Limit Your Exposure: Don't Use Administrative Accounts

You're probably well aware that running your desktop while logged on as an administrator can be risky. The reason of course is that administrators have full authority on the system, so any program that launches under an administrative account can perform almost any action you can think of.

As you'll learn if you read the Security Matters blog item "Windows Firewall: Another Good Reason Not to Login as Administrator" ( ), spyware peddlers have already developed a way of adding their programs to the Windows Firewall's list of trusted applications. The spyware application simply adds a registry subkey that references the application under the subkey that stores trusted applications. Any trusted application is allowed to send traffic out of the computer. However, adding a subkey to the list of trusted applications works only if the user is logged on with administrative authority. So now you know one more reason why administrative accounts should be used sparingly.

Mark Minasi recently wrote an interesting editorial in Windows IT Pro UPDATE--Special Edition titled "Follow-Up: Why Microsoft Can't Stop Root Kits." Minasi pointed out that the primary leverage an intruder has is a user logged on with an administrative account.

In a message posted to the Bugtraq mailing list, Chris Wyposal pointed out that "The security problem that has created the spyware malaise on Windows is the default Windows installation for home users, which creates the user's named account in the Administrators group. When this account is used to browse the Internet there is no protection to prevent spyware/malware from bypassing security mechanisms, such as the XP SP2 firewall, by exploiting vulnerabilities or tricking the user."

Wyposal's statement is true. The same thing goes for corporate users who use an administrative account primarily for visiting networks external to their company network. Wyposal also made the interesting prediction that due to the problem of spyware and malicious software, Microsoft will eventually change the Windows installation process so that at least two accounts are created: one for administrative use and another with limited permissions for everyday and Internet use.

Any of you who've used a Unix-based or Linux-based system know that this sort of dual-account use is standard practice. You log on with a regular user account, and when you need administrative privileges, you can use the "su" (super user) command to temporarily elevate your privileges, log out and log back in as "root" or some other administrative account, or create another logon session on your desktop.

Windows also lets users elevate their privileges, but this capability isn't used nearly as often as it should be. You probably know this already, but I'll point it out in case any readers are unaware: A simple way to elevate your privileges for specific application use in Windows is to use the RunAs feature, which lets you run programs under any account context provided that you supply the corresponding account password. This feature works great even for desktop systems on which some applications might not work correctly except under an account with some level of administrative authority. If you need help figuring out how to use RunAs, then check the articles at Microsoft's Web site.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.