Re: Power Users, AntiSpyware & CriticalUpdates

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2005-08-31 arh wrote:
> I am working on a Win XP SP2 system to be used as a "Clone" for new
> systems, or replacement hard drives.  Our Corporate Culture previously
> allowed everyone to be Local Admin; now everyone will be a "Power
> User".  I've worked as a Power User for a week.  With "Run As" and/or
> RDC I can do all admin chores (so far ;)...

Power users are not really an improvement, as they still have far too
many privileges to achieve actual security. Make your users normal
users if possible. Otherwise don't bother. Making them power users isn't
worth the time you'll spend on it.

> A couple of things about these Power User workstations:
>
> Do we need a WUS or WSUS to deal with Microsoft Windows Critical
> Updates, or is there a better way?

You could leave automatic updates pointing directly to Microsoft's
update servers. A (W)SUS would enable you to test updates on a set of
test boxes before approving them for automatic enrollment to your
network, though, so having a (W)SUS usually is a good idea.

> We will have Spybot installed.  I also want to install Microsoft
> AntiSpyware, but it has so many poorly-worded, cryptic "warnings",
> that we may not.  Is there any decent articles on controlling
> AntiSpyware alerts, or should we move on to something like CounterSpy?

How about "move to not getting spyware installed in the first place"?
Like don't make your users admins or power users and have them use a web
browser that is not IE.

Regards
Ansgar Wiechers
-- 
"Another option [for defragmentation] is to back up your important files,
erase the hard disk, then reinstall Mac OS X and your backed up files."
--http://docs.info.apple.com/article.html?artnum=25668