Yes, but with lower privileges most of the time. I use Sandboxie, Online Armor, and NOD32. The first two have settings to run programs with lower privileges. I run all internet apps, browsers and emai clients sandboxed, and with lower privileges. I have to unblock consciously even zip files before I can open them. I am prevented from downloading questionable files. I have to deliberately bypass the security. Limit accounts are a pain. I haven't been infected yet. This security I have with XP Pro SP3 and above apps.
No, I don't. Of course I don't. Limiting the privileges of the logged-in user and anything executed by said user is one of the essential basic steps in running a secure system. It helps against malicious software, malicious/stupid users (as long as you don't give them the admin password), and even against badly coded programs that may accidentally delete/corrupt stuff they weren't supposed to delete (many examples of this around). I run a non-admin account in Windows, and obviously run a user account in Linux, not root. It is not difficult. It is very easy. But then, I do not use software that is so poorly coded it fails to run on a non-admin account (assuming the software doesn't have a legitimate need for admin privs). Indeed. If even the people who are actually interested in security run as admin... I don't mean to insult with this question, but I'm just honestly curious (as well as somewhat flabbergasted). You say that limited accounts are a pain. And yet, you are running Sandboxie, Online Armor and NOD32, and "have to unblock consciously even zip files before you can open them." How is that not a pain? Even a much greater pain than using a limited account? I am honestly confused. I, like many others here, have a history of trying out many security software for various reasons. I have used HIPS products, sandboxes, all kinds of stuff. And all of it was much more a pain in the posterior than running as a limited user (even with a software restriction policy). And a lot more expensive to fund and to support. You guys who consider limited accounts a pain should sometimes try spending as much time getting your limited account working comfortably as you spend configuring, tweaking, updating and so on your various security software. You might be surprised at just how easy it is. But tastes differ, as they say. To each his own...
Exactly. It also does not introduce any new vulnerabilities into the system (whereas running third party security software does, without making the vulnerabilities already in Windows going away either).
indeed more convenient, but less secure. Its a tradeoff and depends on personal taste. I run a limited account. I do agree that adding more 3rd party programs increases surface attack, and LUA doesn't hurt performance like 3rd party scanners that scan every single read/write to the HD do. also read other benefits on this wiki page, these are benefits no one talks about: http://en.wikipedia.org/wiki/Principle_of_least_privilege 3rd party security apps are rooted deep into the system and have unrestricted access. This naturally hinders stability and performance and security. This is a key reason for UAC, to force software developers to make their software so it doesn't hook so deep in the kernel.
Under 'Limitations' at the end of that very page; "We have no method to evaluate a process to define the least amount of privileges it will ever need to perform its functions. That is because it is not possible to know all the values of variables it may process, all the addresses it will need, the precise time it needs etc" " In real practice, it is almost never possible to control a process's access to memory, or processing time, or I/O device addresses or modes with the precision needed to eliminate the precise set privileges we can be sure a process will not need." Running LUA is not what some make it out to be. I don't want a situation where every single action is scrutinized as to what privlege has been granted. I run Admin to speed up my entire computer time. There are plenty of light, practically fool-proof programs out there (sandboxie, returnil) to defeat malware.
trust me I'm not trying to make LUA sound like a perfect solution in every instance, their are some inconveniences involved. Again, its a tradeoff and depends on personal taste.
That Wikipedia article is looking at least privilege from a theoretical perspective. Those "issues" presented in the article are pretty much irrelevant to any normal user. The article attempts to go for the theoretical extreme in least privilege, asking the question: "What are the absolute minimal privileges I need to get job X done?" In real life, modern operating systems don't try to tackle such questions using user accounts. When it comes to "limited" user accounts, the question would instead be: "What is the minimal set of privileges I need to get typical daily use jobs like X, Y and Z done without having privileges that grant me administrative control over the entire system?" LUA in Windows, for example, isn't even trying to get the absolute minimal privileges theoretically possible. Instead, it's trying to get a set of privileges that is both convenient and still limiting enough to prevent full control of the system from a non-privileged user. When (or more accurately if) someone actually wants to go for the theoretical absolute minimum privileges, mandatory access control can be used. So, in reality, with LUA, there is no "situation where every single action is scrutinized as to what privlege has been granted." It's simply that when you log on, you're given a limited set of privileges and that's that. Every action then happens using those privileges. There is no special scrutiny on every action so as to, for example, assign a relatively high privilege set A to process X, and then a lesser privilege set B to process Y. Instead, everything gets the same single set of limited privileges. Running LUA does not slow down a system, and it doesn't even slow down most users. The type of user that would experience slow down as compared to running as admin is the type of user who does things to their computer (constantly tweak system-wide settings for some unknown reason, constantly add new hardware and drivers, constantly install new software system-wide, etc), as opposed to doing things with the computer (browsing, email, multimedia, office type work, playing games, anything that doesn't involve system-wide changes). On the other hand, there's always the factor that most "fool-proof" security programs cause slow down as well. Some also cause instability. For users of HIPS products or sandboxes a nice little test is opening their browser with the HIPS or sandbox enabled, and then opening their browser when such HIPS or sandbox software is not installed. Time it, and observe the difference - the slow down caused by the security software. Finally, of course, there's the issue that not running as admin isn't even supposed to defeat malware. After all, you can still run software, even new software, without admin privileges, and that includes malware. But, what not running as admin will do is give you the most basic essential security measure of not giving everything that runs and everyone that uses the system absolute full control over the system. It's kind of like not giving every person you meet a copy of your car and home keys and not leaving the doors and windows wide open and unlocked. That won't make your car and house burglar proof, but it sure will cut down on random people walking right in to steal your stuff.
