Re: registry hacked under XP limited account

• Previous message: lecter: "Re: registry hacked under XP limited account"
• In reply to: Max Burke: "Re: registry hacked under XP limited account"
• Next in thread: Knox: "Re: registry hacked under XP limited account"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 29 May 2005 10:22:58 +0200

"Max Burke" <mlvburke@%$%#@.nz> wrote:

Your email address is syntactically wrong!

> > Stefan Kanthak scribbled:
> > WRONG: running as limited or restricted user on a properly setup XP or
> > 2K system prevents malware from infecting or compromising the system
> > itself or other user accounts.
>
> All good advice....

I know ;-)

> But (theres always a but)
>
> Have you ever tried to set up a user account on XP (Home AND Pro) and still
> have ALL the applications, utilities, etc function as they do when running
> as administrator?

Yes, all the time since I started to use NT4 back in 1997!
When I encounter an application that doesn't work AND I don't need it
badly -> trash (or if I bought it after explicitly asking the vendor
"is this REALLY designed for NT" -> back to vendor, money back to me).
If I WANTED to use the application I checked where it fails and adjusted
te permissions (or created a mapping for the *.INI).

> It cannot be done for most ordinary users (like myself) who just want to be
> able install and run applications that they/we use everyday.

You can install almost any application from an restricted account with
Shift+Rightclick->Run as... and then select "Administrator" and enter
the password.

> The huge ammount of tweaking, configuring, exceptions being allowed to just
> run applications and utilities, and to even get some Microsofts applications
> to work on a limited account just doesn't cut it for the ordinary user.

If it won't work return it to the vendor. They'll learn if enough people
will do so.

> If the ordinary user wanted to have to do this just to get any program to
> work they'd be using some version of *nix, not Windows. ;-)

You'll have to use "su -c pkgadd $PWD/*.pkg" or "sudo" there too!
But: this works. What also works is adjusting permissions on say
/dev/cdwriter or setting suid-bit for /usr/bin/cdrecord to let the
normal user burn CDs.
Windows has the finer granulated ACLs, but even it's manufacturer
uses them to their full extent. Microsoft apparently doesn't even test
many applications with "restricted user" accounts. SAD!

> You either have to give up using the applications and utilities you user
> every day or run as administrator.

Hmmm... not me. But I DONT WANT to use crappy applications, I'll return
them and get my money back. Typical situation: the bigger the company
the crappier the software!

> Not that Microsoft is entirely to blame here; It just as much the fault of
> third party developers who insist taht their application/utility has to run
> with FULL admistrator privilleges or not at all.

Right. On the other side I sue Microsoft for being overly "careful" not to
break even the most misbehaving applications (including their own, like
MS Office:-).

> Microsoft need to make XP a LOT easier to setup limited user accounts that
> can still run any applications/utilities that needs adminstrator level
> access; Developers need to make their applications run with either limited
> or administrator level access.

No! Microsoft MUST NOW stand up and tell all the developers AND testers out
there to develop for NT: install as Administrator or PowerUser, ask Windows
for all the right paths (no hardcoded C:\Program Files\, but %ProgramFiles%
or SHGetFolder()), "%AllUsersProfile%" instead of "%UserProfile%" or even
"C:\Dokuments and Settings\%UserName%\") and let the program run with any
rights the user has.
If some functions of the program need higher privileges: give MEANINGFUL
"error" messages, and don't say "You need admin privileges to run me" right
after the start.

> I have tried quite a few times to set up and run limited user accounts on XP
> Home and XP Pro and every time had to give up and revert back to running a
> Administrator account just to do my 'every things' I do with my computer.

Not here. Not me, not the some hundred people that use my installations.
OK, no one plays games (if I want to play games, then not on my PC that's
to boring), and I have to give advice sometimes how to tame the beasts,
but it's possible!

> I now take the view that as long as I maintain a fully up to date patched
> and secure systems, and enforce 'safe hex' practices then running as
> administrator is the best and only viable, user friendly option for the
> ordinary user wanting to do their ordinary everyday work on their computers.

Take a look at RunAsAdmin on sourceforge.

> Hopefully microsoft are improving this 'situation' in Longhorn...

They'll again present a shiny surface with many useless gadgets.
I personally can't really work with XP's explorer, it's way to smart
for me.

Stefan

• Previous message: lecter: "Re: registry hacked under XP limited account"
• In reply to: Max Burke: "Re: registry hacked under XP limited account"
• Next in thread: Knox: "Re: registry hacked under XP limited account"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]