Thanks, CapArea.NET!

My thanks to all who came out for my presentation with Aaron Margosis last night at the Capital Area .NET Users Group. We had around 30 people, and Aaron and I quite enjoyed the strong interaction with the attendees. Hopefully, we convinced some folks to start running their machines using a normal user account. The good news is that many people said they would at least consider doing just that.

The bad news was that not a single person in the room said that they currently run their machines day-to-day with a low-privileged account. Not good. It also meant that I didn't end up giving away some goodies that I brought with me (a handful of USB memory sticks), which I had intended to give to those who currently run using a low-privileged account. So just remember that you never know when there will be surprise rewards for doing the right thing. 🙂

Comments (3)
  1. Hal says:

    Andrew and Aaron did bang up job on presenting the concepts of using low-privileged accounts. Considering that many of us have not heard the message before, I think the presenters walked away with many converts – including yours truly.

  2. Nice session Andrew and Aaron!

    Sorry that I had to leave early. My dad runs with an LUA – can he have a USB stick? 🙂

    I used to use a LUA all the time when on Linux or Solaris (who doesn’t?) but it never really occurred to me for Windows – on the developer workstation anyway …

    I still think the value has to be justified. I can rebuild a machine in 2 hours but could easily spend twice that on a weird permissions issue (when evaluating 3rd party software for example). Poor excuse since we should solve the permissions issue but you have to remember – it is the client’s $$$. 🙂

  3. Jonathan,

    If you can rebuild a machine from the ground up in 2 hours, you’re a better man than I am. But it’s also important to keep in mind that if malware gets loose with admin privileges, it’s not just the local machine that’s at risk. The potential exists for other machines on the network to be compromised, at which point the costs for cleanup rise dramatically.

    And besides the issue of cost, your example of "weird permissions issue[s]" gets to precisely the point that Aaron and I were making. That is, that running as admin to get around bad programming by third parties whose software you’re using merely perpetuates the problem, and ignores the very real risks that accompany such software. Instead, you should be demanding that the third party make their softare work properly under LUA, or go to a vendor that does.

Comments are closed.

Skip to main content