that XP Home does not officially support (no GUI for configuring it) SRP really means nothing for LUA. LUA in XP Home works just fine without registry hacks or additional software. For some people, SRP may be a very useful addition on top of that - but not for everyone.

All in all, the pros and cons of LUA really aren't very complex. Pros? You don't have full control over the system, and neither does malware that might run. Cons? You don't have full control over the system, and if you or a program you run want to do something that requires it, you'll need to log in as admin one way or the other. Naturally, things get more complex as one adds poorly designed stuff in there. That's how it is with security software in general: product X is not compatible with product Y, will crash if installed on the same system, or behave strangely. When it comes to LUA, there's the issue of poorly coded software that assumes admin rights and fails to work properly without them. Solved easily enough just by not using such software. Then there's always the issue, as with all software, of how the operating system was installed and configured. One certainly can format all drives as FAT or have the PC manufacturer muck up the default file permissions, and then wonder why LUA seems to do nothing.

But, in any case, it's about time that people start seriously advocating LUA. Especially to the so called average user who doesn't have need to tweak the system or great loads of new software to install every day. In the Unix side of the pond people have understood the importance of not running as admin (or in their case, root) for a small eternity. It's no panacea, but it does make a great difference when it comes to security. For systems with multiple users it's even more important. Let the children infect their own account, if they can - at least they won't infect the entire system every time that happens, assuming their account is a limited one. For the majority of users, the pros of LUA outweigh the cons very easily indeed. And for those that feel more comfortable in an admin account, it's not like anyone is coming to take the admin accounts away. One can keep using the admin account if one desires. I would just hope one would not recommend that to other people, especially not to average users. Even more I hope that one would not recommend using some commercial security software while running as admin, over using the security features built into the OS you already paid for with possibly the free security software of your choice.

-{ Quote: "I've been running my Windows install as a non-admin user, but it's gotten to be too much of a pain, prompting me to switch to admin. Yeah, I know I shouldn't; but with RunAs not always doing its job, and no framework for privilege granting like sudo on *nix... It's just much easier to handle things as superuser.

So, for the rest of you guys running Windows... Do you run as admin, or as a restricted user?

- If you're on WinXP or older, and you're not running as admin - how do you handle it?

- If you're on Vista or 7 and you're running as admin - why?" }-


In xp sp3 I run as admin, too much intererence with AV, HIPS, FW, etc. I can recover and have never had an issue except when using OA's run safer feature. Never could get it to work for me.

On W7 it is kind of non important as W7 runs in LUA mode and then when a program needs to run in admin mode say CCleaner popup asks me and away I go, No problem.

So in OA on W7 run safer is no longer needed.

So on this poll I have to vote no and yes

You know, this would all make a lot more sense if it were pointed out more often that LUA does offer up a bit more in the way of options available to the owner of the computer. What I mean is this; When you first install XP Pro, you are set up as an Administrator. This never made a lot of sense to me as that account is basically the same as the 'real' Administrator account. Why not just be Administrator and be done with it. Anyway, from here the Administrator can tweak the permissions available to the users group. Heck, you can even deny 'write' access if you want. Now an new account can be setup, as a user, with those permissions that the Administrator has chosen. You can set it as 'Full Control' all the way down to 'Read Only' - and you can change those permissions later if you choose. So the grandkids are visiting? No problem, I'll just change the permissions to what I want those Grandkids to do ....
So that approach would offer up more options available to the owner. But I never hear that .... all I hear about is LUA as limiting to you, and some 'just in case' method of defeating 'behind the scenes' malware as you - the owner - are using the computer.

-{ Quote: "Setting up LUA is easy. I've said it before and I'll continue to say it, based on quite a lot of experience. Posts on the internet don't really much change reality and perhaps should not be used to make too far-reaching conclusions on matters. Sure, you can make things difficult if you do things that cause permission issues, for example: if you change your admin account into a limited account, you may run into problems. Solution? If you want to set up LUA in an easy way, just create a new limited user account, don't change an old admin account into a limited user. That's it. That's all the setting up you need to do. Like with any new account, you'll have to customize the account's settings to your liking, of course. But if that takes long, you're doing something wrong.
" }-

You are very convincing with your arguments and your posts are always well written and informative, thank you. Yes, there is a big difference between LUA and SRP, and after reading your post I've decided to give it a go and open a standard user account within my Vista Ultimate.

It was quick and painless mainly because nowadays I'm not running so many security applications as in the past. There are, however some odd things happening still and namely Google Chrome completely disappeared from my program list (Start/All programs) and from (Start/Control Panel/Programs), CCleaner disappeared from the program list but shows in the main list of installed programs. Apart from these 2 applications everything else somehow seems to work perfectly

-{ Quote: "As for SuRun being necessary, it's absolutely not necessary to use LUA comfortably." }-
For some using SuRun is more comfortable (or convenient) than having to switch to an admin account for admin tasks.

Its the same as Linux. Using sudo you can run admin tasks without having to switch to root.
-{ Quote: "And when I do want to, for example, install a new piece of software system-wide, why would I not simply log in as admin to do it? It takes a couple of seconds and saves me from having to install additional software like SuRun on the system..." }-
Alternatively, installing SuRun saves you from switching between admin and user accounts.

My computer is a laptop, but I never use it as a laptop. It has a tabletop workstation that it plugs into and the screen shows up on a larger desktop monitor. That is how I like it. I can unplug the laptop and take it with me, even if I don't plan to use it as a wireless computer, so that no one has a chance to even touch it if I am not home. All valid reasons for my usage. 99.9% of the time, it just slides in to its' receiver and you don't even see it. Sorta like the old 8-tracks in cars that slid in and out to protect against theft.

While I am in Admin (prior to creating any other accounts) I change the power settings from the default - which is set as a laptop - to "Always On". I also change the instruction on what to do when I close the lid, and what to do when I press the sleep button. I change these to "Do Nothing". I can not stand the computer going to 'sleep' - I prefer a screensaver as the comp springs to life much quicker than coming back from sleep. Also the setting for closing the lid is defaulted as "Turn Off". I also want this to "Do Nothing".

Anyway, I set all that up as the Administrator and create a new account as limited and log off and log on the new account. Of course now I am not allowed to change the power scheme, but it stands there as what the computer default had been - not what the Administrator just told the comp to do! So now to use the thing I have to leave the lid open, run a wire over to the desktop and set there on the computer with two screens showing (not too good for privacy from walk-bys). Also, heaven forbid I walk away for 10 minutes, as now the thing goes to sleep.

Now I understand that you wouldn't want users changing the power scheme - but why doesn't Windows take the new settings the Administrator just gave it? And how can I change it so I am comfortable without Surun?

Item 2; I am on the phone while on the computer making plans (remember we have lives too) and I merely want to know what day of the week March 17th is. I can look at the tray and see the time .. but I can glance at the wall clock for that. I can hoover the mouse and the tooltip will tell what today is. But as for what I want, I am not allowed. OK, so you don't want users changing the time - how about viewing the calander?

Now I am not trying anything out of the ordinary here, not installing rootkits and stuff, I am just setting things up. Lord help me if I want to create a new sandbox later....

And all for what?

No, It's not that - we are only talking theories here. I am just pointing out that it is not the slamdunk some make it out to be. And I am not about to start typing passwords to see my calander. ::) On sandboxes, I hear people worry all the time about sandbox-aware malware. They say that you can test something in the sandbox and it lies dormant, only to spring up at you when you install in on the real system. What about malware acquired while in a LUA? Not installed, just waiting for the account to become Admin, because the malware writer knows you will become Admin sooner or later. In a sandbox, all is flushed away from your session, and with Returnil things can be as they were before.

The reason you need Surun to do the things you need to do is that Windows (at least XP) is not LUA friendly. That is why the ownership isn't done correctly on the permissions - as Tlu points out. That is why I can not view the calander - let alone change things. Microsoft can recco a LUA till the cows come home but they have had 8 years and 3 Service Packs to take of of these little items in XP and they have not. They also could provide a Surun-like tool, as far as I know they have not. When I say 'not friendly, I mean in a behind the scenes way, more with file or permission corruption.

The entire premise (with XP) is built on a house of cards.

-{ Quote: "And with a Limited User Account and Software Restriction Policies, you simply do not need anything more apart from an on demand scanner, except if you are very paranoid. In this case, adding Sandboxie would be a very good option." }-
We can't have this thing going both ways here, I was posting about LUA plus SRP all along - as that is how I thought most were referring to. Then it got shifted to sandboxes vrs just LUA.

LUA plus SRP plus Surun is one level - analizing each one as a singularity is a far different thing than looking at the three as a total.

-{ Quote: "There are, however some odd things happening still and namely Google Chrome completely disappeared from my program list (Start/All programs) and from (Start/Control Panel/Programs), CCleaner disappeared from the program list but shows in the main list of installed programs. Apart from these 2 applications everything else somehow seems to work perfectly" }-

The issue here may be that some software installs only for one user, the current user, by default, instead of installing system-wide into Program Files. Google Chrome is one prominent example of software that installs by default only for the current user: it will install into the user profile folder of whatever account you use to execute the Chrome installer. This means that other users won't be able to access it, since users can only read their own profile folders. The downside to this is that if you install Chrome as admin with the default settings, only that admin account will see it, limited users will not. The good side is that you can execute the installer as a limited user and install Chrome for that limited user account, without needing admin privs to do that. (Incidentally, the latter is a case where a default-deny SRP would be a little problematic, as it would prevent the installer from even running in that limited user account.)

-{ Quote: "For some using SuRun is more comfortable (or convenient) than having to switch to an admin account for admin tasks.

Its the same as Linux. Using sudo you can run admin tasks without having to switch to root.

Alternatively, installing SuRun saves you from switching between admin and user accounts." }-

Sure, for some it is more comfortable. But necessary in general, for a majority of users? Absolutely not.

As for me, the choice is simple: less software on the system means less vulnerabilities in the software on the system, and considering that switching to an admin account to perform the random admin task I need to do is not a bother, I will not use SuRun or anything like it. In general, when it comes to security, solutions like Runas, SuRun or even sudo in Linux are less secure than simply logging out of your current account and then logging in as the account that has enough privileges to do what you need. But that's another discussion.

But, to summarize, it's not that I have anything against anyone running SuRun. If people like it and find it useful, good for them! Anything that makes one's use of the system more comfortable should be a good thing. Me, I just don't consider SuRun necessary for a comfortable LUA experience, since it, well, isn't necessary, and I don't like adding new software when I don't need it.


-{ Quote: "
Now I understand that you wouldn't want users changing the power scheme - but why doesn't Windows take the new settings the Administrator just gave it? And how can I change it so I am comfortable without Surun?" }-

The power management settings thing is less than optimal, indeed. I don't rightly use many laptops, so it doesn't bother me very often, but the issue surely is there. In XP. It has been corrected in less ancient versions of Windows. In XP, you could correct it by less than obvious methods, such as simply changing your limited user account into an admin temporarily, modifying the power management settings with your newly found admin privileges, and then changing the account back into a limited one. This would not cause permission issues with ownership. But, it's certainly not as smooth as it should be, and you should not do it if you suspect that you might have malware infections in your limited user account. Or, you could edit the registry as admin to simply give limited users permission to change power settings, if that's what you want. http://blogs.msdn.com/aaron_margosis/archive/2005/02/09/370263.aspx So, SuRun really isn't needed for this thing, either (and installing and configuring SuRun could take more time than any of those two workarounds for the power management issue).

But in any case, it's true that XP in particular has a few fairly stupid problems with LUA like this power management issue, although most users won't meet those problems much and those that do could find relatively quick solutions by the power of web search engines. :) All in all, those issues aren't something that I would consider so serious as to make the entire LUA experience less than comfortable or easy. As an example, on the system I'm currently writing this post on, I've not done anything to the power management settings - they're the same as they were when XP was first installed, there have been no changes by me at all, and no 'hacks' to get around the issue of LUA not having permission to change power options.

