Always use administrator account, bad idea?

Discussion in 'other security issues & news' started by Matt_Smi, Feb 17, 2005.

Thread Status:
Not open for further replies.
  1. Matt_Smi

    Matt_Smi Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    359
    I have heard that using the admin account as your main account is a bad idea and that you should create another user account with limited access rights for daily use. I have always used the admin account because I am always going into things like msconfig that require you be on the admin account. I am a very safe surfer as well so I am not too concerned about creating another account and using that for security reasons. But I was just wondering do most of you here use a regular account for normal usage? Or are you on admin all the time?
     
  2. Jimbob1989

    Jimbob1989 Registered Member

    Joined:
    Oct 18, 2004
    Posts:
    2,529
    I use admin all the time, but I only have one user account on my PC, myself. On the family PC, we have it set up so that each family member has a limited account and their is one seperate admin account. I think my dad set it up that way to give me and my brother a little privacy more than anything else.

    Jimbob
     
  3. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    I personally have a seperate account other than the Admin account with privelages to what I normally mess with. Kinda like having a second admin account without full admin capabilities.
     
  4. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    At one time I tried creating and using a second account for daily use, because it is safer securitywise; but to be honest, I found it an absolute pain discovering that many progs wouldn't work, so I had to keep going back and forth everytime I wanted to make adjustments requiring admin rights.

    In the end I decided it was actually much better to be 'insecure' than to put up with the annoyance of it. I'm on a standalone machine used only by me - so what the heck!
     
  5. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    I run under a separate, "normal" user account. It's getting easier all of the time as developers have increasingly adjusted to not assuming that Windows is always running with Admin privileges. It's pretty easy to run things as Admin when you want to by just right-clicking and selecting "Run as...". For some programs that are basically Admin-only utilities, you can set up shortcuts, select Advanced, and check the "Run with different credentials" box. Yes, you do have to enter the Admin password every now and then, but it isn't that big of deal really. It isn't any different than having to do so with "su" under Linux. But, somehow, people on Linux are comfortable doing so and Windows users generally aren't. It's a mindset thing, I guess.

    The only real issue I still have with the normal account setup, is that as far as I know you can't selectively startup a Windows Explorer session with Admin privileges from within a normal user account (I guess because Windows Explorer is always running as the default "shell" application). To get to an Admin-level Windows Explorer session you actually have to switch out of the normal account and back in to an Admin account. That one's a pain when you need to, say, make changes in file ownership or directory security, etc. Of course, program installation can also sort of be a pain. Games, too, have often been a pain in the past, but most modern titles are getting a lot better about configuring themselves to run for a normal user account.
     
  6. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    I use a separate account for my daily windows use. Admin is hardly ever needed. My regular account is not highly privileged, I don't need that.

    Many current linux distro's run with the root account disabled. You can't login using the root account. If needed you use the sudo (or su) command to run a program or task as root. That way it is very hard to accidentally use too highly privileged tasks.

    In our corporate environment noone is allowed to run as admin. The operators use their own personal account, although their accounts are highly privileged by nature. The admin password is locked away in a vault. Noone knows the admin password, because two parts of it have been entered by two seperate persons from two different departments.
     
  7. Matt_Smi

    Matt_Smi Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    359
    Glad to know I am not the only one who always uses an admin account.





    My sentiments exactly, I am the only who uses my computer as well.
     
  8. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    If your system is not secured enough, you're not... all worms, spyware, adware and trojans run using your account, they run as admin too.
    I have not used admin on windows for over six months, not problem yet.
     
  9. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    you guys use "AN ADMIN" account? I'm stuck using THE "Administrator" account, simply for the reason TopperID gave...
    Even the spare admin level accounts won't behave well.
     
  10. myluvnttl

    myluvnttl Registered Member

    Joined:
    Aug 23, 2004
    Posts:
    150
    Wow, a secure way to make sure no one find out the admin password ans is kept in a vault? wow impresive.........

    There are program out there that will reset the admin password with only one click of the mouse. opsss was I suppose to do thato_O? Just kidding.
     
  11. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    It is possible to start a separate Admin-level Windows Explorer session but you need to have your security policy set up correctly.

