Re: Administrator Accounts

[Nick FitzGerald <nick () virus-l demon co uk>]

Blue Boar to Larry Seltzer:

> > I would assume that all, or nearly all enterprise Windows users are logging
> > into a domain. This means that their rights are controlled through domain
> > administration, and making the average user an administrator would be an
> > insane thing to do. 

You'd think, but sadly, even today, much "corporate" and bespoke 
systems are written by security morons and the customers are NOT making 
it a _requirement_ of those vendors/developers to make their software 
"work right" in a modestly secured corporate configuration...

> Sane or not, I believe it's quite common to make someone a local admin 
> on their machine, via their normal domain login.  Otherwise (at least 
> historically) you couldn't do things like install software, add 
> printers, change your network settings, etc... quite problematic for 
> roaming laptop users.

Reputedly many of these things have been fixed (but what a night mare 
such issues used to cause in NT 3.x and (earlier) NT 4.0 days).

> I'm sure a lot of that has been improved, but I doubt the basic need 
> (maybe perception of need?) has disappeared.

I suspect you're right that partly its a perception thing -- in the 
many places the old "it always worked if we did..." thinking tends to 
ossify despite OS and application improvements.  Combine that with 
slack admins whose only (or at least major) interest is "make it work" 
rather than "why does it work, or not, this way" and you have a lot of 
badly misconfigured systems where there is no perception by the admins 
that there may even be the possibility of a problem (when you ask "Why 
is it configured thus?" they respond "because it works").

But, despite significant improvements in the features and workability 
of the OS itself, even when deployed in a corporate setting where the 
admins are really sharp and keep abreast of these developments and 
improving their base system design taking account of such developments, 
you _still_ get hosed by that "must have" (as in, "business essential") 
app that was written back in win16 days and although "updated" for 
Win32 (i.e. the developer recompiled it when the Win32 version of their 
dev tools were released, possibly shortly before going out of business 
and taking the source code with it), or that "must have" app that was 
written by a pack of gibbons who can't collectively spell security and 
whose developers assume (or are just too thick to understand that it 
can be any different) that because _they_ have local admin rights on 
their machines everyone does.

> I like the way the Mac does it, makes you quite comfortable as a
>   regular user, and prompt for the password when you need to do 
> something that takes privs.

Apply that to Windows (as we may see as the default in Vista, I think --
at least in the Vista equiv of XP Home) and you will quickly see your 
typical Windows user entering their local admin password into every 
freaking popup on the planet (and there will be a lively business in 
"this is how to trick out the system to accept a null-password for the 
admin account..." workarounds, or "automatic password fillers" to save 
folk from having to do all that typing or [insert favourite stupid anti-
security trick/nightmare scenario here]).

Windows got where it is almost solely because of its better usability 
(which drove the anti-security mindset really hard in Redmond) and  
because of the  wealth of applications and gizmos that worked with it 
(also mostly developed with no concern whatsoever for user security 
issues).  Pretty much anything that gets in the way of that will be 
undone, overcome, actively repressed or at least worked around by a 
huge chunk of the great unwashed Windows userbase, pure and simple.  
And, if MS makes it "too hard" for enough of those users to do pretty 
much whatever, whenever then those users may just finally jump to one 
of the "dumb" Linux distros that virtually implements the Windows 9x 
security model already (and allows for very easy circumvention of what 
little additional security it does put in the users' way) and/or we 
will see yet another "consumer Linux" distro built to not have 
precisely those limitations and justified on the grounds that "there 
are no Linux viruses" or some such horse puckey (and yes, you will be 
able to buy cheap PCs pre-loaded with this OS at Wal Mart...).

Remember -- especially for the SOHO market (and a sadly large-ish chunk 
of the slack-arse corporate market too) -- when it comes down to a 
choice between better security and having the user be able to install 
and run the pink flying elephant thingy, the pink flying elephant 
always wins...


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.