-{ Quote: "Item 2; I am on the phone while on the computer making plans (remember we have lives too) and I merely want to know what day of the week March 17th is. I can look at the tray and see the time .. but I can glance at the wall clock for that. I can hoover the mouse and the tooltip will tell what today is. But as for what I want, I am not allowed. OK, so you don't want users changing the time - how about viewing the calander?" }-

This is another XP funny business with LUA. In Microsoft's defense, maybe they were embarrassed about the calendar being so useless, and decided not to show it. ;D Assuming you don't use any email/calendar software that you could use to see what day of the week March 17th is, not being able to view the calendar in the Windows Date and Time applet can be a problem. Personally, I feel that the easiest workaround for this is simply using a real calendar software with much more functionality (I, for example, need such calendar software anyway to keep tabs on everything I need to do).

-{ Quote: "And all for what?" }-

For security, obviously. And for some strange choices in configuration by the MS devs. But obviously the main reason is security: running as LUA is safer than running as admin. As practically always, an increase in security does mean some kind of loss of convenience. For example, if you run LUA, you can't do admin stuff as easily as you can in an admin account - at the very least you'll have to give the admin password when prompted, or if you're very interested in security you have to actually log out or switch users. As another example, if you run some sandboxing security software, you have to put up with sandboxed software starting more slowly than before, and taking time to configure which programs run sandboxed and which do not, or when to empty the sandbox and what to recover from the sandbox to the real system, and so on. These are the kinds of tradeoffs that one has to deal with if one wants to increase security. As I always say, getting in your car or house would be easier if there were no keys needed, but then, that would be less secure. Most people can deal with these tradeoffs without feeling uncomfortable.

-{ Quote: "You know, this would all make a lot more sense if it were pointed out more often that LUA does offer up a bit more in the way of options available to the owner of the computer. What I mean is this; When you first install XP Pro, you are set up as an Administrator. This never made a lot of sense to me as that account is basically the same as the 'real' Administrator account. Why not just be Administrator and be done with it. Anyway, from here the Administrator can tweak the permissions available to the users group. Heck, you can even deny 'write' access if you want. Now an new account can be setup, as a user, with those permissions that the Administrator has chosen. You can set it as 'Full Control' all the way down to 'Read Only' - and you can change those permissions later if you choose. So the grandkids are visiting? No problem, I'll just change the permissions to what I want those Grandkids to do ....
So that approach would offer up more options available to the owner. But I never hear that .... all I hear about is LUA as limiting to you, and some 'just in case' method of defeating 'behind the scenes' malware as you - the owner - are using the computer." }-

As for the reason why a new admin account is created during installation, that's likely to be simply for better user experience. People generally like to customize things, preferring to use an account called "Dave" rather than "Administrator". Assuming their name is Dave, of course. ;D

Tweaking the permissions of various groups is less often mentioned than the most obvious benefits of LUA (like malware you run not being able to infect the entire system or your own user errors being unable to delete system files) simply because tweaking permissions is a lot more complex, and probably not something that the kind of user who didn't even know about LUA yesterday would be comfortable doing today. The learning curve of LUA is relatively easy, but the learning curve of understanding and configuring file permissions is much harder on you. It's not very difficult to be a little too click-happy with denying permissions, causing the entire system to be unusable. If one needs limitations beyond even those of a normal LUA, then such limitations are best created by creating either a new account or a new group, and modifying the permissions for that new account or group, instead of messing with what the Users group or other existing groups can do. There are group memberships that may seem a little "unexpected", and that can cause surprising problems to those who don't know much about group membership.

-{ Quote: "No, It's not that - we are only talking theories here. I am just pointing out that it is not the slamdunk some make it out to be. And I am not about to start typing passwords to see my calander. ::) On sandboxes, I hear people worry all the time about sandbox-aware malware. They say that you can test something in the sandbox and it lies dormant, only to spring up at you when you install in on the real system. What about malware acquired while in a LUA? Not installed, just waiting for the account to become Admin, because the malware writer knows you will become Admin sooner or later. In a sandbox, all is flushed away from your session, and with Returnil things can be as they were before." }-

Now this is just silly. LUA doesn't somehow "become admin sooner or later". Not if you use the account reasonably, anyway. In fact, if you use it reasonably, it never becomes admin, after the initial set up (during which you obviously shouldn't be surfing the web or launching untrusted executables...) As an example, the limited user account I'm using right now has never been admin, and never will be admin, not even for a second. As with sudo in Linux, it's entirely true however that if you enter an admin/root password while logged in as a less privileged user, there is a risk that software running inside that less privileged user account can capture the password and then use it to gain greater privileges. So, if you want maximal security, simply don't ever type the admin password anywhere when logged in as a limited user, and never elevate anything to admin privileges while you remain in the limited user's desktop. That's not hard to do. When you need to do admin stuff, simply use Fast User Switching, or log out traditionally and log in to the admin account to do what you need. Simple, easy, safe. Malware can't somehow magically jump from one account to the other. When you log out of the limited user account, and then log into the admin account, nothing that may have infected your limited account runs. The admin is a different account, with a different user profile and desktop and different everything. The only way any malware you have infected your LUA with is going to get admin rights is
1) You act stupidly and actually go and manually execute the malware when logged in as admin, that is to say, browse some folder where LUA can write, see a strange file there and then execute it. Smart move. ;D
Or...
2) The malware uses an unpatched privilege escalation vulnerability to gain admin privileges. This is like any software vulnerability, including those in security software that allow bypassing said security software, such as escaping the sandbox.

But yes, it's true that if you act foolishly LUA can be useless. For example, if you download malware into some folder, and then use Runas to execute the malware as admin, LUA didn't do you any good. But that's only because you did a very unwise thing that you should not have done. LUA can't protect anyone who knows the admin password from being foolish. Nothing can.

-{ Quote: "The reason you need Surun to do the things you need to do is that Windows (at least XP) is not LUA friendly. That is why the ownership isn't done correctly on the permissions - as Tlu points out." }-

I don't think you understand ownership quite correctly. There is no issue of ownership not being done correctly in Windows XP. Ownership is done exactly as it should be done. The problem is, instead, what the user is doing, and the user lacking understanding on how the operating system works: the user is changing the privileges of an account, and then getting all surprised when that account still remains the owner of files and folders it has previously created and thus become owner of. That is not surprising. That's how it's supposed to be. That is no mistake. The user simply does not understand how ownership works, if he expects changing an existing admin account into a limited user account would somehow strip the account of all its ownership to files it has created. That would be absurd... And of course, stuff like this is why people should keep things simple. Just create a new account, and you won't have any issues with ownership.

-{ Quote: "That is why I can not view the calander - let alone change things. Microsoft can recco a LUA till the cows come home but they have had 8 years and 3 Service Packs to take of of these little items in XP and they have not. They also could provide a Surun-like tool, as far as I know they have not. When I say 'not friendly, I mean in a behind the scenes way, more with file or permission corruption.

The entire premise (with XP) is built on a house of cards." }-

MS does not change XP because XP is an ancient operating system. Two major newer versions of the same line of systems (NT) have been released since. There's no reason why MS, being a business, would still make large modifications to XP and thus make its newer products seem less superior as compared to XP.

House of cards? Certainly not. LUA on XP is on very solid foundation - just as in Vista or 7. Instead of being a house of cards, a better comparison would be that LUA in XP is simply slightly rough around the edges, whereas in later versions it has been fully mirror-polished.

-{ Quote: "We can't have this thing going both ways here, I was posting about LUA plus SRP all along - as that is how I thought most were referring to. Then it got shifted to sandboxes vrs just LUA.

LUA plus SRP plus Surun is one level - analizing each one as a singularity is a far different thing than looking at the three as a total." }-

The title of this thread is "Do you run as Administrator?" The thread is not about SRP. It's simply about user accounts. Of course, threads live and topics change as people discuss. But LUA is useful without SRP, and SRP can actually be useful (slightly) without LUA, as well. And both are useful without SuRun. Most people who run LUA do it without SuRun.

But all that was on the long side, again.

-{ Quote: "The title of this thread is "Do you run as Administrator?" The thread is not about SRP. It's simply about user accounts. Of course, threads live and topics change as people discuss. But LUA is useful without SRP, and SRP can actually be useful (slightly) without LUA, as well. And both are useful without SuRun. Most people who run LUA do it without SuRun.

But all that was on the long side, again." }-Long but, as always, well worth the read.

I normally run LUA/SRP/SuRun and you hit the nail on its head - convenience and security are in tension. SuRun provides a convenience, and as an almost inexorable result, there's a decrease (of some level) with respect to security. That decrease may be large or it may be small, it really depends on the user, but it's there.

Too bad LUA is not the default in the Windows world, that would do more to convert people to an LUA frame of mind than anything else.

Blue

-{ Quote: "Too bad LUA is not the default in the Windows world, that would do more to convert people to an LUA frame of mind than anything else. " }-

Fully agreed. As long as MS defaults to creating admin accounts during the install of the OS, a vast number of people will keep running as admin, no matter how many people recommend LUA instead. The default configuration for any software is very important since so many people stick with it instead of making changes to improve security. Hopefully, MS will be brave enough to default to limited accounts instead of admin by the time Windows 7's successor comes around. UAC has already helped make a large part of the most popular Windows software fully LUA compatible, and as 7 takes market share from XP, that situation will only improve. By the time Windows 8 or whatever it will be named comes out, I don't think most home users would face compatibility problems with the software they run even if the default was to create limited user accounts instead of admin. Probably the same would be true for business, although there is a lot of legacy custom apps used that are really not made for LUA.

Windchild ... "Silly"? There you go with that high and mighty attitude again. You kool-aid drinkers always revert to that, every time. Your post is so laden with contradictions, and now XP is an "Ancient" system? That's it? LUA isn't great on XP ..... so its' the fault of XP? And as for staying on topic ... I can certainly read the title of this thread. Any discussion on LUA is destined to evolve into LUA + SRP and then logically to Surun. And yes I have tried Surun and I know about the shortcuts you can take with the passwords (to get back to where you were already btw), I was just emphasizing the point.

I would say limited user accounts are a fault of xp. to do pretty much any task in xp you have to use an admin account. To even look at the calander you have to use an admin account. wih vista and 7 its easy to use an admin account every single day. microsoft should force people to use limited user accounts. i think microsoft should sotp people from logging in to admin accounts and only allow admin rights by using UAC.

I use ventrilo to talk to people from a game I play. the only way i can use the standard push to talk button is to run the program with admin rights. if someone sends me a link it opens in internet explorer with admin rights.... for a start it should open in my default browser firefox but it must of been coded to use internet explorer. I posted on their forums but no one ever replied.

I am running Vista as an Administrator. I never even tried running as a limited user on Vista as it was such an annoyance when I used XP. DefenseWall and ShadowDefender keep me out of trouble these days.

-{ Quote: "
And as for you Windchild ... "Silly"? There you go with that high and mighty attitude again. You kool-aid drinkers always revert to that, every time. Your post is so laden with contradictions, and now XP is an "Ancient" system? That's it? LUA isn't great on XP ..... so its' the fault of XP? " }-

Yes, "silly". "Silly", because it's a clearly incorrect argument with absolutely nothing factual presented to support it. That makes it silly in my book. "Silly", as in "nonsensical". The argument seemed to be that malware could possibly jump from LUA to admin by waiting for the limited account to become admin, since the limited account would somehow mysteriously "become admin sooner or later". That is nonsensical, since LUA does not and should not become admin "sooner or later", unless the admin changes the privileges of the account for some reason. Or in other words, that's silly.

Personally, I find the "kool-aid drinker" claim a little more high and mighty than stating that an argument which is clearly factually incorrect is nonsensical - IOW, silly. But I guess such things are open to interpretation.

As for contradictions in my post, you can show me one if you wish, and I'll try to better explain what I was getting at with my statement.

But yes, XP is an ancient operating system. It's two major versions out of date, running on extended support and nearing ten years old. That is ancient in the world of software. LUA, if anyone asks me, works just great on XP for the purposes of security and actually using the system for productive work, but does have a few rather stupid issues that while not showstoppers in any way can be annoying if you actually ever meet them. And yes, those issues obviously are the fault of XP, or rather the developers of XP, but that's close enough for me. But before I digress, ancient certainly doesn't need to mean "bad" or "poor". XP works for me for many tasks even still. And actually, the even more ancient Windows 2000 would work, too.

