Admin vs. Normal User Rights

[Gesslar]

http://www.osnews.com/story.php?news_id=13185

This story brings up a good point. In the *NIX (Unix/Linux) world, the big rule of thumb is: DON'T LOGIN AS ROOT.

Basically it goes as this...

If you need to perform administrative actions on your machine (install/uninstall/configure global system components) and if you have no choice, then login as root, do your thing and then logout. But if you -have- a choice, then don't login as root.

For NORMAL USER OPERATION of your system, you should have a user account to login with Normal User Rights. What this means is that this user account does not have permission to do anything destructive to your system.

The Windows family tree has basically TWO lineages: The DOS lineage (Windows, Windows for Workgroups, Windows 95, Windows 98, Windows 98SE, Windows ME) and the NT lineage (Windows NT 3.51, Windows NT 4.0, Windows 2000, Windows XP, Windows Vista [forthcoming]). Up until recently, only the DOS version was commonly used in the home. With the effective death of the DOS line, people now have the ability to BE more secure, should they so choose. In the DOS lineage, you didn't really have the opportunity to protect yourself natively since the only authentication mechanism (the login prompt) was there to decide which PREFERENCE profile was loaded so that multiple users of the same machine could be assured of their favourite wallpaper loading, et al. This "phony" login box could easily be bypassed by merely pressing Escape, or hitting Cancel. Not exactly security.

With the NT lineage, however, you have permissions, rights, similar to other network-oriented operating systems (*NIX, for example). NT wasn't really a home operating system as it lacked most of the multimedia support to make it in any way attractive to home users. 2000 made huge leaps in the home usability arena and finally in XP we have the multimedia capabilities of Windows 98 with the stability and greater memory management of the NT line.

So, what we have now is an environment that ALLOWS us to protect ourselves against a lot of threats that come in through malware/spyware/virii, etc. It's really easy to do, even. Set yourself as a regular user instead as an administrator; or if you login AS Administrator, create yourself an account and login that way, instead. But do we ACTUALLY do? What ACTUALLY happens is that we can't be bothered to have to manage our machines with one account, and have our fun with a different account so we end up in a "workaround" solution. We login using an account that has complete control over the machine and place our faith in toolbar popup blockers, we spend hours scanning our machines for virii and spyware and complain that we keep getting these inefctions on our machines. Now, obviously, with a little security consciousness we should still have our anti-virus and our anti-malware softaware but if we were -really- concerned about the hassles that we incur with every infection or problems that accrue with horribly coded malware wouldn't we want to make our lives just that much easier by logging in with a restricted account that allows us to play our games, use email, chat, etc.

But then I thought about it for a second...I dual boot, myself. Sometimes I'm in Gentoo Linux, and other times I'm in Windows XP Professional. In Gentoo, I NEVER login as root, I do everything using the equivalent of running the necessary administrative programs as if i were root, but when I'm in Windows, I login with my account that has Administrative rights, and has complete authority on the computer. Does that make me a hypocrite? I don't really think so, and the reason it that I KNOW my risks, and I know how to take care of myself in Windows, and even if I were to be completely shut down, Windows-style I can recover, and even reformatting, etc, while a pain in the ass, yes, is not such a disastrous problem for me. But there are much less technically minded people out there who run their computers with administrative accounts and without the wherewithall to fix their own problems who rely on third-party software manufacturers to think for them.

Yes, Windows is not the most secure, but really neither is *NIX. True there are fewer virii and malware written for *NIX, and a lot of people say that it's because Windows is more prolific, but I wonder if it's not because of that but more because it seems like a big waste of time to write virii to attack people who just don't leave the door open.

Anyway, look at the article above and see what you make of it. I'm going to try it out tonight to see how it goes. If anybody wants help on how to configure themselves, there are lots of geeks around who might be able to help you, or if begged, I might write some instructions.

[Gadiantor]

To sum up what Karhd is saying... Logging in as an administrator is like having unprotected sex. You can do it, and if you're careful you won't catch anything, but if you're overly casual you run a risk of catching something that won't go away.

Protect your 'puter, wrap that shooter!

Or log in as a regular user...or something...

[Gesslar]

I don't think Gadiantor should be allowed to sum up articles any more.