http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/ Engadget Comments for Windows 7 is safer when the admin isn't around http://www.engadget.com/media/feedlogo.gif http://www.engadget.com en-us Copyright 2012 Weblogs, Inc. The contents of this feed are available for non-commercial use only. Blogsmith http://www.blogsmith.com/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 6:51AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/
Me either. I don't believe I even want to try using a limited user account on my computer.

Even as an administrator i still have to click YES I WANT THIS FILE I JUST CLICKED ON THAT I JUST DOWNLOADED IN FIREFOX TO OPEN]]>Mar 30th 2010 6:57AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/
Of course. Restricted access is only for the majority of computer users who when faced with a popup that says "Urgent: Your computer has been found to have a virus and is under threat. Please download this software." click yes.]]>Mar 30th 2010 6:59AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/You're not giving up your right, you're just not allowing someone access to your computer if somehow, you manage to do so (phishing site, exe etc)

I've run as a regular user on my Mac for a while now. It's just good practice I think. Especially when you like to script- you don't want to screw up your machine because you made a simple mistake. Remember to keep a strong password even IF you're the only one to use your computer.]]>Mar 30th 2010 7:01AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 7:12AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 7:46AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 8:11AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/
Fixed the title for you guys...]]>Mar 30th 2010 8:17AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/
Stay out of the admin account unless you actually need to play administrator. That just makes so much sense, even if you are tech savvy. I prefer to do the user tasks from a user account, typing in my admin password when prompted - which doesn't happen often enough to be a bother. Peace of mind I guess.

Of course I don't use IE, but still....]]>Mar 30th 2010 10:11AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 10:44AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/
Not true. If a legitimate website you visit frequently doesn't have proper security on their back-end and a malicious user exploits that back-end to inject malware that then propagates out to all of that page's visitors, then you can get infected simply by going to a legitimate site that you visit every day, whereas if you'd visited that site without being an admin you would've been ok. I agree most infections happen because users are careless or simply uneducated, but even power users can get hit in the way I described.

I agree a limited user account on XP is pretty frustrating because you have to switch users rather than temporarily authenticating, but Vista/7 has made living without full-time admin rights much easier.]]>Mar 30th 2010 10:46AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/
This is something that users of unix based operating systems have known forever... you don't perform daily tasks as root.]]>Mar 30th 2010 11:08AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/
I used to run my home computer in admin mode all the time. I learned my lesson the hard way. Now I always run as a user and just have to type in my admin password to make changes when I need it. It's a bit of a hassle, but at least I won't have to reformat my computer every couple months.]]>Mar 30th 2010 11:51AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 12:26PMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 2:52PMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 6:57AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/
The best AV/AS Software is Common Sense 2011.]]>Mar 30th 2010 6:58AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 7:07AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 7:08AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 7:14AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/
Take the porn away and you can take most people's Internet away :).]]>Mar 30th 2010 8:54AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 9:29AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/
And if you happen to go to a legitimate site whose back-end has been compromised because they didn't have sufficient security on their database, then what? You didn't do anything risky but you still run the risk of getting infected. Running without admin rights on a daily basis is still best practice because you simply don't need them available all the time. UNIX has known this forever with per-task elevation, and Microsoft has finally adopted this model in Vista/7. It boggles my mind when people turn UAC off because it's "annoying" and then complain when they get infected.]]>Mar 30th 2010 9:32AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/What is an ongoing surprise is how unfriendly windows is to run in a situation like this.
It is unfortunate that it drives many extremely basic users to run 'cowboy' as it is simply too confusing for them to deal with the issues otherwise.]]>Mar 30th 2010 6:59AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/+1 on good practice. No need to stay Super User all day.]]>Mar 30th 2010 7:03AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 7:04AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 7:15AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 7:27AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 7:29AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/
sounds like the kind of article starter you could have used for the so called "braking" news of apple developing a new iphone]]>Mar 30th 2010 7:41AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/
"Braking" news? Is the Apple news around here slowing down? Not likely considering this is Engadget!


(I think you meant "Breaking"...)]]>Mar 30th 2010 9:34AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 7:42AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/
the last UAC prompt i saw was the one asking me if i was sure i wanted to turn UAC off.]]>Mar 30th 2010 3:15PMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Judging by your comment, you probably are the sort to click on those penis enlargement ads. You had better turn UAC back on.... just asking for trouble]]>Mar 30th 2010 3:38PMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Reminds me of another piece of research (I foget who by) that cost millions to conclude that if you don't use a computer you're "digitally disadvantaged" compared to those that do. No, really?]]>Mar 30th 2010 7:50AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 8:35AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 10:09AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/
the purpose of a study like that is to find out exactly HOW someone is disadvantaged, not *whether* they are disadvantaged.]]>Mar 30th 2010 11:40AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 8:03AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/What is annoying is that some programs will automatically put icons on the desktop without asking first, even if it's just an update and there wasn't an icon there before, which means you have to type in a password to get rid of something you never wanted in the first place. But, yeah, for that I blame the people writing that particular software (which sadly is sometimes Microsoft).]]>Mar 30th 2010 8:41AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 8:51AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 8:55AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/
Not true at all. If a vulnerability works by modifying Windows system files or files in the Program Files directory, or by making system-wide registry changes, a standard user account would be unable to do those things and therefore the vulnerability would not be able to get injected into the system. There is still some malware that can hose up that user's account pretty well by installing applications into non-standard folders (like the user's Application Data folder) and mess with the user's data, but it won't be able to make system-wide changes. It's not just a matter of the same damage being done and simply going "unnoticed".]]>Mar 30th 2010 10:42AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 8:57AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 9:34AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 9:42AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/
If you are looking at this as being an issue of your rights being violated (as if it was a human right to run as admin 100% of the time) you are so beyond wrong in your thinking. It is exactly thinking like that which has helped foster such severe security problems on the Windows side of the fence.

