Considerations for Longhorn Account Security?

From: redxii (redxii_at_discussions.microsoft.com)
Date: 04/26/05

  • Next message: Josh Rossenbach: "Re: Malicious microsoft scriptlet component in IE?!" 
    Date: Mon, 25 Apr 2005 19:32:10 -0700

    Most Windows 2000/XP users run as a full administrator, as we are aware. Part
    of the problem is that this is default Windows behavior. The booklet that you
    can find with 2000 or XP tells the user that he/she should not use an
    administrator account for day-to-day tasks, outlines how to create a new
    account and change the group, and also outlines the different group types.
    But hardly anyone reads that bit of useful information, so that would be in
    part the user's fault. The other part being Microsoft's and it's being buried
    in there.

    Think about it: those accounts allow unlimited access. Your average customer
    is a curious cat. When these two come together, what happends? His curiosity
    kills him (or deletes all his data, his Windows folder, his programs, etc..).

    This is how I feel, and hope it will reach the Longhorn developers (please
    forward if you have connections!): During setup, FOR ALL FLAVORS of the OS,
    you need to have the user enter a password for the Administrator account. I
    think it was a mistake to leave it out of XP Home Edition. You need input
    protection so that the user cannot enter a blank password. From there, you
    need to inform the customer on basic security principals (such as not running
    executables from unknown sources) and you need to inform the user right there
    (in setup) on the types of accounts, and the recommended one being either a
    Power User or User.

    I can't promise it'll stop all viruses or spyware, but it will put one heck
    of a dent in their operations.

  • Next message: Josh Rossenbach: "Re: Malicious microsoft scriptlet component in IE?!"

    Relevant Pages