-{ Quote: ""Silly", as in "nonsensical". The argument seemed to be that malware could possibly jump from LUA to admin by waiting for the limited account to become admin, since the limited account would somehow mysteriously "become admin sooner or later". That is nonsensical, since LUA does not and should not become admin "sooner or later", unless the admin changes the privileges of the account for some reason. Or in other words, that's silly." }-

-{ Quote: "In XP, you could correct it by less than obvious methods, such as simply changing your limited user account into an admin temporarily, modifying the power management settings with your newly found admin privileges, and then changing the account back into a limited one." }-
This is what I am referring to. So it becomes Admin for a time - malware only needs an instant. And everyone does that, and they also do it with Surun. Of course I do not mean that somehow by magic, an account changes.

Two full systems since XP, that's right. On the first - Vista - I have never seen such an outcry from the buying public. On mass, companies and individuals stated that they were not going to switch off XP. As for Win7, well that is brand new. But to prove your point XP 'needs' to be portrayed as "ancient". XP when run as Admin is probably the best OS ever invented. But you would advocate throwing that away and having it become "rough around the edges" by running it as LUA. That is the kool-aid talking, as there exists today lightweight programs such as sandboxie and returnil to keep your computer pristine.

-{ Quote: "This is what I am referring to. So it becomes Admin for a time - malware only needs an instant. And everyone does that, and they also do it with Surun. Of course I do not mean that somehow by magic, an account changes." }-

Well, you missed my point there, but perhaps I should have emphasized said point even more in my earlier post. But let's go back to that post of mine that you just quoted and read on. You left out a rather important part of that paragraph of mine that you quoted. I said this:

-{ Quote: "
In XP, you could correct it by less than obvious methods, such as simply changing your limited user account into an admin temporarily, modifying the power management settings with your newly found admin privileges, and then changing the account back into a limited one. This would not cause permission issues with ownership. But, it's certainly not as smooth as it should be, and you should not do it if you suspect that you might have malware infections in your limited user account." }-

Notice that part that I bolded just now for further emphasis? I think the meaning is pretty clear: if you suspect you might have malware in your limited user account, then obviously you should not give that limited user account admin privileges, even temporarily! If you give an infected account admin privileges, then sure, you'll give the malware admin privileges as well. So, just don't do that.

It's really quite simple. The assumption is that we're starting from a clean system that is not infected with malware. If we assume the system is already infected to begin with, then the whole exercise becomes pointless, because we'll be talking of a system that is already infected getting infected again, and that would be a fairly pointless discussion, considering that nothing much would change - the system was owned all along, and the new infection would not change that. If you have a clean system when you start creating your new limited user account, then there's no problem. Just configure your limited account to your liking, and if you meet power management issues, change the limited account to admin temporarily if you want, and then change it back once you're done with the power options. Malware won't magically appear on the system. If you know you're going to change that limited account into an admin temporarily, for heaven's sake don't use that limited account to do potentially dangerous things that can get you infected, like executing untrusted files or browsing random web sites, until you have done with the admin change and have returned the account to being a limited account for the rest of its life. ;D If you manage to avoid doing such things, then there isn't any issue, because there won't be any malware in your limited account. This stuff really isn't that hard or complicated. If you haven't done anything with the account that could get it infected, then there's no problem and no malware will infect your system if you change your limited account to admin temporarily. If you have done something with the account that could get it infected, like execute untrusted files or browse untrusted web sites, and you don't know whether the account is clean or not, then simply don't change the account into admin, or you will risk also giving any possible malware admin privileges. If you have just created the account on a clean system and haven't used it to browse the web or execute untrusted files or run public web servers and so on, then there's no risk of the account having become mysteriously infected. If you have an old limited account that you've done all sorts of things with and you're not sure whether it's infected with something, then you need to decide whether or not you want to take a chance: if the account really is infected and you change it to admin, you've just owned yourself. If you ask me, you obviously should not give suspect accounts admin privileges, but people don't always listen to what I say. ;D

Really, pretty much the whole idea of this separation of superusers (admin) and normal unprivileged users (LUA) business is that you should use the admin accounts only for admin stuff, and leave the dangerous stuff dealing with untrusted files or daily use that doesn't need admin access to LUA. If you do something in LUA that could get it infected, then you should never change that account into an admin one. If you do, you have only yourself to blame for breaking the rules. I don't know what more to say on that subject.

-{ Quote: "Two full systems since XP, that's right. On the first - Vista - I have never seen such an outcry from the buying public. On mass, companies and individuals stated that they were not going to switch off XP. As for Win7, well that is brand new. But to prove your point XP 'needs' to be portrayed as "ancient". XP when run as Admin is probably the best OS ever invented. But you would advocate throwing that away and having it become "rough around the edges" by running it as LUA. That is the kool-aid talking, as there exists today lightweight programs such as sandboxie and returnil to keep your computer pristine." }-

I really don't see what any outcries against Vista have to do with how old XP is or how many new major versions of the same line of operating systems have been released after XP. Talk don't change reality.

XP doesn't "need" to be ancient, and certainly not to somehow prove my point. But neither my words nor yours will change the fact that XP is very old, so old that most operating systems as old as it is are completely unsupported by the developer. Find me a couple other operating systems as old as XP or 2000 that are still supported by the developer. Guess why the devs don't support operating systems that are so old? Because they're ancient, that's why, and the devs have released tons of new and possibly even improved products since then that they want to sell you and therefore they don't want to spend their resources on supporting a very old version of their product. We could sit here and argue for days about how you feel about XP or how I feel, but none of that would change how old the OS is, or how many improvements from newer releases it lacks. But since there seems to be an emotional tangent in the discussion, let me make my opinion clear: I like XP, and have used it for many years. Many years, as LUA, on many systems, but some systems also as admin for many years. I think it's one of the better operating systems, giving a reasonable balance of security and convenience, when configured properly. I'm not someone who runs around the web yelling at people and urging them to upgrade to Vista or 7. Stick with what works best for you: if you like XP, and don't feel a need for newer versions, then stick with XP for as long as you like. How could there be anything wrong with that? The reason I even mentioned that XP is ancient was to point out that problems with power management for example aren't a general rule of how things are supposed to be in LUA, but rather just an issue with XP in particular, and such issues have been corrected in newer versions of NT.

If you like to run XP as admin, then do so. Who's stopping you? Not I. What I'm doing is simply making a general recommendation to people: it's safer to run as LUA, so you should probably do it, unless you really know what you're doing and want to run as admin. I certainly consider XP when run as admin to be rough around the edges, quite like LUA in XP is rough around the edges, even though XP is a good OS. As a good example of that roughness you would see when running XP as admin, the default settings for many things in XP are simply bad - rough around the edges, and require manual polish by the user, for even such things as actually seeing file extensions and hidden files in Explorer... That doesn't stop me from liking and using XP and considering it comfortable. My aim is certainly not to advocate throwing away something you love and replacing it with something less nice. Instead, my aim is to make folks at least consider that they replace something that is less secure with something that is more secure.

As far as kool-aid talking, I find it fairly ironic that when I advocate the use of security features already included in the operating system that people have paid for, I get accused of drinking the kool-aid by someone who advocates commercial security software like Sandboxie or Returnil. ;D Why is it that advocating a built-in security feature of the OS is drinking the kool-aid, but advocating a third party commercial security software somehow is not? But stuff happens. I would wish people could be less emotional and more concentrated on the facts, however. The fact that some people advocate LUA really isn't going to take away your freedom to run as admin or use commercial security software. If we approach the subject rationally, how exactly can we avoid coming to the conclusion that making people more aware of LUA is a good thing? LUA is free, it requires no extra software, and it has a serious security impact. Why shouldn't I advocate that to people who have trouble with malware and other security and stability issues? Really, my goal is not to get anyone to surrender their security software and start relying blindly on LUA alone. My goal is simply to make people more aware of something that does not require yet another purchase and install of new software and still can vastly improve security. I think people have had worse desires. ;D

-{ Quote: "- malware only needs an instant. And everyone does that, and they also do it with Surun." }-

The translation is a bit rough around the edges, but it does not seem Surun turns the entire LUA into an administrative account.

http://translate.google.com/translate?u=http%3A%2F%2Fkay-bruns.de%2Fwp%2Fsoftware%2Fsurun%2F&langpair=de|en&hl=de&safe=active&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools

BTW, I run as LUA. For the first couple years using XP pro, as power user (customized restrictions, rights), then the last few as LUA. LUA also with Vista and now Win 7. Linux has a nice warning about running as sudo :)

-{ Quote: "We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility." }-

I think about the only thing on my LUA account that I do use Surun for is to defrag. And about the only time I switch over to my Admin account is to do updates. I only started to run a LUA account after reading all the excellent write ups about it on here and was reluctant at first with it but after running with a LUA account for a while I got used to it and it's no bother now.
I will admit when I set things up I did it as an Administrator level account and did the switch so I could get all the programs I wanted to use installed. It might not be the best way but was a little easier to do and I haven't run into problems.

-{ Quote: "This is what I am referring to. So it becomes Admin for a time - malware only needs an instant. And everyone does that, and they also do it with Surun. Of course I do not mean that somehow by magic, an account changes." }-

Pretty big reach to say everyone does that, I know I haven't. When I setup a new system I install all the apps I need as admin. Then create a new account with admin priv's and turn the account previously tweaked/setup the way I like to limited and keep it that way permanently. Then browse, game, dl, everything off that account and log into my admin when needed to add/remove apps or defrag. For some reason someone did want to change their LUA to admin they should of course scan the system first. Realisically, you won't have dormant malware laying around because you should scan your system regularly.

Regarding XP, it is ancient in software years but still very stable, secure, and not obsolete IMO. Why would schools/companies shell out $ for new OS, hardware, troubleshooting, etc when XP isn't broke? No reason. XP pro configured as LUA with SRP is the default configuration of corporations and universities even though its nearly 10 years old. Every corporation/univerisity I have been a part of has their systems set up this way. Its a testament to the functionality/security of LUA with SRP. My .02

In the context of the conversation at the time of my comment - we were discussing creating a LUA account and working from there. Not tweaking an Admin account and changing in to LUA. So "Everyone" was said in that framework.

-{ Quote: "In the context of the conversation at the time of my comment - we were discussing creating a LUA account and working from there. Not tweaking an Admin account and changing in to LUA. So "Everyone" was said in that framework." }-

Well, even in that case, not everyone does anything to the power management settings, or change their LUA temporarily to admin. I know quite a lot of people, including myself, that don't necessarily do that on their systems. But even those that do can easily avoid any malware jumping from LUA to admin simply by using their brains: if you've done something with the limited account that could get it infected, then don't change it to admin. If you haven't done anything risky with the account, then you don't need to worry. It's that simple.

Well, around these parts, "Everyone" should be running LUA. And there is *ABSOLUTELY* no reason not to. And there is *ABSOLUTELY* no ill effects on any OS that exists, and no matter the usage.

Bottom line - I set the settings for 'Power Options' as an Administrator. I created a new account as LUA. Those changed settings were *not* carried over. Some other hand was at work. It was the OS itself using the default setting. Now there are millions of settings ...

-{ Quote: "Well, around these parts, "Everyone" should be running LUA. And there is *ABSOLUTELY* no reason not to. And there is *ABSOLUTELY* no ill effects on any OS that exists, and no matter the usage." }-

That's a straw man, actually. I don't recall people around these parts saying that everyone should be running LUA and that there is absolutely no reason not to do so. Quite obviously, as I've stated numerous times and as others have, LUA is unsuited to someone who does things that require admin rights all the time, such as run legacy software that just bloody well refuses to work in LUA or install new software and hardware all the time. People who do such things constantly would likely be better off just being logged in as admin all the time. As for ill effects, it's not a term I would use. Instead, I'd say that as with any software configuration there are always pros and cons, and nearly always some kind of minor nuisances that fortunately most often have easy workarounds. And then there's of course the fact that people have different standards for comfort and ease of use. For example, to me, not being able to view the Date and Time applet in LUA is a non-issue, since I constantly use actual, real calendar software for time management. For someone else, not being able to view the Date and Time applet could be downright horrifying. Tastes differ, and all. But as I can only speak for myself, that's exactly what I'll do, and make the obvious recommendation that since the improvement in security caused by running LUA far outweighs the cons of running as LUA, running as LUA would be a good idea to most people. Even with XP. To pretty much everyone I personally know, it's quite comfortable, even with the funny business XP does with a few settings.

