funsec mailing list archives
Re: Administrator Accounts
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 23 Feb 2006 13:05:19 +1300
Blue Boar to Larry Seltzer:
I would assume that all, or nearly all enterprise Windows users are logging into a domain. This means that their rights are controlled through domain administration, and making the average user an administrator would be an insane thing to do.
You'd think, but sadly, even today, much "corporate" and bespoke systems are written by security morons and the customers are NOT making it a _requirement_ of those vendors/developers to make their software "work right" in a modestly secured corporate configuration...
Sane or not, I believe it's quite common to make someone a local admin on their machine, via their normal domain login. Otherwise (at least historically) you couldn't do things like install software, add printers, change your network settings, etc... quite problematic for roaming laptop users.
Reputedly many of these things have been fixed (but what a night mare such issues used to cause in NT 3.x and (earlier) NT 4.0 days).
I'm sure a lot of that has been improved, but I doubt the basic need (maybe perception of need?) has disappeared.
I suspect you're right that partly its a perception thing -- in the many places the old "it always worked if we did..." thinking tends to ossify despite OS and application improvements. Combine that with slack admins whose only (or at least major) interest is "make it work" rather than "why does it work, or not, this way" and you have a lot of badly misconfigured systems where there is no perception by the admins that there may even be the possibility of a problem (when you ask "Why is it configured thus?" they respond "because it works"). But, despite significant improvements in the features and workability of the OS itself, even when deployed in a corporate setting where the admins are really sharp and keep abreast of these developments and improving their base system design taking account of such developments, you _still_ get hosed by that "must have" (as in, "business essential") app that was written back in win16 days and although "updated" for Win32 (i.e. the developer recompiled it when the Win32 version of their dev tools were released, possibly shortly before going out of business and taking the source code with it), or that "must have" app that was written by a pack of gibbons who can't collectively spell security and whose developers assume (or are just too thick to understand that it can be any different) that because _they_ have local admin rights on their machines everyone does.
I like the way the Mac does it, makes you quite comfortable as a regular user, and prompt for the password when you need to do something that takes privs.
Apply that to Windows (as we may see as the default in Vista, I think -- at least in the Vista equiv of XP Home) and you will quickly see your typical Windows user entering their local admin password into every freaking popup on the planet (and there will be a lively business in "this is how to trick out the system to accept a null-password for the admin account..." workarounds, or "automatic password fillers" to save folk from having to do all that typing or [insert favourite stupid anti- security trick/nightmare scenario here]). Windows got where it is almost solely because of its better usability (which drove the anti-security mindset really hard in Redmond) and because of the wealth of applications and gizmos that worked with it (also mostly developed with no concern whatsoever for user security issues). Pretty much anything that gets in the way of that will be undone, overcome, actively repressed or at least worked around by a huge chunk of the great unwashed Windows userbase, pure and simple. And, if MS makes it "too hard" for enough of those users to do pretty much whatever, whenever then those users may just finally jump to one of the "dumb" Linux distros that virtually implements the Windows 9x security model already (and allows for very easy circumvention of what little additional security it does put in the users' way) and/or we will see yet another "consumer Linux" distro built to not have precisely those limitations and justified on the grounds that "there are no Linux viruses" or some such horse puckey (and yes, you will be able to buy cheap PCs pre-loaded with this OS at Wal Mart...). Remember -- especially for the SOHO market (and a sadly large-ish chunk of the slack-arse corporate market too) -- when it comes down to a choice between better security and having the user be able to install and run the pink flying elephant thingy, the pink flying elephant always wins... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: OT Ferrari Enzo crash, (continued)
- Re: OT Ferrari Enzo crash Mike Owen (Feb 22)
- Administrator Accounts Larry Seltzer (Feb 22)
- Re: Administrator Accounts Brian Loe (Feb 22)
- RE: Administrator Accounts Larry Seltzer (Feb 22)
- Re: Administrator Accounts Matthew Murphy (Feb 22)
- RE: Administrator Accounts Larry Seltzer (Feb 22)
- Administrator Accounts Larry Seltzer (Feb 22)
- Re: Administrator Accounts Blue Boar (Feb 22)
- RE: Administrator Accounts Larry Seltzer (Feb 22)
- Re: Administrator Accounts Blue Boar (Feb 22)
- RE: Administrator Accounts Larry Seltzer (Feb 22)
- Re: OT Ferrari Enzo crash Mike Owen (Feb 22)
- Re: Administrator Accounts Nick FitzGerald (Feb 22)
- Re: Administrator Accounts Vicky Røde (Feb 22)
- Re: Administrator Accounts Nick FitzGerald (Feb 22)
- Re: Administrator Accounts Matthew Murphy (Feb 22)
- Re: Administrator Accounts James Kehl (Feb 23)
- Re: Administrator Accounts Matthew Murphy (Feb 23)
- Re: Administrator Accounts Blue Boar (Feb 23)