Good post Windchild, I want to add to this part because for me its not really about browser performance. I do tell a difference in overall gaming and multitasking and overall windows performance since my limited account runs basically identical to a new windows install. The more programs you install that require low level access and impact the Windows kernel the more stability and performance is impacted. I like keeping windows as stable and fast as a fresh install and is why i can take a 5 year old computer and run a game, a defrag, audio & recording program + other apps at the same time and have perfect performance & stability ie http://www.youtube.com/watch?v=SZx8YsvBPDQ Several times I've used a friends computer with better specs than me but tons of programs that require low level access installed (ie Norton internet security, superantispyware, a regcleaner, a 3rd party defrag, plus 2-3 other scanners). Even if you disable those programs and launch a game or multi-task it is clear stability and performance is compromised when my ancient computer runs much better.
I used to run as admin in the past, even arguing against LUA. However since switching to Win7 I gave LUA another go and find now there is no need whatsoever to run as admin.
I always thought that a correct LUA could be all set up as admin - and then later changed to Lua. That is what is described by Tlu here; https://www.wilderssecurity.com/showpost.php?p=1167109&postcount=34 But then later in that same thread he states how that approach is wrong; "Since your limited account used to be your old admin account there are still some unwanted remnants: If you check your permissions with the tool AccessEnum you will find that your limited account has write permission to at least some subfolders in c:\Windows and c:\Program Files - that's dangerous and contradicts the purpose of a LUA approach!" https://www.wilderssecurity.com/showpost.php?p=1201866&postcount=146 Anyone that says that setting up a LUA is easy needs to read that headache of a post. Now that post was made in March of 2008 while XP has been here since Sept of 2002 ...... 6 years later and an advocate of this is still having to learn it? Ok, let that go - most here advocate LUA plus SRP and state that it is all native to Windows so no conflicts ----- but you have to add Surun to make it even minimally tolerable. So it hinges on Surun - let's look at that. Well right at the bottom of Suruns page is a long list of *fixed* bugs in the program - true they are fixed in the latest version, but they existed for a time. How do you know that just the very act of having Surun installed doesn't make you more susceptible to malware attack - the malware doesn't have to work around Windows or LUA or SRP - just Surun. Microsoft is continuously issuing patches against elevation of privileges attacks - how do you know that Surun isn't conflicting with some new patch or even corrupting it. It adds 'Run as Admin' to every menu you have .... So all of that verses programs such as sandboxie and returnil (which do not slow your system down). And to post so high and mighty that anyone running admin is either insane or needlessly tweaking their system "for some unknown reason" - just look at the difference between Suruns page and the level of participation from Tzuk and Coldmon. I use common sense and pass.
You've got some fair points here but I think you need to distinguish between the different windows platforms. With Win7 you certainly don't need Surun. LUA runs just fine, and with no inconvenience, by itself. Would I just run LUA by itself though? No way. Something like SBIE or DW will always be the primary armor. But with Win7 there is just no need to run as admin any more.
I thought Surun was a registry hack to enable SRP on home versions of windows? Regardless, that is a headache of a thread that I won't be reading and is probably why I don't know what Surun is. I use LUA and SRP without Surun and its completely tolerable, I only have to switch accounts to add/remove software. Games, downloads, office stuff, ripping dvd's, etc work fine under my LUA and thats about all I use my PC for really. Mechbgon has the best and most simple guide for LUA and SRP - http://www.mechbgon.com/build/security2.html#srp I wouldn't install Surun. In the future I might weigh the pro's and cons of replacing a LUA with something like returnil/sandboxie/geswall. I've tested sandboxie which was probably more work than my limited account b/c I would turn off sandboxie before games, then on before browsing, and I'm a weird guy about background apps and apps that require low level access as I mentioned. If someone doesn't have those concerns that I do, I'd say geswall and other virualization apps are excellent solutions.