-{ Quote: "Bottom line - I set the settings for 'Power Options' as an Administrator. I created a new account as LUA. Those changed settings were *not* carried over. Some other hand was at work. It was the OS itself using the default setting. Now there are millions of settings ..." }-

Yes, it was XP defaulting the new account to XP's default power management settings, and then the new account won't have privileges to change the settings. That's what XP does. It's not smart, but it's what XP does. Later versions do not. That's why I called XP ancient - it is, and newer versions have some fixes to old XP nuisances. Fortunately, there are workarounds for those issues on XP, such as the simple registry edit to give users rights to edit their own power management settings.

And sure, there are many settings. But only a handful of them have any of these funny XP issues. The fact that tons of settings exist isn't a ton of problems if and when you only have trouble with a small number of those settings. You've mentioned trouble with power management and the Date and Time applet. Some workarounds for those have been discussed. If you have trouble with any other settings, even millions of them, just tell us about it, and you're likely to get some workarounds to fix said trouble, if you wish. But it's all been discussed before: the LUA issues in XP are well known, and no wonder, since XP has been around so long.

Of course, now some will say that tweaking stuff like this is horribly difficult and comfortable. Well, to some it might be. But when it comes to security measures or security software, it's seldom the case that you can get away with not doing any changes in the configuration. There's lots of installing and configuring that needs to be done for light virtualization or sandboxing apps, for example, and some people don't seem to consider that too much to handle. In some cases, you may have to do more tweaking than in others. In XP, you may have to do some tweaking to get the power options and Date and Time applet working like you want, assuming that you're not satisfied with the default - many are satisfied with it, actually I'd say most of those people who use LUA that I know personally. In Vista or 7, you don't have to tweak those things. Progress. It's great. :) And freedom is great, too. If you consider the issues in XP to be too much, it's not like anyone is stopping you from just doing what you've done until now.

-{ Quote: "That's a straw man, actually. I don't recall people around these parts saying that everyone should be running LUA and that there is absolutely no reason not to do so." }-
Your very first line in this thread "Do You run as Administrator?"
No, I don't. Of course I don't. Note the 'of course'. Later you are "Flabbergasted" that a user has a different way of doing things. But this is petty.
You are right; Vista and Win7 have come along since XP. Both of those systems made significant progress regarding LUA. Is it really that silly to think that a system that existed before those two would be somewhat less than perfect in regards to handling LUA? I point out a couple of items to show what I am referring to, and the response is an answer on how to solve that specific item. Of course I know how to get to my power scheme and calendar - that never was the point. Some software doesn't install properly in XP LUA. You can assume it is poorly coded - it may not be, it may be the fault of something amiss in XP. XP is (right now) probably the most used system worldwide, and there are none of these issues in Admin. There are ways to keep your computer clean (I mention returnil and sandboxie). True they are 3rd party. 3rd party to make up for a lacking in the OS in regards to LUA. You can switch the product to Windows Steady State if you like. The point remains the same.

Even here (after 8 years) there is disagreement on how to even set up a LUA. Making your settings as Admin and then switching to LUA? Well, Tlu cautions against that;
http://www.wilderssecurity.com/showpost.php?p=1201866&postcount=146

Starting it as LUA and keeping it that way? That's fine, if you are limiting other users of the computer. We are talking about the owner of the computer. It is unreasonable to expect a good portion of people who are owners of the computer to create a LUA, and stay in it forever. (You have already lost the malware war at that point). It is perfectly reasonable to have them run Surun. But there are potential problems there as well.

It is reasonable when asked what to do about LUA if the answer is to purchase WIN7 so as not to be ancient. It is not reasonable to pontificate to an XP user that is making a perfectly legitimate decision to run as Admin, and cover his vulnerabilities in some other fashion - other than LUA.

The first account created during setup should be Administrator and left alone - never to be changed to LUA. Any and all subsequent accounts created should be LUA - never to be changed to Administrator. Only once, a long time ago, did I try messing around with the admin account in XP and doing so absolutely f@#$%! the system over. There is a lot more flexibility with Pro, of course, where one can disable simple file sharing and if they know what they're doing, can created power user accounts with customized privileges on chosen directories.

-{ Quote: "The first account created during setup should be Administrator and left alone - never to be changed to LUA. Any and all subsequent accounts created should be LUA - never to be changed to Administrator." }-
Those words need to be etched in stone somewhere. :thumb:

-{ Quote: "Your very first line in this thread "Do You run as Administrator?"
No, I don't. Of course I don't. Note the 'of course'. Later you are "Flabbergasted" that a user has a different way of doing things. But this is petty." }-

I don't think it's petty, just an unfortunate misunderstanding caused by you reading far, far too much into my statement, and then assuming my words meant something that they did not actually say. Let me explain it as best as I can. The title of this thread was a question. Posters then answered that question. I answered it like many others. When I say "No, I don't. Of course I don't." it means just that: "No, I don't. Of course I don't." It's a personal statement about what I do, given when asked about it. It doesn't say and it doesn't mean that "No, I don't, and neither should anyone else in the whole wide world." It clearly does not say "everyone should always run as LUA and there is absolutely no reason not to run as LUA". Not in the kind of English I was taught, anyway. But from this one "of course I don't" you made the rather fantastic assumption that I was somehow saying that absolutely everyone in the world should do what I do with no reason to act otherwise. I don't know if you've read my posts much in this forum, but I've been talking about LUA a lot. It would be strange if after all that talk I still did not run as LUA. Then there's also that running as LUA is clearly safer than running as admin, assuming we're just talking about the virtues of different user accounts like the subject of the thread suggests, instead of different security software configurations. So, when asked whether I run as admin, of course I will answer that "of course I don't." :) Another way to put it would have been: "After all my talk about LUA, what do you guys think? Of course I don't run as admin! ;D LUA is safer, like I've always said." I even put one of my usual "what LUA can do for you" rants in my first post of this thread, to explain why I run as LUA. But, nowhere did that post say that everyone should run as LUA and there's no reason for anyone to run as admin.

As for me being flabbergasted about someone else doing things differently from what I do, that seems to be another misunderstanding caused this time by, I don't know, maybe just not reading my post completely. That can happen, as I have a pretty tedious and long style of writing. But I'll try to explain, again. I was not flabbergasted by the fact that another poster didn't run as LUA or had a different way of doing things than I do. To be flabbergasted by that would be, well, entirely silly, considering that everyone in the security community knows most Windows users don't run as LUA and I certainly know most people don't do things like I do. If you read that post of mine, you'll see that I was actually flabbergasted about the poster considering LUA too much of a pain to use, while using so much security software that according to his own words he even has to "unblock consciously even zip files" before he can open them. In other words, I was flabbergasted that he considers LUA too much of a pain to use while he then actually chooses to use something that's arguably even more of a pain and without any room for argument a pain in any case. ;D I was flabbergasted by the poster implying that LUA is more of a pain than a security software jungle where you have to "unblock" even zip files before you can use them. In my experience, there are good reasons to not run as LUA in some situations, like when you install a ton of software all the time. However, I don't think "LUA is a pain as compared to a security software config where I have to unblock even zip files to open them" is one of the good reasons, and I was flabbergasted someone else thought it was.

Hopefully, that explains decently well what I was trying to convey in my first post.

-{ Quote: "
You are right; Vista and Win7 have come along since XP. Both of those systems made significant progress regarding LUA. Is it really that silly to think that a system that existed before those two would be somewhat less than perfect in regards to handling LUA?" }-

Oh no, it's not silly at all. XP certainly is less than perfect in regards to LUA and pretty much everything else, too. And Vista and 7 are less than perfect, too, although they do have improvements over XP when it comes to LUA, and some other things. I just don't expect perfection or even anywhere near perfection from software. I'm okay with "works well enough to be comfortable and reasonably efficient". LUA in XP already achieves that by my standards, and the standards of some other folks, too. Obviously, some have different standards and they may be unsatisfied by things that are good enough for me.

-{ Quote: "I point out a couple of items to show what I am referring to, and the response is an answer on how to solve that specific item. Of course I know how to get to my power scheme and calendar - that never was the point. Some software doesn't install properly in XP LUA. You can assume it is poorly coded - it may not be, it may be the fault of something amiss in XP. XP is (right now) probably the most used system worldwide, and there are none of these issues in Admin." }-

So far, I've not seen even one case out of literally thousands where it would be somehow the fault of XP that software doesn't install properly in LUA. In every case I've seen it's always been the fault of the third party software (or very old MS software made for 9x) that was never designed to work with limited user accounts. But if you know of a different case where XP was somehow at fault, let me know. It would be interesting to say the least. Some software doesn't install, or even run properly after being installed by an admin, in any LUA, including XP, Vista, 7, and so on. That's not the fault of XP. That's the fault of said software being coded to assume it always has admin rights, that is to say, being poorly coded, or coded so that it's not quite compatible with the NT security model. This has been a huge problem - tons of poorly coded software out there that was made like it was going to run on Win 9x, completely ignoring how things are supposed to be done on NT. That's common knowledge to developers and support personnel alike. My solution to that is rather brutal but effective: I just choose not to run software that is coded like it was made for a DOS-based Windows 9x. If the devs can't follow the NT security model, who knows what other security issues their software will have.

-{ Quote: "There are ways to keep your computer clean (I mention returnil and sandboxie). True they are 3rd party. 3rd party to make up for a lacking in the OS in regards to LUA. You can switch the product to Windows Steady State if you like. The point remains the same." }-

As I've said before, LUA isn't a magical replacement for all security software. It's simply one of the essential, very much basic security measures one can take. To recommend LUA is not to recommend surrendering any and all security software. In fact, most people should not surrender all security software on Windows whether they run LUA or not. That's rather why I have trouble with the kool-aid drinker label, considering that I simply advocate reason. LUA is quite a bit less intrusive than something like Steady State, for example. Quite a few people in the world don't want their computer refusing to stick with changes and returning to a previous state on every reboot, even only partially. For me, example, that would be utterly counterproductive and a huge waste of time. Quite like LUA isn't for everyone, neither is pretty much any security software. The good thing about LUA is that it can fit most security policies rather well and even improve the effectiveness of many security software, like the ubiquitous AV.

-{ Quote: "Even here (after 8 years) there is disagreement on how to even set up a LUA. Making your settings as Admin and then switching to LUA? Well, Tlu cautions against that;
http://www.wilderssecurity.com/showpost.php?p=1201866&postcount=146" }-

Yes, well, people on the internet disagree about nearly everything. Of course tons of users interacting with completely different levels of knowledge and completely different needs will not reach a consensus easily. People should sometimes rely more on the developer's documentation than on what people in the web say. The developers might sometimes know their own software better. There's always common sense, too, if one doesn't want to RTM or considers the documentation inadequate in some way. If one wants to create a new limited user account, then the most logical way to do that is by creating a new limited user account - not changing an existing admin account into a limited user account, not creating a new admin account and doing stuff with it before changing it to a limited account, or anything else. What wat0114 posted is a pretty good general guideline, although you may sometimes face a rareish situation where you would want to create a new admin account, too. But the general rule is pretty obvious if one considers the security implications:
1) if you want to create a new admin account, create a new admin account - don't create a limited user account and then change that to admin, as that would be just weird and inefficient
2) if you want to create a new limited user account, create a new limited user account - don't change old admin accounts to limited accounts or anything like that, unless you really have a good reason and can deal with the issues that may follow
3) do not change existing limited user accounts into admins, ever, not ever, unless you really, really have a good reason and are absolutely confident that the account is not infected with anything you don't want to give admin rights to.

The idea is to keep the admin and the limited users separate.

