But tell me FreakinSyco... how many people, think Joe and Jane Sixpack run with non-administrative accounts at home under Windows XP?
Even worse, 99% of IT people will do the same, i.e. rely on anti-virus vs. the principle of least privilege which they'll call out in a heartbeat on *NIX ("Don't run as root!!!") but fail to do the same when at home under Windows XP. It's largely a user education issue. Few people know about the tools Windows does offer and assume it's completely insecure (that's not true).
Further lots of Windows software has assumed the user DOES have administrative privileges. At one point in time Google Desktop would simply not run in a non-admin desktop. Other software dating back to Windows 9x was also guilty of this. Until a couple of years ago Winamp failed to run if you were not an administrator. Why? Because it stored its configuration (Winamp.ini) in C:\Windows and it maintained global settings for the entire machine via the depracted GetPrivateProfileString and WritePrivateProfileSring APIs dating back to Windows 3.x.
Do you think your average user would likely have such information? Or even care? They just want software to work!
This tool is a compromise. 1) People don't like passwords. 2) Most Windows XP users run as administrators with nary an understanding of the dangers getting them to change to a non-admin account has many, MANY barriers 3) This tool is a compromise.
If you run as "god"/root/administrator then by proxy as your browser pulls in crap off the Net, guess what's going to happen? Yes, security issues will persist, such as cross site scripting, but which would you rather have, a browser flaw that at most might steal some file on your system or getting your machine instrumented with a root kit? No system is 100% secure but the key is to minimize exposure.
RemoveAdmin leverages a security API that's actually part of Windows Vista as well. If you have an end user that has foolishly turned off UAC. This tool will work there. It will also work with Windows 2000.
-M
Exploits for specific document types make compromising people's machines an issue. However, what 99.9% of people that revel in schadenfreude with IE's woes miss or fail to understand (yeah including many people on Slashdot) is that most Windows XP users (which are most Windows users, Vista is only 20%) run as as "root"!!! ("administrator" in the Windows vernacular)
I wrote a utility called RemoveAdmin available on Download.com that leverages an API in Windows (CreateRestrictedToken) that strips administrative rights:
http://www.download.com/RemoveAdmin/3000-2381_4-10824971.html?tag=mncol&cdlPid=10835515
The installer will create shortcuts for IE and Fifrefox but if you look carefully it's really a program with the browser
Which means you can strip administrative rights on anything you run... in fact that's exactly what I do. I don't run *anything* that talks on the Net without this.
This means if you stumble across rigged
(Some caveats)
This is version 0.1. What would 1.0 have? A FAQ and user guide for starters. Also, I've seen this version not work in some cases, largely situations where AD is in play (probably because a user has multiple admin credentials).
If you need to run ActiveX controls on a site (poor you if you use IE), just quit IE, go to the site, have the controls installed. Quit IE and re-run IE with the secure link. Likewise this is what you would do before going to WindowsUpate.
And finally, to convince yourself the utility does something useful. Go to any site, "View Source" after you run your browser with the secure link and try to save the resultant
Maybe I'll educate some % of the IT world yet...
Respectfully,
-M
Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (5) All right, who's the wiseguy who stuck this trigraph stuff in here?