Originally posted here by SirDice
It's the software's fault NOT window's...
It's both, really. Yes, the software manufacturer ought to write it so that the software does not *need* to be run from an admin account.

However, I hardly think that Microsoft is entirely innocent from blame--there is entirely too much in the way of badly-written software out there. I've a sneaking suspicion it could be on account of a certain closed-mouthedness on Microsoft's account as to how to perform certain essential functions as a regular user, rather than the assumed single-user model that's been 'good enough' since Ye Olde Arcane Dayes of MS-DOS [ may it rest in pieces ].

KublaiKhan... for this point forward I forbid you from discussing computer security issues. To say you have flawed assumptions is like saying the Pacific Ocean is moist.

Seriously though... no more security answers until you ask and have answered a lot more security questions.
I'll excuse you for not knowing who I am. Ask some of the older people. They'll vouch for my credentials.
quote:
If Windows had a sane [ read "Unix-like" ] user administration system then most of these problems would be relatively moot.

I think you'll be hard pressed to find anyone on the planet that thinks the idea of a superuser account is a good one. This is perhaps the most frequently discussed weakness of the traditional UNIX system.
The Windows method of account structures makes far, far more sense. Accounts have no power that isn't controlled by the security policy. As opposed to normal users who all have the same privilieges and then a superuser account that doesn't even use permissions.
In my experience, with a properly crafted set of user groups, and judicious application of chgrp, chown, and a proper understanding of how exactly unix file permissions work, the end result is far more secure than Windows ever could be.

And if a "Superuser" account is such a bad idea, whyfore does Windows have "Administrator"? That's just a misspelling of "root". *wink*

All jocularity aside, a security policy ought to be something developed for each specific case--not a fiat handed down from your software manufacturer.


quote:
There are some reasons why people use the administrator account under Windows for daily use--mostly, in my experience, because Windows' implementation of 'normal' user accounts tends to break some software.

No, they are the same reasons why so many new UNIX/Linux users spend all day as root. Because they are lazy... they don't like the occasional hassle of errors while installing new applications and since this happens frequently while first using a system (codecs, browser extensions, etc) they make a habit of it. I can't think of a time I've ever had an application break when run as a normal user saving for of course applications that do things normal users ought'nt be doing.
I myself have spent a grand total of....let's see. Maybe six hours total in the root account, over my various years of using 'nix based systems.

What I was referring to was admittedly a slightly-out-of-date copy of StarOffice which would throw up an error and die in a normal user account, but would run normally with admin privleges. Puzzled me slightly for a while as to why it didn't work.

However, if you're pointing the finger at laziness and user-error, might I point out to you the vast majority of end-users who display those symptoms regularly on *all* platforms? I admit, Microsoft does seem to give a sort of half-effort towards setting things up to prevent the effects of user laziness--but it's still no substitute for a properly-administrated box.

quote:
An ideal system would be where you have a specific account for web browsing only, and all that anyone could possibly exploit would be whatever you've downloaded while on the account. You could put your downloads into a shared folder of some kind, and use another account on the machine to do your actual work.

This is pretty much how all the Windows 2000 systems at companies I've been employed for work (My home systems as well) and this is directly related to one of my "My Problem with Linux Questions" posts.
Great. Good for you. You've got a clue; have a cookie.

This still does not change the fact that there are a great deal of other companies, and thousands more users out there, that do not take these precautions.

quote:
However, on an OS that doesn't allow complete multi-user sessions [ as in, more than one user accessing the system at the same time...don't fool yourself; I've not yet seen a practical way of doing this with XP... ] this becomes quite cumbersome.

The simplest way to do this is to create a shortcut for the application that you want to run as a different user and on the properties of the shortcut click the "Run as" check box. Not complicated... naturally you can do more advanced things like alter the permissions on the original application file to prevent users from ever launching it under their credentials.

cheers,

catch
That still doesn't address my fundamental point--I want to be able to have multiple accounts running simultaneously. Windows does not allow me to do this.

And I'll only be cheerful after I've had my coffee.