Web and Email and Administrators

MSDN has just published part 2 of Michael Howard's discussion of strategies for browsing the web and reading email more safely if you absolutely must log onto your day-to-day machine as Administrator. Regular readers know I recommend against this, as does Howard, but if you can't or won't do this, this article series can provide you with at least some level of protection.

Part 1, if you missed it, is here. And, of course, you should be reading Michael Howard's blog, if you're not already.

Comments (4)
  1. tony roth says:

    ok I’ve got a headache, its seems a bit contrived to lower an applications security context just to surf the internet. In our IT house I’ve challenged everybody to come up with a good reason to log into the desktop as an admin. One by one I’ve shown that its unecessary. So Please give me a good reason to log in as admin



    ps I do know of one reason but I’m not telling!

  2. I don’t know of any good reasons to log in as administrator on a day-to-day basis, so I can’t give you one.

    I’m providing this link in the interest of helping those who either cannot or will not run using a lower privileged account, not as a recommendation for what you *should* do.

    Keep up the good work pushing people to stop regularly running as administrator.

  3. tony roth says:

    Sorry, not trying to challenge you. But I think the two articicles are doing MS a disfavor in that they give creedance to people saying they need to run as admin. Personally I think they (the two articles) should be yanked asap! Yes the coding is semi cool but can cause more harm then good!

  4. Tony,

    There’s a saying: "Never let the perfect be the enemy of the good."

    I understand your concern…certainly I think it’s valid to question whether providing tools and advice of this nature might enable those who are reluctant to run as a low-privileged user to avoid doing so indefinitely. But I guess I would argue that there is a subset of users who will continue running as administrator no matter what arguments are mustered against the practice. Ideally, I’d like to see everyone adopt least privilege. But in the absence of that perfect world, I’d still rather see those folks who are running as admin have more protection.

    I would also note that in the article I linked to, Michael Howard specifically disclaimed this being a substitute for running with least privilege:

    "Now the real final caveat. This is no replacement for running as a non-admin, and only elevating (using RunAs) as needed. Think about it. If you run some malware as non-admin, that malware could send keystrokes to another, possibly high-privilege process if that process handles keystrokes or messages."

    That seems like a pretty clear message to me. Whether those the advice is targeted to heed it is another matter, of course.

Comments are closed.

Skip to main content