Quote:
|
Originally Posted by jimscreechy
Mr Dimensio,
But seriously does it really matter? I mean, does it 'really' matter, or are you allowing the paranoia to take root?
Conversely, perhaps I am the one being blase about security and system access rights. hmmm, I wonder. Open to comment; witty, stupid or perhaps insane.
|
My boyfriend is a Windows 2000/XP network administrator in a small but important (in the heirarchy) department of a local university. He is not affiliated with the university's IT department. He deals only with computer systems in his department, while the university's IT department handles systems across the rest of the campus.
He has no MSCE or other accredation beyond an English degree, but he manages his user's systems and his own computer according to actual security guidelines, including the guideline found
here. He also runs his computer at home in this way. He is the one who has taught me about Windows security paranoia.
The IT department staff, run by quite a few MCSEs (among other accrediations and degrees in computer-related fields), typically set up computers such that users are always logged in with full Administrator privledges.
My boyfriend's department has never had a serious problem with trojans, worms, spywayer or viruses. The university's IT department is constantly scrambling to clean up the big mess made every time a new trojan, virus or worm is released intot he wild.
I did say that my boyfriend only managed computers in his own department. Well, this is no longer entirely true. Other departments have been put under his control at their request, because when that happens, they suddenly find that their networks and computer systems run far more efficiently.
So yes, I think that it does really matter. Running as Administrator all the time in Windows is like running as root all the time in *NIX. The only difference is that Windows has built-in functionality for creating new accounts with full Administrative privledges, while *NIX does not -- at least not normally -- allow new "root" accounts to be created. Any *NIX administrator will tell you that only a complete moron would run as root all the time in that OS, yet Windows users think nothing of doing essentially the same thing in Windows, and software companies (such as EA/Maxis and Ion Storm) think nothing of requiring users to do that just to make their games work (Thief III has a bizarre requirement for Admin access or the game will self-destruct, but it can be circumvented)
And I also think that people who have no trouble running with full Administrative rights at all times are being blase about system security. A great number of the security outbreaks -- such as any that are triggered through an exploit in IE or Outlook -- could be averted if people would run their systems properly and not log in as Admin for browsing websites, checking email or playing games. System exploits can only do as much damage as the privledge level of the process through which it runs allows.
Beyond this, there is the fact that there is absolutely no justifiable reason whatsoever for a computer game, once installed, to require full Administrative access to an operating system. Moreover, the SecureROM protection in Unreal Tournament 2004 shows that it is entirely possible to have a CD checking system that does not require full administrative access, so again there is no excuse for including copy protection in a game that makes the game require full Administrative access to run. There are only two possible explanations for such a requirement: programmer malice or programmer incompetence.
I don't want software written by either malicious or incompetent programmers running with full Administrative privledges on my computer. Maybe I'm just paranoid, but I've seen the damage wreaked by people who allow just that.