Unix users know that it is idiotic to run as root (the equivalent of administrator) 100% of the time. Root privilege is only needed when doing true administrative tasks on the computer, like adding new hardware or software, or changing key system settings. This is the major reason Unix operating systems are so resistant to infection. If something demands root access and you didn't call it you know it's likely something bad. And that something bad is heavily restricted in the damage it can do because it is not running as root.

This problem has its beginnings in the days of DOS, an OS that gave unrestricted access to both hardware and software to any application running. This meant it was solely the programmer's responsibility to ensure there application did not misbehave and, let's say, nuke your disk's MBR. There was simply no oversight from the operating system to intercept bad decisions being made by bad code. Remember, even the best coders make mistakes. They are only human.

This problem was inherited from DOS to consumer versions of Windows (NT fixed this early on, but was rarely used outside of business). People wonder why Windows has had so many stability issues, and the answer is simple: You. It is your fault. Consumers demand compatibility with older applications, which has forced Microsoft time and again to maintain that backward compatibility at the expense of security. This is why XP defaults to creating an admin account every time you make a new user account. Microsoft knew that limited/standard accounts would break many applications, and this was more than an average consumer could deal with. Outside of a professionally supported IT environment (like enterprise) limited accounts don't work for consumers.

Think about how many people complain that their work computer won't allow them to install what they want, because the "evil" IT guys won't let them. If that person is you, they have good reason to not let you install stuff. Averages consumers simply don't get the need to limit admin access on corporate machines. That selfish thinking is why they will install shit like Pointcast even if it brings down the entire company's network. If you haven't heard of Pointcast, here's some history for you:

http://en.wikipedia.org/wiki/PointCast_%28dotcom%29

Consumers bitch and whine about stability of Windows and in the same breath bitch and whine that their shitty app from 10 years ago doesn't work on a newer version of Windows (like Vista). They think Windows is the problem, when in reality the app programmer is at fault for their use of undocumented features or bad coding practices.

The latest great example of this is UAC.Yes it broke compatibility with some apps, but those apps were poorly written to start with. And let's face it, Microsoft's implementation of Cancel/Allow didn't help user perception of the technology. But think for a moment: outside of system utilities, how many applications really need (and by need, I mean a rational explanation behind the behaviour) admin rights?

Even so-called IT professionals are telling people to disable UAC because "it's a hassle" or "it prompts too much" or "I should be able to be an admin all the time" or "I know enough to not get into trouble running as admin 100% of the time"... the list of idiotic reasons go on and on. UAC has it's flaws but running as a standard user under its model is infinitely better than running as admin 100% of the time. If anything, UAC highlighted how terribly broken some programs were, and to be frank, it's better to ditch the shitty apps then disable UAC.

If you want to get educated on why running as admin is plain idiotic Coding Horror has a good article on the subject:

http://www.codinghorror.com/blog/2007/06/the-windows-security-epidemic-dont-run-as-an-administrator.html

There are numerous other resources on the subject. Any discussion on the treatment of root accounts under Unix is a good starting point as to why running as admin 100% of the time is plain stupid.]]>Mar 30th 2010 11:53AMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/
-Microsoft is not guilty of the vulnerabilities and crash, the guilty are the programs and their programmers.
also
-Office (any version) is plagued with troubles and subsequents patch.
and
-since Office is faulty and Office was developed by Microsoft
then
-Microsoft is guilty.

Corollary UAC fail miserably even in MS products.
]]>Mar 30th 2010 12:55PMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/
Your first point I already said, so I don't know why you are repeating it. I personally don't have crashes and issues with Office. That said, I was not talking about Office.

And UAC has worked quite well for my Windows Vista and 7 systems. It does what it is supposed to do: restrict admin privileges when using an admin-level account.

On modern machines (2001+), my experience has been that most crashes/infections/problems people have with their computers are their fault. That includes buying substandard hardware and software.

A computer's condition is reflective of the individual who uses it. Any technician worth their salt knows this. It's no different than the condition of your house, your car, or cell phone... whatever property you have. If you take care of your shit, it will take care of you. True accidents in computing are rare. There is a logical explanation for just about any type of computer problem.]]>Mar 30th 2010 3:04PMhttp://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/http://www.engadget.com/2010/03/30/windows-7-is-safer-when-the-admin-isnt-around/Mar 30th 2010 4:22PM