Running Windows Without Administrator Privs? 239
javacowboy asks: "For a while now, I've been advising friends who run Windows to try running as a regular user, as opposed to running as administrator, which is the default setting. However, I switched to Mac a year and a half ago and I haven't run Windows since, so I'm probably not the best person to be giving this advice. Still, on a philosophical level, *trying* to run Windows as a non-admin, given the prevalence of viruses, worms, trojans, and spy-ware, seems to make sense. Have any of you tried to run Windows as a non-admin, and how did it work out for you? Are there certain tasks or certain software you need to be admin to run? How realistic is it to expect a Windows user to run their OS as non-root?"
Forget it. (Score:2, Insightful)
a) You are in a company, working with a professional IT environment, with a helpdesk and administrators with knowledge
b) You are an administrator with knowledge
Running windows as non-admin is not for the faint of heart. While most Microsoft software runs flawlessly as non-admin, there is a large percentage of third party software which does not. This can be fixed in most circumstances, changing permissions in C:\Program Files\, the HKLM Key in the Registry, giving some Special Permissions to users, etc. pp.
Most games still don't work as non-admin. Installing a new application becomes a rather tremendous task of trying to find out what doesn't work. Sometimes these missing permissions cause rather subtle errors, which aren't obvious to figure out.
You will need to use sysinternals filemon/regmon each time you install an application.
It's not a problem to create a professional company network with only restricted users, if you have staff which is always available (-> You are not using a service provider). And if you have a rather restricted set of applications which is in use (You don't upgrade apps on a weekly basis - might happen if you're using SPS or PBX configuration tools).
My usual recommendation to home users are the following points:
* Use COMMON SENSE, think about what you're doing
* Keep a recent image of your machine on a seperate USB Harddisk
* Run your machine behind NAT of some sort
* Keep an updated Antivirus/Antispyware solution on your machine
* If you can, buy a Mac
The latter is a good choice, as long as macs aren't to popular.
Re:one experience (Score:3, Insightful)
What problems did you have ? Because while I don't use WMP frequently, I've never had a problem using it in a non-admin account.
These problems in XP aren't rare and are artifacts of an infrastructure with security tacked on in ugly layers again and again, all as afterthoughts.
The security infrastructure in NT (ie: XP) has been there from the get-go and certainly wasn't "tacked on" as an "afterthought".
I hope Vista proves better at this, but wonder how many applications will continue as problematic because of a murky and muddled and shifting security architecture.
It's got nothing to do with the architecture and everything to do with poor developers.
And, also for the record, Microsoft has the money and power to fix this once and for all. I'm sure some will defend Microsoft's incremental work on this, but for too many years my observation has been Micosoft using their money to buy additional fingers with which they point at others to blame rather than work to solve comprehensively the security and system integrity problems.
How do you propose Microsoft "fix" it ? By writing everyone's applications for them ?
Re:one experience (Score:2, Insightful)
Having a whole heap of programs looking in different places for updates is horrendously stupid. The OS should provide a centralised place from which you can update the entire OS and all your apps in a centralised and consistent manner.
Re:one experience (Score:3, Insightful)
When merging the 2 together, they decided that a consistent (ish) interface was more important than security, so the underlying security features got bypassed or papered over.
Re:Forget it. (Score:4, Insightful)
It seems like Windows was set up so that the Administrator uses the Administrator account all the time, and if it's your personal computer, that's you - limited users are for when someone else is the Administrator.
Re:Not hard to do on a home computer... (Score:4, Insightful)
Re:one experience (Score:2, Insightful)
Seems lik there are a couple items they could do to start off:
Re:one experience (Score:2, Insightful)
wow, what a prick. (Score:1, Insightful)
"After alot of explaining, she agreed that maybe I knew a little bit more than she does about maintaining a computer."
Talk about having a big head.
"And even then, the I keylogger installed will probably help me figure out what she did, as well as when."
Did you know that not only is this an asshole thing to do, it's illegal? You don't own that computer and spying on your GF without her concent is a violation of law. And since you seem to be SOOOOO concerned with being "legal"
"then installed a legal version of Win2K Pro,"
Thougt you might want to re-consider crossing the line.
Answers to your thoughts: (Score:3, Insightful)
2) There are other programs besides the Logitech tool that can take pictures with your camera. Try any other PTP supporting application (like the Windows XP Camera wizard). In general bundled software that comes with any hardware is likely to be crap... not just Logitechs'.
Ok... we're getting closer to my original point... (Score:3, Insightful)
If Intuit doesn't want to have to deal with Grampa Bob and 50,000,000 of his closest friends who can't run TurboTax because Vista defaults to a user account, then Intuit can fix their application or cede all of their customers to TaxCut.