Yes, I agree. I am speaking XP Pro. Win7 actually takes LUA into a level where it is much more the correct decision to run LUA. If I were to run LUA, it would have to be just native Windows with SRP - and nothing else and it would have to follow the guidelines in Tlu's post 146. I just would appreciate it if those that are advocating it would also point out what the true pros and cons really are.
I believe the registry hack you are thinking of is to bring XP Home up to XP Pro - it is also somewhere in that long Tlu thread. So XP Home users have an even extra step. I guess the very first question on LUA should be "What is your OS?
Setting up LUA is easy. I've said it before and I'll continue to say it, based on quite a lot of experience. Posts on the internet don't really much change reality and perhaps should not be used to make too far-reaching conclusions on matters. Sure, you can make things difficult if you do things that cause permission issues, for example: if you change your admin account into a limited account, you may run into problems. Solution? If you want to set up LUA in an easy way, just create a new limited user account, don't change an old admin account into a limited user. That's it. That's all the setting up you need to do. Like with any new account, you'll have to customize the account's settings to your liking, of course. But if that takes long, you're doing something wrong. As for SuRun being necessary, it's absolutely not necessary to use LUA comfortably. I've been running XP systems on LUA for quite a few years, and have never felt any need for anything like SuRun. And sure, as I've said before, if you install SuRun, you are adding more software to the system and also more vulnerabilities. So if you don't need it, don't install it - that's the rule of all software if you're looking to minimize the amount of vulnerabilities in your system. To use the average user, or even myself as an example, why would I need SuRun? Normally, I'm not doing anything that requires admin privileges, so SuRun is useless most of the time. And when I do want to, for example, install a new piece of software system-wide, why would I not simply log in as admin to do it? It takes a couple of seconds and saves me from having to install additional software like SuRun on the system... High and mighty? Nah, just interested in practical reality, and, of course, security. LUA is a simple and essential security measure. Assuming one has any interest in security, it would be smart to run LUA. It would be even smarter to recommend the average user to run LUA instead of admin. As for people who run as admin by choice, I don't recall anyone saying that they have to be either a) insane or b) just tweaking their systems for unknown reasons. There are entirely valid reasons to run as admin all the time, like for example if you just install a whole lot of software and hardware all the time. That's admin stuff, and for that, it makes sense to be admin. Some people, of course, just have different tastes. Maybe one is allergic to seeing "access denied" messages, and therefore always wants to run as admin. That can happen. But users who have any of these qualities really aren't the majority in my experience, and therefore the advice of don't run as admin is generally valid. Those people who feel they need to be admin can easily continue to be. Finally, SRP. Really, SRP is in no way the same as LUA. They may make good bedfellows, but a lot of people that would want to run LUA would not want to run with a default-deny SRP. Even I - someone who is considerably more interested in computers than most people - have systems where a default-deny SRP would be completely unacceptable and detrimental to productivity. The fact that XP Home does not officially support (no GUI for configuring it) SRP really means nothing for LUA. LUA in XP Home works just fine without registry hacks or additional software. For some people, SRP may be a very useful addition on top of that - but not for everyone. All in all, the pros and cons of LUA really aren't very complex. Pros? You don't have full control over the system, and neither does malware that might run. Cons? You don't have full control over the system, and if you or a program you run want to do something that requires it, you'll need to log in as admin one way or the other. Naturally, things get more complex as one adds poorly designed stuff in there. That's how it is with security software in general: product X is not compatible with product Y, will crash if installed on the same system, or behave strangely. When it comes to LUA, there's the issue of poorly coded software that assumes admin rights and fails to work properly without them. Solved easily enough just by not using such software. Then there's always the issue, as with all software, of how the operating system was installed and configured. One certainly can format all drives as FAT or have the PC manufacturer muck up the default file permissions, and then wonder why LUA seems to do nothing. But, in any case, it's about time that people start seriously advocating LUA. Especially to the so called average user who doesn't have need to tweak the system or great loads of new software to install every day. In the Unix side of the pond people have understood the importance of not running as admin (or in their case, root) for a small eternity. It's no panacea, but it does make a great difference when it comes to security. For systems with multiple users it's even more important. Let the children infect their own account, if they can - at least they won't infect the entire system every time that happens, assuming their account is a limited one. For the majority of users, the pros of LUA outweigh the cons very easily indeed. And for those that feel more comfortable in an admin account, it's not like anyone is coming to take the admin accounts away. One can keep using the admin account if one desires. I would just hope one would not recommend that to other people, especially not to average users. Even more I hope that one would not recommend using some commercial security software while running as admin, over using the security features built into the OS you already paid for with possibly the free security software of your choice.