-{ Quote: "It is reasonable when asked what to do about LUA if the answer is to purchase WIN7 so as not to be ancient. It is not reasonable to pontificate to an XP user that is making a perfectly legitimate decision to run as Admin, and cover his vulnerabilities in some other fashion - other than LUA." }-

I'm not here to pontificate. I'm here to point out a few facts and to express my personal opinion where it makes sense to express it. My first reply to you in this thread was to correct what seemed to be misunderstandings about LUA. You were talking about least privilege and limited user accounts based on a Wikipedia article linked to by another poster. The Wikipedia article was pondering about how impossible it is to achieve perfection in least privilege and how therefore true least privilege is impossible. You then stated you do not want a situation where every single action is scrutinized as to what privilege has been granted. The problem with that is, practically no-one is trying to achieve perfection in least privilege, just something that works in practical reality, offering reasonable limitations and improving security, while allowing convenient use of the system for normal daily use. Problem is, when you use a limited user account, as I said before, your every single action is not scrutinized as to what privilege has been granted, as if there were tons of various different sets of privileges granted to various actions when you run as LUA - instead, everything you do in LUA happens with your one set of limited user privileges, except if you have the admin password and use it to elevate something to admin, in which case that will happen with admin privileges, or if you consider the few integrity levels introduced in versions later than XP as being some sort of problematic scrutiny on every action that only happens in LUA, which they're of course not. There's no massively complex, slow, intrusive scrutiny on every "action". Instead, there are simply privileges assigned to users/groups, and then a couple of integrity levels (after XP) assigned to securable objects like processes. And all of this happens when logged in as admin, too. It's a feature of the security model of the OS, not something that somehow only happens in LUA. When you're admin, it's simply that instead of LUA privileges, you have admin privileges - but the checking for those privileges is still there, and integrity levels work just the same as in LUA. Then, I spoke about how LUA does not much slow down anyone except those users who constantly do things to the system that require admin privileges, like install software system-wide, and how security software on the other hand can cause slow down even in such things as launching a browser. That's not pontification. It's just stating how stuff works. My later replies to you were more of that same.

As I said, I wish people could be less emotional. I'm not trying to get you (meaning anyone) to surrender your security software - perish the thought. I'm not trying to call you (meaning anyone who does not run LUA) a fool for not running LUA. I'm simply trying to advocate a free but effective security measure that's included in the OS and will also help the effectiveness of many security software products. If you (anyone) don't like LUA and have other policies that fit you better, congratulations, that's good for you. There are still other people in the world that could benefit from LUA, and some of them might even read one of my posts and try it. That's my idea here.

-{ Quote: "I'm not here to pontificate." }- Yes you are, obviously. That is why you stated "Oh course I don't". You knew that there is no way most XP users can be comfortable in a "pure" LUA envirment. But you were counting on what happens normally... that most readers either didn't realize or didn't care to engage. Just look at your sig for geez sakes.

I will tell you something ... You did not invent Windows or LUA. We all know what LUA is and how it can very adeptly be used as a security measure. We all know that Win7 is out and some of us are using it already. Soon, probably most of us will be. And at that time most of us will be using LUA and be comfortable with it. We don't need you to "bring us the news". Paragraph after unending paragraph. It is pontificating ... and it is kool-aid.

On that note, out of respect for our other forum members and the moderators, I will end my participation on this matter. I just hope that perhaps some news ways of looking at LUA were brought forth by both of us.

-{ Quote: "Yes you are, obviously." }-

I'm not entirely sure it's up to you to decide that. For the record, my opinion is that I'm just talking about a subject that's pretty much on topic in this thread, in a manner that's more concentrated on known (and even obvious) facts than how to make it all sound nice.

-{ Quote: "That is why you stated "Oh course I don't". You knew that there is no way most XP users can be comfortable in a "pure" LUA envirment. But you were counting on what happens normally... that most readers either didn't realize or didn't care to engage. Just look at your sig for geez sakes." }-

Again with the fantastic assumptions! ;D I wasn't counting on anything except perhaps my freedom to answer a question asked in an open thread. I know that most XP users don't run LUA. I also know that many users can be comfortable in LUA, in XP. I don't know about most. I don't know most people, but assuming most people don't do admin stuff all the time, there's a pretty good chance they could be comfortable in LUA, in XP. So, why should I not say that I of course don't run as admin, because LUA does good things X and Y and Z? Because you think it's kool-aid? Well, I'm afraid that's not a good enough reason for me. As for my sig for geez sakes, that's a joke, referring to an earlier discussion I had with some other nice folks on this board. So, again, you're reading far too much into things.

-{ Quote: "I will tell you something ... You did not invent Windows or LUA." }-

Thanks, I didn't know that. But hey, you live and you learn. However, I somehow forgot the part where I claimed I invented Windows or LUA. But then again, age can make the mind forget all kinds of things. ;D

-{ Quote: "We all know what LUA is and how it can very adeptly be used as a security measure. We all know that Win7 is out and some of us are using it already. Soon, probably most of us will be. And at that time most of us will be using LUA and be comfortable with it. We don't need you to "bring us the news". Paragraph after unending paragraph. It is pontificating ... and it is kool-aid." }-

Unfortunately I missed the part in the forum rules where it says talking about LUA is pontificating kool-aid and generally looked down upon. I'm not bringing any news, I'm just engaging in discussion about pretty common computer security topics, blissfully unaware of the fact that speaking about LUA is kool-aid but speaking about third party security software is not. This security forum is full of people who know what (enter security software name here, say Sandboxie or Returnil) is and how it can be used as a security measure. And yet, people discuss said security software paragraph after unending paragraph, thread after thread, year after year, and it never ends, and in thread after thread such security software is recommended as a solution for this problem and that. And they don't get told by you that what they're doing is pontificating kool-aid. Perhaps there's a slight bias here.

-{ Quote: "I just hope that perhaps some news ways of looking at LUA were brought forth by both of us." }-

Probably not, considering that the topic of LUA as well as pretty much any current security measure has been talked nearly to death already all over the web. But I will say that the part where you brought up the theoretical obstacles and limitations to achieving perfect least privilege, as if Windows limited user accounts were even attempting perfect least privilege, was slightly novel - you don't often hear that being used as an argument against LUA. ;D

-{ Quote: "I just hope that perhaps some news ways of looking at LUA were brought forth by both of us." }-

fruitful discussion for me and here is how. I really liked how I had everything setup, had no background programs, my 3 year old XP Pro installation was running as if I installed it yesterday.

It probably was secure but not as much as I thought after reading tlu's post that you linked
http://www.wilderssecurity.com/showpost.php?p=1201866&postcount=146

tlu says "But there is one disadvantage: Since your limited account used to be your old admin account there are still some unwanted remnants: If you check your permissions with the tool AccessEnum you will find that your limited account has write permission to at least some subfolders in c:\Windows and c:\Program Files - that's dangerous and contradicts the purpose of a LUA approach!"

After reading this post I ran AccessEnum. Since my LUA was initially admin account, my LUA had write access to approx 50% of the subdirectories in C:/ and Program Files directories. Apparently when I previously tested this I didn't test writing in any of those sub directories.

To make the story longer, since I keep everything I need backed up I deleted this account and created a new LUA. I initially installed my ethernet adapter in the LUA I deleted and had internet problems so I said screw it since it was a 3-4 year old XP pro install anyways. The story gets even longer because after reformatting I didn't want to connect to the internet because my XP Pro disk is so old it has IE6 on it but I won't even go into that topic.

Tweaking an account to your liking then switching it to LUA has always been the convenient way for me. I still think the LUA with SRP I had was pretty secure since I actually tried infecting it before with some .exe's and .mov's and other crap from limewire and none of it could execute. However, it doesn't appear as solid that way as I thought since LUA could write to C & prog files. I will try it the old school way since its more secure and hope it doesn't annoy me too much not being able to change anything, if not I guess its time for Win7.

of course unless your not the owner of the machine why you should take away your magical powers?

-{ Quote: "I always thought that a correct LUA could be all set up as admin - and then later changed to Lua. That is what is described by Tlu here; http://www.wilderssecurity.com/showpost.php?p=1167109&postcount=34

But then later in that same thread he states how that approach is wrong;
"Since your limited account used to be your old admin account there are still some unwanted remnants: If you check your permissions with the tool AccessEnum you will find that your limited account has write permission to at least some subfolders in c:\Windows and c:\Program Files - that's dangerous and contradicts the purpose of a LUA approach!"
http://www.wilderssecurity.com/showpost.php?p=1201866&postcount=146

Anyone that says that setting up a LUA is easy needs to read that headache of a post. " }-
No. Setting up a LUA account is actually rather easy. Let me explain: At the time when I started that thread you mentioned I was one of perhaps a handful of posters here on Wilders promoting a LUA approach. The other 99.9% were permanently shouting "HIPS, HIPS, hurray!". If I wanted to convince these people I had to make it as easy as possible. So I decided to present an approach that converted an existing admin account into a limited account. The big advantage: Under the limited account you would have full access to all your documents and settings like before as the c:\Documents and Settings\<user> folder and the HKCU registry branch remained the same. If I had chosen the alternative approach (creating a NEW limited account) I'm sure that most readers would have complained that they couldn't see their Word and Excel files any more, lost all their emails and settings, etc. - in other words: They would have given up after 5 minutes.

That's why I chose the other approach, tried to make my "followers" get used to the LUA approach and fixed its flaws in that second posting above when I was reasonably sure that people could manage these steps.

One can argue if that was the right way, and I'm not sure if I would do it the same way again considering that the LUA approach has gained much more acceptance here since then. But at that time it was an attempt to not make people surrender just at the beginning. And I do have the impression that that thread contributed to that change of mind.

WOW, so many big walls of text on this thread!

As for me, I run my Win7 Ultimate x86 as default Administrator, with UAC customized to "Notify me only when programs try to make changes to my computer (do not dim my desktop)".

Some reasons:
- I'm the only user of this encrypted notebook, which remains locked for the most time. If other person happens to need to use this notebook, he/she can do it using the Guest account, which I maintain activated.
- I maintain everything updated and secured, I never install unknown things and I never click on suspicious links.

On my W7 64 bit NO,is the answer as it offers selective admin powers by application.

On my xp sp3 YES is the answer for the usual reasons.

-{ Quote: "And I do have the impression that that thread contributed to that change of mind." }-
I will offer that more likely LUA is gathering more acceptance with the additional OS versions Vista, and Win7. And then on top of that "even Tlu endorses it". ;) Very respectfully, the type of manipulation you speak of is not appreciated by this reader, but seems to be typical of a procedure as it takes on cult like status. The post was made in 2008, and as you say - there was reluctance. XP came out in 2002. There are some pretty savvy computer users here. What took so long? If it really was the end-all-be-all in computer security? As you and others adopt a path of explanation that has as its' core just the gathering of new followers, and reasons that it is ok to leave out the particulars - for their own good. Then when someone like me comes along and says "Hey, what about this? What about that?", they are blasted for going against a "fundamental" axiom of computer security. And as you have just stated Tlu, it is all built on a house of cards - as I have already stated. Keep in mind - speaking XP only.

-{ Quote: " The post was made in 2008, and as you say - there was reluctance. XP came out in 2002. There are some pretty savvy computer users here. What took so long? " }-
A couple of reasons:
1. People were still used to Win 9x. There was no limited user, and most people have a hard time to change their attitudes.
2. In the first years of Win NT/2000/XP many programmers were unwilling to make their software LUA-compatible. Partly due to their laziness, partly due to the fact that Microsoft didn't force them to do so (for the sake of maintaining backward compatibility). If a limited account would have been set up by default during installation the situation surely would have been different.
3. People tend to fall for marketing hype. They have a premonition that they have a security problem and are confronted with an all-in-one "solution" for just a few bucks. How nice! Just install an additional software and all your problems are gone ;D

-{ Quote: " And as you have just stated Tlu, it is all built on a house of cards - as I have already stated. Keep in mind - speaking XP only." }-
I beg your pardon: Where did I state that "it is all built on a house of cards"? English is not my native language but it should have been clear enough that that posting you're talking about was only referring to fixing problems coming from a special way to implement LUA as easily as possible. It doesn't apply to a situation where you create a new limited account - I think that's very obvious.

I must say you have an odd way of putting words into somebody's mouth.

