Sunday, June 26, 2005
"Abstract and obscure"? No, vital.
When you set up an account on your Windows machine you have a choice about whether to make it an "Administrator" account. An Administrator account has total control over your computer and so does every program you run when you're logged in to that account. Running a program while logged in as an Administrator is like handing your entire key ring to a valet parker.
It's safer to do your day to day work in a more limited user account. If you accidentally run some vicious program then Windows will limit the damage that program can do as long as you're in a non-Administrator account.
Not many people take advantage of this built-in Windows security measure. One problem is the many widely used defective programs that don't have a legitimate need for Admnistrator privileges but refuse to run without them. Another reason is that Windows doesn't warn you when you're running with more privileges than you need. Microsoft is trying to spread the word now but their security program manager Michael Howard says "To the average user, the notion of non-admin is abstract and obscure". It shouldn't be.
Michael Howard wrote a program to make things easier. You can run in an Administrator account, but before you do something dangerous like surfing the Web you can run his program to temporarily give up the most dangerous privileges. The program is called Drop My Rights, and running it is like taking your house and safe deposit keys off the keyring before you hand it to a valet parker.
That may be easier than running full-time in a limited account, which can confront you with really technical issues.
|
It's safer to do your day to day work in a more limited user account. If you accidentally run some vicious program then Windows will limit the damage that program can do as long as you're in a non-Administrator account.
Not many people take advantage of this built-in Windows security measure. One problem is the many widely used defective programs that don't have a legitimate need for Admnistrator privileges but refuse to run without them. Another reason is that Windows doesn't warn you when you're running with more privileges than you need. Microsoft is trying to spread the word now but their security program manager Michael Howard says "To the average user, the notion of non-admin is abstract and obscure". It shouldn't be.
Michael Howard wrote a program to make things easier. You can run in an Administrator account, but before you do something dangerous like surfing the Web you can run his program to temporarily give up the most dangerous privileges. The program is called Drop My Rights, and running it is like taking your house and safe deposit keys off the keyring before you hand it to a valet parker.
That may be easier than running full-time in a limited account, which can confront you with really technical issues.
# posted by Frederick @ 8:40 PM Email to a friend:
Haloscan: they provide trackback