Saturday, June 12, 2004
Administration ministrations
Yesterday I discovered Windows XP's "Run As..." context menu option. This allows you to right click on an exe and run it as another user. In my house I have an old tower PC running Linux From Scratch - the true geeks' Linux - which is my firewall and NAT router as well as hosting my subversion repository and spam sink. I also have an old Powebook which is doing nothing, a new Powerbook (well only 18 months old) for all my serious stuff and a tower PC running Windows XP. The XP PC (called Amy) is used for Windows development and playing games. I also surf the web with it occasionally.
The "Run as..." option is fab because it negates one of the major security problems with Windows. I bet virtually everybody who is reading this is doing so on a Windows box of some sort. Ignoring the people who are using some other operating system, most of you will be using Internet Explorer and all of you are probably logged in on an account with administration rights. This combination is a disaster from a security standpoint because most of the malware on the Internet is targetted at Internet Explorer or Outlook and as soon as IE is compromised, your box is rooted (Unix expression meaning some nasty person owns admin rights).
Why are you all logged in as admin? It's stupid and dangerous! No Unix user would ever consider doing that. My guess is that you do it for the same reason I did until yesterday: it's a pain in the bum to install new software if you don't run as admin. It's also a pain in the bum to do config changes. Unix users have never really had this problem because they have two tools "su" and "sudo" which allow them to temporarily give themselves admin priviledges. With "Run as..." XP users can do the same thing as Unix users. For instance you can run your software installer as admin while being logged in as a normal user.
So I've enabled the Administrator account on my XP box and downgraded my own account to "Power user". If that works out, I'll downgrade it further to ordinary user and I'll be saf(er) from all those nasty viruses and worms. Hooray!
The "Run as..." option is fab because it negates one of the major security problems with Windows. I bet virtually everybody who is reading this is doing so on a Windows box of some sort. Ignoring the people who are using some other operating system, most of you will be using Internet Explorer and all of you are probably logged in on an account with administration rights. This combination is a disaster from a security standpoint because most of the malware on the Internet is targetted at Internet Explorer or Outlook and as soon as IE is compromised, your box is rooted (Unix expression meaning some nasty person owns admin rights).
Why are you all logged in as admin? It's stupid and dangerous! No Unix user would ever consider doing that. My guess is that you do it for the same reason I did until yesterday: it's a pain in the bum to install new software if you don't run as admin. It's also a pain in the bum to do config changes. Unix users have never really had this problem because they have two tools "su" and "sudo" which allow them to temporarily give themselves admin priviledges. With "Run as..." XP users can do the same thing as Unix users. For instance you can run your software installer as admin while being logged in as a normal user.
So I've enabled the Administrator account on my XP box and downgraded my own account to "Power user". If that works out, I'll downgrade it further to ordinary user and I'll be saf(er) from all those nasty viruses and worms. Hooray!