Fair enough. The backpedaling here with this is obvious. So now, making all your settings as Admin and then changing it to Limited is a "Special Way" of setting things up? I wonder if all of those that set LUA up that way realize that? I Always thought that was the "Standard Way" - I think many others do also. Let me ask; Do you currently advise "Oh yes, run LUA - in all cases". Or do you state "Set up an account as LUA and never have it become Admin, and it never had been Admin in the past. If you do it the standard way, you will have to follow the steps here; in post 146. http://www.wilderssecurity.com/showpost.php?p=1201866&postcount=146 Also if you do need to change anything, you need Surun. A non-microsoft product."

Odd way of putting words in peoples mouths? It is the totality of your and others words. Currently the given advice is - "Yes, everyone should run LUA - there is no reason not too. It is easy. Microsoft reccomends it. And most importantly, it has become a fundamental componant of computer security".

That very statement contains and is based on inaccuracies and manipulation. Because [this is the part on your very words] - if told the TRUTH on what they were getting into - most people would have given up in five minutes. There never would have been the cult push on XP users. It never would have become a fundamental axiom of computer security. People would have seen that it is not easy. And Microsoft would have created OS versions that did handle LUA correctly, which they could then reccomend. Which is in fact what did happen, with Microsoft.

Now, when someone comes up and exposes this "truth" - they are putting words in your mouth?

-{ Quote: "

Odd way of putting words in peoples mouths? It is the totality of your and others words. Currently the given advice is - "Yes, everyone should run LUA - there is no reason not too. It is easy. Microsoft reccomends it. And most importantly, it has become a fundamental componant of computer security".

That very statement contains and is based on inaccuracies and manipulation. " }-

Sigh. You don't get it, do you? Yes, LUA is indeed easy. Virtually all newer applications are LUA compatible. In everyday usage it doesn't cause any problems. And yes, LUA increases your security significantly particularly if combined with SRP.

-{ Quote: " Because [this is the part on your very words] - if told the TRUTH on what they were getting into - most people would have given up in five minutes. " }-
Because I was talking about a situation where most people were used to their HIPS + AVs, were used to clicking numerous pop-ups and false warnings or were discussing in various threads how to make these apps less talkative. But they didn't know about such basics like that every account has its own Documents and Settings folder and its own HKCU registry branch, and they didn't know anything about file/folder permissions. Not that this subject is more difficult than configuring a HIPS - but it's unfamiliar for someone used to simply click umpteen of buttons. I wanted to avoid these initial difficulties because they required a, well, new way of thinking. As I already said, I'm not sure if I'd present that subject again in the same way but that's how I saw it at that time.

The important thing is that most what I said in http://www.wilderssecurity.com/showpost.php?p=1201866&postcount=146 is not relevant if you create a new limited account preferably just after installing Windows XP - that's the best and "cleanest" way how to do it. Then install your apps, and you won't run into any problems (unless you're using apps several years old). If you want to setup LUA on an existing system, on which you've used your admin account for years, it's a little bit more tricky. But you have to do it just once, and from then on it works till eternity. And regarding SuRun: It makes LUA on Win XP definitely easier and more comfortable but it's not a must. You don't need it at all in Vista/Win7 because of UAC.

That's my last comment for you since I trust that you don't remove your blinders. And besides, I've been working as a limited user only since Windows NT - this experience doesn't count compared to yours, of course. Who am I to debate with you?

You don't have to "sigh" me - it is you that doesn't "get it". I see nothing wrong with stating "It is the best practice to run LUA. However, if you are using XP, Microsoft had not at that time perfected the approach and they proceded to improve it with Vista, and more with Win7. If you are on XP, it will have to be your choice. Run LUA or cover yourself with other means. If you do decide to run LUA with XP - here are some things you need to know ..." But guess what - I NEVER EVER hear that.

This is a prime example of one of your moonies completely disrupting a thread with what has become "the unargueable politically correct".
http://www.wilderssecurity.com/showthread.php?t=263809 Look how hard WarWagon worked to bring us all new insight on new ideas. Look at how the thread is hijacked with the LUA "news". I could show hundreds of examples. It is a cult.

-{ Quote: "That's why I chose the other approach, tried to make my "followers" get used to the LUA approach and fixed its flaws in that second posting above when I was reasonably sure that people could manage these steps." }-
Also while I am at it; you really should amend this to "fixed one of the flaws that I knew about". The fact is that no one, not you, not me, and no one here knows with complete certainty the totality of the potential problems with LUA and XP. The OS was not designed to be run in LUA. Sure it can be, and maybe the user is more protected - maybe he thinks he is when he is in fact not. For me, XP in Admin is just too good to give back. There are other means of getting the protection needed for computer use.

not sure I consider the thread you linked 'LUA worshiping', or why windows wasn't meant to be ran as an LUA when basically every company/University uses XP Pro was LUA with SRP without problems.

You seem to have weighed the pro's & cons of running a LUA and chosen admin. I'm sure you've done your homework and nothing wrong with running as admin, as you said you prefer running as admin since you have other "means of getting the protection needed for computer use." These means will have downfalls too and is why I said on my first post that running as admin or LUA is a tradeoff and depends on user preference.

-{ Quote: "not sure I consider the thread you linked 'LUA worshiping', or why windows wasn't meant to be ran as an LUA when basically every company/University uses XP Pro was LUA with SRP without problems." }- Yes but in that situation, the users are not the owners of the computer. There wouldn't be any 'problems', I never said that XP wouldn't even run as LUA.

-{ Quote: "You seem to have weighed the pro's & cons of running a LUA and chosen admin. I'm sure you've done your homework and nothing wrong with running as admin, as you said you prefer running as admin since you have other "means of getting the protection needed for computer use." These means will have downfalls too and is why I said on my first post that running as admin or LUA is a tradeoff and depends on user preference." }-
You've been fair and level minded.

Really, what strong protection are you thinking you will get using LUA?

Let me show you the reality:

1. Some malwares like keyloggers don't need administrative privileges to work, be it in XP, in Vista or in 7. In fact, the best and most hidden methods/APIs to log keystrokes (the ones few HIPS are able to detect) don't need administrative privileges in any Windows;

2. Complex malwares exploit privilege escalation vulnerabilities in the host OS, so they will infect you and it doesn't matter if you are admin or not. Even the Guest account is considered a vector vulnerable to malwares that exploit these vulnerabilities - and several of them are unpatched in XP. Win Vista and 7 are less vulnerable, but they still have this kind of bugs.

I see this thread hasn't changed much.

As to the claims that XP was not designed to be run as LUA, that's simply a lie at worst and a complete misunderstanding at best. LUA has been a feature of NT for ages. NT was designed from the ground up to be a secure operating system - you know, one that allows for access control on objects and allows for user accounts that don't have absolute full control over the system. Is LUA perfect in XP? No. Is it perfect in Vista or 7? No. Is it better in Vista and 7, sure, somewhat. Are XP, Vista and 7 all comfortably usable when it comes to LUA? Yes, unless you're stuck with programs designed for DOS or can't survive making a couple one-time hacks to some settings if they bother you (like the Date and Time applet issue) or simply do things that absolutely require an account with superuser privileges - if you install stuff all the time, configure hardware and do only admin tasks, it's not like you're even supposed to be LUA (there's a reason the admin accounts exist, and the reason isn't so no-one could ever use them). Are there many people running comfortably in LUA in XP, even perfectly regular people who know little about computers? Yes. Are there some who hate LUA with such a passion that the very word causes them to curse? Sure, but those folks are really not the target audience when people recommend LUA.

The "debate" on this leads nowhere, as has been well demonstrated in previous posts. But that won't stop me from fighting the windmills as ever. ;D

-{ Quote: "So now, making all your settings as Admin and then changing it to Limited is a "Special Way" of setting things up? I wonder if all of those that set LUA up that way realize that?" }-

Yes for the first question, no for the second.

Changing accounts around has always been a "special" way of doing things. The normal way has always been that if you want a limited user account and don't have one yet, then you create a new account. You don't change old accounts, unless you want to a) keep the settings and b) get the ownership issues. This is actually fairly obvious, assuming you know about file permissions, considering that the OS isn't a magical mind-reader. If you change an existing admin account into a LUA, how could the operating system possibly know that you don't want this existing account to keep its ownership over whatever objects the account has become the owner of in previous use? From the perspective of the OS, if you did not want the ownership kept, then you would obviously be changing the ownership manually or creating a new account.

But no, obviously not everyone realizes this. There are always people who fail to realize various things. At some point in our lives, we all will fail at least once to realize something. Often it's because we're working in unfamiliar territory, like computer security, and then fail to do enough of Reading The Manual or as an alternative do too much of listening to people who don't really know any more about the subject than we do and give bad or incomplete advice. But we live and learn, as I said previously in jest. Those that don't realize changing accounts around can cause some issues may learn that later. Hopefully, though, annoying LUA advocates such as myself would be able to tell them about those issues before they run into them, and save them from that particular trouble.

-{ Quote: "I see nothing wrong with stating "It is the best practice to run LUA. However, if you are using XP, Microsoft had not at that time perfected the approach and they proceded to improve it with Vista, and more with Win7. If you are on XP, it will have to be your choice. Run LUA or cover yourself with other means. If you do decide to run LUA with XP - here are some things you need to know ..." But guess what - I NEVER EVER hear that." }-

Funny, because I hear it all the time. Perhaps you're just very unlucky, or just don't like hearing stuff like that and turn a blind eye to it, in lack of a better word. I can't even begin to count the times when I've remarked on some well-known issues with LUA, on XP, yes, but on other versions as well. I've ranted endlessly about incompatible software and what one could do about them, I've ranted about file permissions and ownership, changing existing accounts to LUA and issues that will cause, and I've spread around the well-known hacks and solutions to issues with the Date and Time applet and Power Management options and not having the Security tab in file/folder properties in Home versions. I've ranted about some OEMs messing up the file permissions and in so doing robbing LUA of many of its security benefits. I've ranted about LUA not preventing the execution of malware on Windows or on any other modern general purpose OS. I've ranted about how XP is ancient in software years and newer versions do LUA even better. And I'm nowhere near the only one, nor the first in any way. If you really have never heard LUA advocates telling people about issues they might run into with LUA and LUA on XP in particular, then you've either been very unlucky or very reluctant to listen.

-{ Quote: "This is a prime example of one of your moonies completely disrupting a thread with what has become "the unargueable politically correct".
http://www.wilderssecurity.com/showthread.php?t=263809 Look how hard WarWagon worked to bring us all new insight on new ideas. Look at how the thread is hijacked with the LUA "news". I could show hundreds of examples. It is a cult." }-

"moonies", "cult", "kool aid", "pontificating"... Well now, isn't that some friendly, rational discussion concentrating on fact instead of ad hominem attacks against others.

Let's look at WarWagon's thread rationally, since you asked. "New insight on new ideas"? What new ideas are those? The idea that you can get hit by drive-by exploits without doing anything except browsing a web site? The idea that you can make videos about testing such exploit sites with different configurations, like on a patched system as compared to an unpatched one? None of this is new in any way and has been all done before a million times, just like the eternal don't be root/admin discussions. What WarWagon did, and did well, is make some nice videos with good image and sound quality. His was a very nice thread in my opinion, with very nice videos for people who haven't seen drive-by exploits in action yet. So, he'd get a thumbs up from me on that. However, there's nothing particularly new about any of it, and I doubt WarWagon himself would disagree, considering his experience with working with malware. More accurately, it's about as new as Windows XP, or the discussions on LUA on Windows that have gotten more common but haven't gotten much new material. Now that we got the "new ideas" out of the way, let's consider the thread hijack by the "LUA cult". I find nothing disruptive about the LUA comments in that thread. It seems that you're just particularly sensitive to people talking about LUA, and highly inclined to consider people who speak about it "moonies", and "cultists." Somehow, you don't seem to extend that courtesy to people who perform in exactly the same way in millions of threads, but instead of LUA advocating some commercial security software. Or if you do, I sure haven't seen you do it, although there's been ample opportunity. Listen, we get it that you don't like LUA on XP. No-one will force you to run as LUA. You can run as admin all you want, and you have valid reasons to do it, so go ahead and continue since it works well for you. That's how it's supposed to be: you find out what works for you and do it. So don't worry. We evil LUA advocates are not out to get you, or steal your security software. You're naturally free to disagree with us, but one might hope disagreements could be handled without too many unjustified insults.

