Michael Howard
Microsoft Security Engineering
“So, whenever someone says they must operate their computers as administrators, I always try to persuade them it's not the correct thing to do from a security perspective. That said, every once in a while I meet someone who has a valid reason. For example, I use one of the computers in my office to install the latest daily build of Windows, and I need to be an administrator to install the OS. However, and this is a big point, I do not read e-mail, browse the Web, or access the Internet in any form when running as an administrator on that machine. And I do not do so because the Web is the source of most of the nasty attacks today.
What if someone does want to browse the Web? Or read e-mail? Or do Instant Messaging and so on, and for some reason must run in an administrative context? If you look at the major threats to computers, they are from user interaction with the Web through tools like browsers and e-mail clients. Sure, there are non-user interaction attacks, such as Blaster (http://www.cert.org/advisories/CA-2003-20.html) and Lion (http://www.sans.org/y2k/lion.htm), but that's in part why we turned on the firewall in Windows XP SP2!”
Note For Best practices on running as a non-admin, I urge you to look over Aaron Margosis' blog to glean tips on running as a non-admin in Windows.
http://msdn.microsoft.com/security/securecode/columns/default.aspx?pull=/library/en-us/dncode/html/secure11152004.asp
Posts
No comments:
Post a Comment