[Dshield] WMF "wait for us"

Jon R. Kibler Jon.Kibler at aset.com
Fri Jan 6 22:39:36 GMT 2006


Mrcorp wrote:
> 
> Just for the record, I run ME still on one of my computers and have never really had a problem
> with it.  Also, XP home for some people I help, no problems.  Perhaps its the administrators??  ;)
> 
> Mrcorp
> 

This brings up an issue that REALLY gets my blood pressure up! Administrator rights on home systems... chances are VERY good that if you are at home, right now you are browsing the Internet with Local Administrator privilege!

(BEGIN ***MAJOR*** RANT)

I don't know about ME or XP Home (I assume they behave the same as XP Pro), but when you create users in XP Pro during install (which is where most home users create all of their users), it creates them with local admin rights. To fix this, the users then have to know how to find the real Administrator account, enable it (by disable of Welcome Screen logins), and remove Local Administrator privilege from each non-admin user. 

If Windows would fix this one lame problem, then we would not have millions of security ignorant users browsing the Internet or IM-ing as Local Admin, getting their boxes compromised, and giving malware local admin privilege. Yes, it would mean that users would have to login as Administrator to be able to install software, but isn't that the purpose of the Administrator account? Parents could then easily keep their kids from downloading and installing junk. It would also help keep malware from being able to so easily take over a compromised system and install even more malware.

IMHO, this is a bigger issue than the original XP shipping with the firewall disabled... and one that M$ has yet to address. After all, what ever happened to PoLP?

(END OF RANT)

Jon Kibler
-- 
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list