Re: Domain users members of local administrator

David Wang [Msft] wrote:
I do not distinguish between enterprise, small business, or
home/family when it comes to this.

At the end of the day, if you keep silent and keep buying the @#%&* ,
then the vendor has no reason/motivation to change.

For example, I have been running as non-admin user for several years
now, and I constantly complain and file bugs against every single
Microsoft product (internal or external) that I install and does not
work as non-admin. Although I often don't get my wish the very first
time, I usually get it the second time - so many of the productivity
programs I use will run perfectly fine as non-admin user. Of course,
this has taken a few years to take effect, and I don't have it for
every MS product, but overall, I am pretty happy with the
improvements to run as non-admin.
Vista is not going to magically solve any of this. Vista just forces
the issue in the vendor's face by making more users run as non-admin
by default. I think it is a gutsy move by Microsoft because when
those legacy applications break on Vista, do you think the users will:
A. complain that the application vendors foisted insecure software on
them in the past
B. complain that Microsoft took steps backwards with Windows Vista
and broke compatibility

Viewed another way -- for years, the customer has failed to push the
vendors to improve quality when it comes to security. Microsoft is
making a gutsy push on the security front and probably will get
complaints from Customers and Vendors... even though the move is the
right one to make... and the customer failed to make the right move
for years. Now, who says that customers are always right? ;-)

Thank you to you and Roger for your insightful analysis. I agree that it is
not a good idea to run with administrator privileges. Where we disagree
somewhat is the root of the problem. I do not blame the end users. I think
most of the blame lies with Microsoft. Microsoft is very late to the
security game. I have many books on programming for and with Microsoft
products. It is only very recently that taking into consideration in any way
that the programmer doesn't have administrator privileges has been pushed. A
whole generation of programmers have learned to program with this model. For
Microsoft to now say the end users should push the vendors to change their
ways is ostrich like behaviour. Microsoft is a major cause of the problem
and Microsoft should be a major part of the solution. I know Microsoft is
making a huge effort to make sure their own programs follow the current
security paradigm. I don't see a great push by Microsoft to educate either
end users or programmers.

The reason I am looking forward to Vista is because it will make end users
more aware and thus put pressure on software vendors. I agree with you
there. I think Microsoft has to be very careful however that your B scenario
doesn't take place. If Microsoft doesn't work with the vendors and
programmers there will be a huge backlash that may cause many end users to
be wary of upgrading. I mostly deal with small business customers. They are
very leery of changing something that is working. They have neither the time
nor the inclination to learn something new just because it is there. Many
small business' are still running DOS based line of business applications
because it works. I realise that this is seemingly incompatible with
security but it is the reality. Microsoft will have to actively sell the
security paradigm and prove to the customers that it will benefit them. If
you leave it to the customers alone to pressure stubborn vendors then Vista
may fail to gain significant market share in this market. As for your last
question. No the customer is not always right but the customer is the one
who pays the bills so you sometimes have to do things their way even if it
is not right. Your only recourse is to educate them and show them why they
are wrong while not offending them.

As to the average user being able to run as a non admin user I stand by what
I said. With Windows XP most home and small business users simply won't be
able to figure out how to make it work. There are too many roadblocks in the
way and the vast majority will simply take the easy way. Even Microsoft
implicitly recognises this or it would not be the default to run with
administrator privileges. In a structured IT environment it can be done and
all with my customers using Active Directory it is done and works well. For
the rest of the world it doesn't work.