    Using Control Panel/Administrative Tools/Local Security Policy go to Local Policies/User Rights Assignments and check that the "Impersonate a client" setting has your "normal user" group listed. This should allow you to start separate Admin-level Explorer sessions.

    I would strongly argue against using Administrator unless absolutely necessary - you are effectively giving up Windows' NTFS file access controls, registry access controls and process controls by doing so. While the standard User account may be too restrictive, the Power User should cover all normal activities (except for software installation). The tips given above about using Run As should suffice for those applications that genuinely need (or are sloppily coded to demand) Admin privilege.

    Being the sole user of your system is no defense, given Windows' default promiscuity in running programs without your explicit say-so (though using Process Guard or System Safety Monitor to control this will help greatly).
     
  12. Pollmaster

    Pollmaster Guest

  13. DigitalMan

    DigitalMan Registered Member

    Joined:
    Sep 9, 2004
    Posts:
    90
  14. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Thank you, although I've got the impression that you don't get the message and didn't really mean to compliment me :doubt:
    Locking admin away has two purposes: first the admin is quite dangerous, but you know that already. Second: in our organisation there are quite a few operators. If they would all login as Admin, noone could ever know which operator was responsible for admin actions. So, the account is only ever needed in a catastrophy when a domain controller would have to be rebuild, or in the case of an ADS schema change. Opening the closed envelope that we keep in our vault, in order to obtain the admin password, is handled as a security incident, that we manage like every other incident. Yeah, we're professionals :rolleyes:
    Further, all operators have privileged accounts. They run there daily business without ever needing the admin account.
     
  15. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Let us not lose sight of the fact that going to the trouble of setting up a non-admin account on a standalone machine with one user, is only of value as a 'last resort' if all other security measures fail. If you are happy with your overall security, and you never get infected anyway, it is irrelevant whether you are on admin or not.

    If you use your machine sensibly and avoid trouble, problems may never occur. By all means tie your machine up in knots if it suits you, but that is no reason to reproach those of us who feel no need to undertake every available security measure. Let us please exercise a little common sense in this matter.
     
  16. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    However, it is a matter of perspective. You act like it is significant trouble to create a non-Admin account and to occassionally type an admin password in when you need to... but what some of us are trying to say is that it is not nearly as problematic in practice as some of you may believe. In many instances, applications like Process Guard and SSM become somewhat redundant if you never run with Admin privileges. Without admin privileges, you can't install kernel mode drivers and, as I understand it, your normal-user process privileges will not allow a process to make the API calls that allow for things like DLL injection into another process. Living with PG and/or SSM isn't without it's own hassles, yet you would apparently accept their constraints without hesitation while not accepting the simple act of occassionally entering a separate password when needed. The question is, then, what is 'last resort' and what is not?

    Personally, I feel like it is a widely accepted security principle to always try to use the least privileges necessary to accomplish whatever it is you are trying to do. In Linux, virtually no one complains about the hassles of having a normal user and root account dichotomy. Mostly I believe this is a mindset thing as I noted earlier. Microsoft could certainly help out by automatically configuring an Admin account and a user account during install, and by making the privilege escalation process even easier and more transparent when needed. True, many 3rd party Wintel developers were used to Win9x which had absolutely no multi-user perspective, and accordingly these developers tended to make bad assumptions. But this is quickly improving. It would improve even faster if more and more of the general Windows user population made use of multiple accounts rather than always logging in as Administrator.

    So its "common sense" to jump through the hoops that all of these add-on security products require, but it's not common sense to ask people to log in with normal user credentials? Many of you will think nothing of having to configure firewall policies, to run 4 different spyware scanners every other day, to disable PG or SSM during software installs, to sit through lengthy AV or trojan on-demand scans... but being asked to enter an Administrator password once in a while is unreasonable? Who is tying up their machine in knots?

    As for the "problem will never occur" argument... the same is often said of using a resident AV program. I know many people that do not run one, because they don't want the added overhead. They also say that they have never had a problem because they practice safe hex and never click on executables they haven't verified. Of course, some of this is BS. Some of these very same people wouldn't be able to tell if they ever had a virus infiltration. The same could be said of people that choose to run as an Administrator all of the time. How can you be sure that you have never had a problem? All most of us are saying is that it is prudent to not run as Admin all of the time, just as in today's day and age it is prudent to run a resident AV program.
     
