> OK, maybe you should take some basic security courses. This is one of > the silliest and most ignorant statements about Windows security I have > ever heard. And I have heard a lot.
You sure about that John? eWeek seems to agree with me. Now, I won't argue that running as a least privilege user will absolutely eliminate security exploits (especially considering that Apple takes a year to fix QT exploits), but it's a vast improvement. This is no different than not running as root in Linux or on the Mac. "Using fully patched Windows 2000 Professional and Windows XP Professional clients, we visited a series of less-than-savory Web sites in an effort to install various types of adware and spyware bundlers. We performed the same tests on separate but identical virtual machines, varying only the user's group membership-with users representing Administrators, Power Users and Users. After attempting to install the various applications, we rebooted the client, logged in with an approved Administrator account and installed anti-spyware software. Using this software, Sunbelt Software Inc.'s CounterSpy 1.5, we scanned each system, totaling the number of threats found as well as the grand total of threat instances detected. We found a vast degree of difference among the three user memberships. On our Windows 2000 Professional client with User permissions only, none of the malware installed completely and two threats actually warned that the user had insufficient privileges. A third loaded a malicious process into memory, but the threat did not reappear after reboot. The Sunbelt scan performed after the reboot could find only a single threat, which consisted of one file in the browser cache. The systems managed by Administrators were not nearly as fortunate: On the Windows 2000-based system, CounterSpy found 19 threats consisting of three memory processes, 503 files and 2,500 registry keys-all of which had installed." http://www.eweek.com/article2/0,1759,1891447,00.asp Another web site broke down the results: Total Processes Files Registry Windows 2000 SP4 User 1 0 1 0 Administrator 19 3 503 2,500 Windows XP SP2 User 0 0 0 0 Administrator 16 20 400 2,774 http://nonadmin.editme.com/WhyNonAdmin > Yeah, those fools follow the Microsoft guidelines for coding. What > idiots > they be. I can't find anything for XP, though I do know that coding for admin only is a violation of the "Designed for XP" program, it is also a requirement for Vista certification. http://msdn2.microsoft.com/en-us/library/ms182020(VS.80).aspx http://msdn2.microsoft.com/en-us/library/aa480150.aspx Notice that I said "certification." Anyone can still write a Windows app that violates this rule and not have it certified. ************************************************************************ * ==> QUICK LIST-COMMAND REFERENCE - Put the following commands in <== * ==> the body of an email & send 'em to: [EMAIL PROTECTED] <== * Join the list: SUBSCRIBE COMPUTERGUYS-L Your Name * Too much mail? Try Daily Digests command: SET COMPUTERGUYS-L DIGEST * Tired of the List? Unsubscribe command: SIGNOFF COMPUTERGUYS-L * New address? From OLD address send: CHANGE COMPUTERGUYS-L YourNewAddress * Need more help? Send mail to: [EMAIL PROTECTED] ************************************************************************ * List archive at www.mail-archive.com/[email protected]/ * RSS at www.mail-archive.com/[email protected]/maillist.xml * Messages bearing the header "X-No-Archive: yes" will not be archived ************************************************************************
