timdaniels.com

2006-05-23

Running Windows without Admin Rights

For the past four years, I have managed a network of Windows XP systems where I don't allow the users to have Admin rights. I am amazed how few people have figured out that this is THE way to run Windows and prevent spyware and virus infestations, plus a host of other problems.

There is an interesting article at ZDNet about how Microsoft is finally figuring this out too and is considering locking down their employee's systems.

For those of you who want to learn a better way to administer your systems, there are some great resources at Aaron Margosis' WebLog.

(For those that don't have time to research this issue for themselves, at least read the following exerpt): "The #1 reason for running as non-admin is to limit your exposure. When you are an admin, every program you run has unlimited access to your computer. If malicious or other “undesirable” code finds its way to one of those programs, it also gains unlimited access. A corporate firewall is only partial protection against the hostility of the Internet: you still browse web sites, receive email, or run one or more instant messaging clients or internet-connected games. Even if you keep up to date on patches and virus signatures, enable strong security settings, and are extremely careful with attachments, things happen. Let’s say you’re using your favorite search engine and click on a link that looks promising, but which turns out to be a malicious site hosting a zero-day exploit of a vulnerability in the browser you happen to be using, resulting in execution of arbitrary code. When an exploit runs with admin privileges, its ability to compromise your system is much greater, its ability to do so without detection is much greater, and its ability to attack others on your network is greater than it would be with only User privs. If the exploit happens to be written so that it requires admin privileges (as many do), just running as User stops it dead."

2006-05-02

Why you'll love a Mac

Apple has added a section to their web site detailing some of the reasons to buy a Mac. Reason number 1? It just works. "How much time have you spent troubleshooting your PC? Imagine a computer designed by people who hate to waste time as much as you do. Where all the hardware and software just works, and works well together. Get a Mac and get your life back." Don't forget to check out the tv commercials, expecially the one about viruses. Classic!

Labels: