Anti-virus vs. Non-Admin

This may be controversial, but I truly believe it and I’ll say it: With today’s threat landscape and the way malware works today, you are better off running as non-admin WITHOUT anti-virus than you are running as admin WITH anti-virus. If your anti-virus/anti-spyware/anti-malware software requires that you run as administrator in order to protect you,…

70

I’m Back! Upcoming Posts…

It’s been way too long, but I’m going to force myself to find the time to get more “least-privilege” information posted here.  Most of my posts til now have been about ways for those of us who administer our own machines to run Windows as a non-admin, invoking administrator privileges only when truly needed.  That’s one of…

17

Running restricted — What does the “protect my computer” option mean?

If you’ve been reading my “non-admin” posts, by now I assume you have seen the Windows XP “Run As” dialog.  (If you haven’t, please read this post first:  “RunAs” basic (and intermediate) topics.)   The initial settings when the “Run As” dialog opens are to run the program as the current user, with an option…

53

“Zero-day” attacks and using limited privilege

There have been a couple of credible sounding stories in the press in the past week or two about zero-day attacks – that is, the malicious exploitation of previously unknown vulnerabilities.  I think we’re going to start seeing more of these, as the bad guys better understand the economic value of finding and exploiting vulnerabilities. …

14

“RunAs” basic (and intermediate) topics

In this posting:  What is RunAs?  How to use RunAs from the GUI (even if you can’t see it) Using RunAs from the command line When RunAs won’t work Useful RunAs shortcuts and related tips for the non-admin   Did you know that millions of people run as non-administrator every day?  It’s true!  What do…

149

The easiest way to run as non-admin

Upcoming posts in my LUA/non-admin track: Using secondary logon (RunAs) Running control panel applets as admin Using RunAs with Explorer Temporarily elevating your current account to admin without logging out Running with a restricted token (what does “protect my computer and data from unauthorized program activity” actually mean) “etc.” But first, the low-hanging fruit:  how…

61

Why you shouldn’t run as admin…

First, let’s define terms.  This may be oversimplifying, but for the purpose of this discussion there are only two types of users:  Administrators, and Users.  They are essentially distinguished by membership in the “Administrators” and “Users” local groups.  “Administrators” have complete and unrestricted access to the computer/domain.  “Users” are prevented from making accidental or intentional…

70

Not running as admin…

The security principle of “least privilege” is well understood:  Software should run with the smallest set of privileges needed to perform its tasks.  Low-privileged processes can do a lot less damage when they are compromised (or just buggy) than processes running at high privilege levels.  Windows has made great strides to run services with lower…

43