But that's that. Security should be about calm and rational consideration, not emotional response. If you don't like something, that doesn't mean you need to call people who advocate it cultists and moonies, especially when you've got practically nothing to make such name-calling seem even remotely deserved and justified. Sure, people may get upset when someone points out they're wrong about something (like the claim that ownership isn't done correctly on the permissions on Windows XP LUA, which is of course a simple misunderstanding caused by not understanding how ownership and permissions work) but that's really no reason to break out the nasty words. People don't usually mean harm when they point out some facts. It's sad that these discussions usually spiral out of hand because people can't stay calm and stick with the facts.


-{ Quote: "Really, what strong protection are you thinking you will get using LUA? " }-

A lot. For example, the kind of protection that stops an unwise but otherwise benign user from accidentally deleting system files - and this same applies to installed software that may attempt stupid things due to bugs. Another example would be the kind of protection that breaks most of current malware due to it being poorly coded and prevents almost all of the rest from infecting the entire system because they haven't found or couldn't be bothered with privilege escalation. Yet another example would be the kind of protection that prevents other users on the system from seeing all your files and gaining full control over them just by opening Windows Explorer and pointing it at your My Documents folder. Considering this is free, it's pretty nice.

-{ Quote: "Let me show you the reality:

1. Some malwares like keyloggers don't need administrative privileges to work, be it in XP, in Vista or in 7. In fact, the best and most hidden methods/APIs to log keystrokes (the ones few HIPS are able to detect) don't need administrative privileges in any Windows;" }-

Sure. LUA is not an anti-malware. If someone claims it is, they're wrong. LUA doesn't detect or remove malicious software. LUA does offer various levels of protection against a lot of malware, but that's mostly because some malware wasn't made with the expectation it would run in LUA and because some other malware that was made for LUA can't infect the entire system when run in LUA because the malware hasn't been able to successfully exploit any possible privilege escalation vulnerability. But in any case, LUA is a way to protect the system and other user accounts from compromise. If the human user using that LUA executes malicious software in his account, then his account can be compromised. LUA will not stop that, if the malware that's executed is the right kind. So, like with everything, you need to use a combination of measures. You could use LUA with Common Sense 2010, or you could use LUA with some AV Security Suite, or some HIPS, or some sandboxing software, or AppLocker, or whatever. Many security software like AVs actually gain effectiveness when the user is LUA, since malware can't so easily kill the AVs anymore and also can't throw around kernel rootkits to hide itself from them. Nothing is The One Be-all and End-all of security. Multiple measures are typically employed, or should be, to achieve a reasonable level of security. This whole "malware can run in LUA" isn't new in any way. It's old as Unix, actually.

-{ Quote: "2. Complex malwares exploit privilege escalation vulnerabilities in the host OS, so they will infect you and it doesn't matter if you are admin or not. Even the Guest account is considered a vector vulnerable to malwares that exploit these vulnerabilities - and several of them are unpatched in XP. Win Vista and 7 are less vulnerable, but they still have this kind of bugs." }-

Sure, there can be privilege escalation attacks. Security bugs are a fact of life. And not only with operating systems, but security software as well. Who knows how many exploitable bugs our chosen AV or HIPS has? How many would be found, if all the gazillion people looking for vulnerabilities in Windows would turn their eyes towards said security software?

But about those complex malwares... to put things in perspective, why don't we make a list of, say, three different complex malwares that exploit privilege escalation vulnerabilities that were unpatched at the time the malware was first found in the wild or even released as a first buggy proof-of-concept. Any takers? My point being, complex malware isn't exactly common. ;D Even the most outrageous rootkits typically use a very boring dropper that requires admin privileges to load the rootkit and doesn't attempt any kind of privilege escalation attack.

So, what strong protection do we get from LUA here? Well, only that about let's say 99 % of all malware in the wild does not attempt to exploit unpatched or unknown privilege escalation vulnerabilities, and that means that LUA will prevent such malware from infecting the entire system. That sounds pretty nice, too.

Well least not forget, I was called 'silly' first. And 'sighed' at later. You know, when I 'just didn't get it'. Why is the current poll hovering at 75% Admin? Oh, I know, it is because it just hasn't been explained well enough (hard to fathom that one) - or they cling to their beloved security programs - or they insist on being 'Masters of their Domains'.

-{ Quote: "As to the claims that XP was not designed to be run as LUA, that's simply a lie at worst and a complete misunderstanding at best. LUA has been a feature of NT for ages. NT was designed from the ground up to be a secure operating system - you know, one that allows for access control on objects and allows for user accounts that don't have absolute full control over the system." }-
BS. The absolute first thing you have to do on an XP install is create an Administrator account, even though a hidden Administrator account named Administrator already exists. You would have to already somehow 'know' that you need to create a LUA account. Now I think most people that have an intention of letting other people use the computer would have enough knowledge to create limited accounts for them. But how many of them would think that Microsofts intention is for you to create that first Admin account, and then go ahead and create a LUA account for yourself - and just leave that first created Admin account lay dormant I guess ... forever. Ok, so you need that first account for settings and such ... so then what is the hidden Administrator account for? It is designed for the owner to be the Administrator, that's why. If you want to be LUA on top of that - that is a user choice.

As for moonies and cultists - show me one post anywhere on this web prior to this thread where you specifically have stated that it is best to create a pure LUA and leave it that way - never to be Admin. No, you and the ilk are satisfied with having them create Admin accounts and switching to LUA just to get them on board. It was Tlu that first referred to his 'followers'. Not me.

-{ Quote: "Well least not forget, I was called 'silly' first. And 'sighed' at later. You know, when I 'just didn't get it'. Why is the current poll hovering at 75% Admin? Oh, I know, it is because it just hasn't been explained well enough (hard to fathom that one) - or they cling to their beloved security programs - or they insist on being 'Masters of their Domains'." }-

No, you, the person using the alias HungJuri, weren't called "silly." What was called silly was something you said, something that, it just so happens, was in fact silly as in nonsensical. I can quote myself: "Now this is just silly. LUA doesn't somehow 'become admin sooner or later'. Not if you use the account reasonably, anyway." I'm speaking of an incorrect claim and pointing out that it is just silly; I'm not speaking about a person, you, and telling you that you are silly. English-speaking people can easily tell that just by reading what I said. If there are doubts about this, there's always the option of just going back in the thread to read what was said, post by post. Any of it can be quoted freely to solve such doubts. And it was discussed before. Please don't take this stuff so personally. We're talking about software and ideas here, not people. If I point out something is incorrect or silly, I don't do it to be a pain, only to tell the truth. As for Tlu's sighing, that happened after the kool aid and cult stuff, and I can't blame Tlu for sighing, considering how discussions in this thread had gone up to that point. ;D

As for why the current poll is hovering at 75 % admin, it's because of multiple reasons, but mostly because admin is the default and that's what people are used to and what many programs were made to assume. Other reasons are pretty much as obvious: some people have found comfortable setups and don't feel need to change them in any way including LUA or new security software, some others are like Sully who does so much stuff that really absolutely always requires admin rights that being LUA would be far too uncomfortable and inefficient for him, while some others simply dislike the idea of not having "full control" over the system at all times (yes, in this forum there have been discussions where some have admitted that they are exactly like this), and others still don't really care or understand the concept (when people say things like "I'm the only one who uses the computer, so of course I'm admin" that's a good sign that they might not necessarily understand what LUA is about). Some of these people who run as admin now could benefit from LUA, but some of them would not. Polls like this really tell nothing much of how comfortable LUA is in a given OS or how many issues running LUA may cause. Why? Because people obviously have tons of reasons for being admin beyond the simple "I tried LUA and found LUA is too buggy and/or uncomfortable". In fact, most home users who run as admin have never even tried running LUA, haven't even really heard of it, and wouldn't know whether it's buggy or uncomfortable or not. And ironically, if we compare how many XP users run as LUA and how many Windows 7 users do, considering all the improvements in 7, we may actually find that the difference isn't what one might perhaps expect, and some users of 7 are actually less inclined to run as LUA in 7 than they were in XP, since they believe UAC already does it for them - and UAC isn't present in XP. I've seen that happen even in some businesses.

-{ Quote: "BS. The absolute first thing you have to do on an XP install is create an Administrator account, even though a hidden Administrator account named Administrator already exists. You would have to already somehow 'know' that you need to create a LUA account. Now I think most people that have an intention of letting other people use the computer would have enough knowledge to create limited accounts for them. But how many of them would think that Microsofts intention is for you to create that first Admin account, and then go ahead and create a LUA account for yourself - and just leave that first created Admin account lay dormant I guess ... forever. Ok, so you need that first account for settings and such ... so then what is the hidden Administrator account for? It is designed for the owner to be the Administrator, that's why. If you want to be LUA on top of that - that is a user choice. " }-

If you think what I said was BS, then show some proof of it. You know, factual stuff. Show me proof that 1) LUA hasn't been a feature of NT for ages and 2) NT was not designed from the ground up to be a secure operating system with different user accounts of different level of privilege in the system and 3) XP was not designed to be run as LUA. Because, what you just said isn't proof of that. You spoke of what happens during the install by default. You didn't bother to address what documentation says about creating limited user accounts, or that all the technology to create and use LUA is already present after XP is installed normally. All you need to do is create a new account, and go. XP was designed for that. But, we need to understand what the word "designed" means, and it looks like you don't, or you got "designed" confused with "defaults to". In simplified terms, "designed to do X" means something was intentionally built-in to the software to be used or function in a certain way, and this built-in feature can either be working automatically with no way to turn it off or it may be something the user can control. (And yes, I realize I sound like an idiot trying to explain what "designed" means in software, but what else can I do?) Default settings are a design choice as well, but default settings don't mean that anything that isn't the default was somehow not designed to be used. By the kind of unlogic that says that "XP was not designed to be run as LUA because LUA is not the default and because there are multiple admin accounts created" we could just as well claim that "since XP doesn't show file extensions by default it clearly means XP was not designed to show file extensions". Simply absurd. Both are users' choice: users can run as LUA and show file extensions, or they can go with the default and run as admin and not show file extensions. But the fact of the matter is that XP (NT) is designed to do all of this: it is designed so you can run as admin or you can run as LUA, your choice, and it is designed so you can show file extensions or not show them, your choice. Discussion is hopeless if people can't agree on obvious facts like this. When I say "XP was designed to be run as LUA", it means just what it says: LUA was designed into XP intentionally, and it's there to be used. It does not mean that Microsoft forced everyone to always be LUA, or that they should. But something tells me explaining this stuff is not going to work. Maybe it's my english.

But let's think about things a little, since you don't seem to be familiar with NT's history (and who can blame you, it's not like most Windows users are). Why is there the default, "hidden" Administrator account, when the user is made to create a new admin account during the installation? Well, obviously there always has to be at least one admin account - or you can't administer the system very well. If something, for some reason, happens to the admin account the user created for himself during the installation - something like a badly corrupted user profile - it might be a good thing that there's another admin account on the system that hasn't gotten messed up in use. That's one argument in support of the hidden admin account. In Windows 7, some rather experienced folks had some trouble when they did not know that the hidden Administrator account has actually been disabled by default, and they created their usual personal admin account during the install and then did what was not supposed to be done and demoted it to a limited user - in the progress securing themselves out of their own system by removing the only active admin account on the system. But of course, these "personal" admin accounts created during the install are also created simply because people want to be able to customize things. Hands up everyone here who only uses user accounts that are named "Administrator" or "Limited User". Yeah, not me. I'll rather use a more personal feeling, familiar name, like a nickname.

-{ Quote: "As for moonies and cultists - show me one post anywhere on this web prior to this thread where you specifically have stated that it is best to create a pure LUA and leave it that way - never to be Admin. No, you and the ilk are satisfied with having them create Admin accounts and switching to LUA just to get them on board. It was Tlu that first referred to his 'followers'. Not me." }-

I find "followers" to be rather different from "cultists." But maybe it's just me.