  17. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    I do run ProcessGuard

    I don't use Linux

    I don't find the need for complex FW policies. I will disable PG for important security type installs. I have very infrequent full system scans, because I find I don't need them.

    I would still be running a resident AV/AT/AS in any case.

    I will always go to more effort keeping stuff out than worrying about what'll happen IF, in the theoretical circumstances, all my other defences get breached.

    For me it is putting myself out for an event I cannot see happening - IF it does happen, and IF I am put to a lot of trouble as a consequence, and IF I think there is a reasonable chance it could recurr, then I may change my view.

    I respect your decision to run more than one account, please respect my decision not to.
     
  18. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    But, you already said you run tools like Process Guard. Doesn't PG fall into the same category really? PG only helps if a virus or trojan makes it onto your system and tries to do something like kill another process, inject a DLL into another process, or install a kernel mode driver -- pretty much all of the same things that running as a "normal" user would largely also prevent. PG is a useless headache -- just like running as a normal user -- if you never execute malware to begin with.

    Ok, you think the protections afforded by not running as Admin are all largely hypothetical and extremely conditional. I disagree and I would suggest that you perhaps should read some of the documentation on the internal security design of Windows NT/2000/XP (for example, Windows Internals by Mark Russinovich and David Solomon). But, certainly feel free to do as you wish. I would, however, like to know what "trouble" you think you will be put to by running as a normal user? Typing an Admin password on occassion? That is too bothersome?

    No, I respect your decision. Certainly feel free to do what you want. We are just having a discussion here, initiated by another party. There is no harm in debating the point, is there?

    However, you sound a little defensive. Perhaps because you know that it is not the "recommended" practice but rather one you believe to be the pragmatic choice born of convenience. My point, then, is why... heck... why don't we all just go back to running Win9x? Why even bother with multi-user accounts, NTFS, process privileges, and discretionary access controls? It only goes against the last 15 years of accepted tenet within the computer security industry, but sure lets just go back and do it your way since all of this security stuff is just too burdensome anyway.

    The only reason I am continuing the discussion is because I feel that educated information security professionals like yourself do somewhat of a disservice to the rest of us. We should be promoting best practices and not falling back on convenient tradeoffs. We should be demanding that Microsoft and 3rd party Windows developers strictly adhere to the best design prinicples embodied in a multi-user, discretionary access operating system. We should be leading by example.

    Moreover, I feel it a bit disingenuous for people that consistently run as Administrator to be outspoken critics of Microsoft's lack of security. Many of the security lapses found in Microsoft code would be rendered far less harmful if users were in the habit of running with normal user privileges. Just as this is the case in the world of Linux. In fact, that is precisely Linux's one big security advantage... namely, that a breach typically has limited effect due to the limited privileges of the process running under the account of the user him or herself.

    Again, however, feel free to do what you want...
     
  19. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
  20. thee_ozzy

    thee_ozzy Registered Member

    Joined:
    Feb 22, 2005
    Posts:
    13
    Microsoft do advise you not to have more than one admin acount, and good passwords are a good idia.
     
  21. DigitalMan

    DigitalMan Registered Member

    Joined:
    Sep 9, 2004
    Posts:
    90
    The inconvenience is not just typing in a password. Not all applications behave well in multi-user mode and can be a real hassle to use. Don't take that the wrong way, I'm a fan of operating under the minimal authorization required, but I myself have a few applications that don't behave well in multi-user and I haven't scraped up the additional time to figure out workarounds. Yes its poor coding on the part of my application creators, but that doesn't change the fact that I need to run those apps.

    I recommend you read the link I posted earlier for an insightful discussion of the pros/cons of running restricted accounts for a better description of my point.
     
  22. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    would using DropMyRights and FF together be as affective as using an account with lower privileges on my standalone PC?
     
  23. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    *sends the Ghost of Blue Screens Past round to Spanner to haunt him for using such a crash-prone OS* :D
     
  24. manOFpeace

    manOFpeace Registered Member

    Joined:
    Feb 1, 2003
    Posts:
    716
    Location:
    Ireland
    I just use main account. When setting up I created second account but don't use it for all the reasons given above. Too much hassle. :eek:
     
Loading...
Thread Status:
Not open for further replies.