As for posts where I've stated you should create a new limited user account (I'm not sure what a "pure LUA" would be, so I can't comment on that) and never make it admin, I think it's pretty bold of you to expect I'd actually bother to look stuff up for you after all the cherry-picking and misquotation that has been done in this thread. ;D But hey, since I'm just such a nice guy, I'll show you your one post right now, and then refuse to hold my breath until you figure out how to make it look like it doesn't really say that it's best to create a new LUA and never make it admin. ;D Here we go, sir! Bold emphasis mine, of course.

-{ Quote: "The easy solution, if one is unwilling to change permissions later, is to avoid ever changing admin accounts that have been used to install software into limited user accounts, due to the creator/owner permission issue. Instead of demoting an admin account into a limited user, create entirely new limited user accounts and never make them admins even temporarily. Then you use the admin account only for installing software and other admin work, and use the limited user accounts for daily use. This way, the admin is the creator/owner for anything installed for all users, in Program Files, and limited users will not get any write access there (unless the software is simply poorly made and automatically gives limited users access they should not have). There's a lot of discussion on that topic all over the net, including in this forum unless my memory fails me. My limited user accounts, for example, were all created as limited - they were never admin, so there aren't any permission issues." }-
Link to original post: http://www.wilderssecurity.com/showpost.php?p=1507331&postcount=14

That was, by the way, about half a year ago, so you can't really say I only started doing that after you showed me in this thread. ;)

Thank you, and good night. ;D

+ 1 for Admin :)

-{ Quote: "As for posts where I've stated you should create a new limited user account (I'm not sure what a "pure LUA" would be, so I can't comment on that) and never make it admin, I think it's pretty bold of you to expect I'd actually bother to look stuff up for you after all the cherry-picking and misquotation that has been done in this thread. ;D But hey, since I'm just such a nice guy, I'll show you your one post right now, and then refuse to hold my breath until you figure out how to make it look like it doesn't really say that it's best to create a new LUA and never make it admin. ;D Here we go, sir! Bold emphasis mine, of course." }-
You don't have to hold your breath - I see it - point taken. But that is a first for me, so you are the 'one' that seems to know what he is talking about. Congratulations. But it doesn't change the fact that running XP in a LUA is a user choice - that is all it can ever be. It is not a fundamental axiom of computer security, it is not necessarily so that it needs to be emphasized more, and it is not an "of course" answer.

-{ Quote: "You don't have to hold your breath - I see it - point taken. But that is a first for me, so you are the 'one' that seems to know what he is talking about. Congratulations. But it doesn't change the fact that running XP in a LUA is a user choice - that is all it can ever be. It is not a fundamental axiom of computer security, it is not necessarily so that it needs to be emphasized more, and it is not an "of course" answer." }-

Thank you for not making me hold my breath! :) I'm really not very good at it.

I do like to think I somewhat know what I'm talking about, but I'm certainly not the only one, and there are people out there who know so much more than me that if I knew half of what they know my brain would in actual fact explode all over the place making a really ugly mess. But, when it comes to LUA or Windows security in general, I don't usually give much bad advice or make very big mistakes and if I do I feel rather miserable about it. To return to Tlu's excellent thread, as he said, it included changing an existing account to LUA simply because that allows them to keep their settings so that they won't be distracted from the security effect of LUA simply because of the "Hey, why is my desktop wallpaper and My Documents folder gone?" effect of creating a new user account. It will cause ownership issues, but advanced users such as those often found on security forums can more easily correct those especially when given very thorough advice like Tlu always does. So, it's "special advice" for "special people". The general rule to follow is to create new limited user accounts and never make 'em admin, unless you're just really sure you really know what you're doing. And if you create your new limited user account right after you just installed Windows, you don't even suffer from the "Hey, why is my desktop wallpaper and My Documents folder gone?" effect since the admin account will not be customized to your liking yet. :)

But yes certainly nothing changes the fact that LUA is a user choice in XP, in Vista, in 7 and in pretty much every OS where LUA even exists. Even in such Unix family systems where you default to something else than root, nothing stops you from just logging in as root anyway and using it to do everything. Well, actually, sometimes something does stop you (like Ubuntu where you have to manually enable the root account to use it), but typically you can get around that easily as well if you want. But LUA being a user choice does not prevent LUA from also being a fundamental part of computer security in modern operating systems. Because LUA is exactly that. Users certainly don't have to make use of LUA, but users who do tend to have less security issues than those who don't - and there's actual scientific research about this very subject. This is a reason for people like me to try to emphasize LUA more, since there are many people who would benefit from it that do not really know enough of it yet. It's certainly not necessary to advocate and emphasize LUA as we do, but I believe that it can help many users, so that's why I do it. And for myself personally, LUA is an "of course" answer, due to it fitting my computing habits and policy very well, and that's really all that I meant with my original reply to this thread's question.

Peace. :) We LUA guys can be noisy but we've got an F in evil.

-{ Quote: "Peace. :)" }-
Fair enough post - Peace here also. Maybe the only good that comes out of this thread is for some to realize that maybe the saturation point has been reached as far as hyping LUA. Maybe the 'of course' set me off as the needle that broke the camels back. Just getting tired of reading threads that are completely thrown off topic 'for the good of all mankind' such as the WarWagon thread. Anyway - Peace again. ;)

-{ Quote: "Fair enough post - Peace here also. Maybe the only good that comes out of this thread is for some to realize that maybe the saturation point has been reached as far as hyping LUA." }-

Peace is good. ;) There may really be some kind of saturation point that has been reached in some environments with all the LUA talk. Many LUA advocates have background in Unix, and in that world "don't run as root" is heard everywhere, all the time, so LUA advocates with Unix experience may be a little too used to talking about how being root is bad-bad. It's problematic, though: where advanced users who have no problems with their security setup may get annoyed by the LUA advocates going off about LUA for the millionth time again, there's always the less advanced Joe Users out there who haven't heard enough of LUA yet for it to be helpful to them. Perhaps one could think that the advanced users get to suffer a little (well, okay, a lot, not just a little) from hearing the same things a million times in order for everyone to help the average users. It's rather like the eternal "Everyone should run an AV in Windows" rule that is everywhere. Advanced users are very tired of hearing it (many don't run AVs anymore), but some average users unfortunately still haven't heard enough of it and may be surfing around the web with an unpatched system, as admin, and no AV or any security software at all leaving them pretty much cannon fodder for malware. Difficult stuff to find a reasonable balance, or perhaps more accurately to be able to reach the masses of the average users, most of whom never visit security forums or only infrequently visit via Google when they realize they're infected too badly and need help. But it's for those latter cases largely why many LUA advocates repeat the same mantra always, and also in hopes that if advanced users learn about LUA - even if they don't choose to include it in their own security policy - they can then spread the word and perhaps help average users that have more need for LUA.

-{ Quote: "Really, what strong protection are you thinking you will get using LUA?

Let me show you the reality:

1. Some malwares like keyloggers don't need administrative privileges to work, be it in XP, in Vista or in 7. In fact, the best and most hidden methods/APIs to log keystrokes (the ones few HIPS are able to detect) don't need administrative privileges in any Windows;

2. Complex malwares exploit privilege escalation vulnerabilities in the host OS, so they will infect you and it doesn't matter if you are admin or not. Even the Guest account is considered a vector vulnerable to malwares that exploit these vulnerabilities - and several of them are unpatched in XP. Win Vista and 7 are less vulnerable, but they still have this kind of bugs." }-

I don't want to start another painfully long debate, but I kinda disagree.

Malware writers want to infect as many systems as they can, even on a security forum 75% run as admin, in real world is probably about 97%. You really cut down on possible number of malware you are open to in a LUA. Its like taking condoms with you to Las Vegas. Keyloggers, as far as I am aware, hook into the system exactly like a driver for the keyboard, something which theoretically requires admin rights. Guest account should always be disabled and its been commonly exploited in XP. Also -

http://pm.beyondtrust.com/company/pressreleases/03Feb2009.aspx

Thats on an unpatched system. With a patched system, programs kept up to date, and an AV this would be very secure IMO. Add in a software restriction policy and IMO you couldn't infect the system even if you tried, even with AV disabled.

-{ Quote: "But it doesn't change the fact that running XP in a LUA is a user choice - that is all it can ever be. It is not a fundamental axiom of computer security, it is not necessarily so that it needs to be emphasized more, and it is not an "of course" answer." }-

also, just so I don't appear like an LUA drone, I agree with this post and I am a big fan of sandboxing & virtulization. I think the 'safe mode' in Kaspersky IS and similar tools in other programs will soon be built into every AV system, its also why I often recommend KIS. Eventually most will run windows 7, not admin by default, running a tool to sandbox programs like the ones in Kaspersky. IMO this will eventually be the setup for 95% of systems and malware writers will attack this setup, which will probably put LUA on the backburner and look at other methods down the road.

When I saw Chrome install right into Documents and Settings is when I really took notice. I knew that programs could install this way but I guess it just didn't register. Anyway, I was surprised. My bad. But this was a full fledged browser for geez sakes - and from Google. Now I think it was a tad underhanded of them to not offer me an install location during the setup - and for that single reason, I will never use it - but that is just me. But back on topic, LUA without SRP apparantly isn't much protection. So the true 'full' story needs to be LUA plus SRP, and then of course Surun. When you couple that with the items we have already beat to death here, it just seems logical to go the Admin/sandboxing/virtualization route. On XP.

-{ Quote: "Yes, but with lower privileges most of the time. I use Sandboxie, Online Armor, and NOD32. The first two have settings to run programs with lower privileges. I run all internet apps, browsers and emai clients sandboxed, and with lower privileges. I have to unblock consciously even zip files before I can open them. I am prevented from downloading questionable files. I have to deliberately bypass the security. Limit accounts are a pain. I haven't been infected yet. This security I have with XP Pro SP3 and above apps." }-

The above is the same except change NOD32 to Prevx 3.0. Prevx is as good or better and has lower ramprint.

its such a pain to use windows without logging in as an admin. only public pcs tend to have user login options

Combined with this thread; http://www.wilderssecurity.com/showthread.php?t=261959 - I honestly can not see how anyone can reccomend LUA on XP. With the issues on hacking Home to Pro, to relying on Surun to be flawlessly coded, to the undereducation of most users on the pitfalls of converting an Administrator to Limited, to having to check the actual permissions granted to the User group, there is no way this can be the an acceptable reccomendation to the casual user. It seems that keeping your security 'native' to Windows is one of the key points to all this, and then only to find out that many proponants of this approach also tout Firefox as being more 'secure' than IE. At least here, I like consistency - I need to know exactly where I am at as far as security goes so I can have at least some basis for the decisions that come later as to other security to add.

Never did, in Linux its sudo, in Windows its LUA. I never ever ran into any issues running LUA, also run full DEP, for rare programs needing admin rights like CD burning software etc, I always used RunAs.

I'm running at Administrator and my computer hasn't limited accounts.
I'm always install and use many system programs, and I want to have wide right to use my computer easily.
My security programs are pretty good and I don't worry about any threats :D

I have an "admin" named account but it is limited user:) so the bad guys can spend their time trying to abuse it. I use unrestricted account with dropmyrights for Firefox, sometimes i shutdown explorer in the taskbar and run it with dropmyrights, so its a combo of admin and limited user for explorer and firefox.

also running CIS

Yes -absolutely....... run on max settings8)

yes yes

Yes with no-prompt UAC.

muh-ha-ha - resurrected from the dead she be - mateys.

Avast! Be ye Admin ye yellow bellied bollox or be ye LUA ye pox infested swine?

Aargh! Ye both of ye be keel hauled an dumped o'er board to have ye visit wit Davey Jones!

Nay says I! Let him that be able to hoist that thar Admin flag o' his be done with it then!

Nay says I! If ye says unto me, ye LUA ist' whats keepin yer boat afloat, then I says so be it!


Aargh!

Come now me mateys, lets us hoist some rum together and have our selfs a grand time, lest we be for fallin into a roe wit each another!

Sul.

Yes with no-prompt UAC

Yes I do

Yes with Safe-Admim. :thumb: