On 5 Oct 2006 at 10:44, Rick Glazier wrote:
> From: "Bernie Cosell"
> > I've said this many times, but I'll say it again, "Running with an
> > administrative account is dangerous to the health of your computer
> > and your data." So, whenever someone says they must operate their
> > computers as administrators, I always try to persuade them it's not
> > the correct thing to do from a security perspective. ...
>
> Bernie, it is hard to disagree... (I am not...)
>
> But then you get some "critical" program that INSISTS on running in
> Admin Mode... Then, to add insult to injury, when you lock down
> other things, (like adding security settings in the Browser, the program
> complains about THAT and tells you to "fix things" or it will not work
> correctly... (I have screen shots of all this if anyone is interested...)
All of that is true and usually easily fixable. Every system has
'critical' programs that need special privileges to run [browsers are
*NOT* one of them...:o)] and there is always a mechanism for doing so.
ON Unix, you use "setuid". Windows provides two ways:
1) easy but a little bothersome: click on the shortcut, select
properties/advanced, and check "run with different credentials"
then whenever you go to run that program, you'll be prompted and
you type in your admin password and away it goes.
2) Much better but a little tricker: Use "runasuser".
<http://www.palmersoft.co.uk/main.asp?content=runasuser>
It is similar to unix's 'setuid' bit, only even better [virtually
everything to do with security on xp is better than on
unix..:o)].
Of course, most of these problems aren't programs that need enhanced
privileges, but rather programs that are badly programmed. But here,
too: that kind of programming bug [and it really is a bug!] is only
tolerated in the Windows world [whereas it would NOT be tolerated in an
application running on ANY Other platform] because windows users are WAY
to complacent about running admin-all-the-time, so why should the
application writers care?
/Bernie\
--
Bernie Cosell Fantasy Farm Fibers
mailto:[EMAIL PROTECTED] Pearisburg, VA
--> Too many people, too few sheep <--
--
----------------------------------------
To unsubscribe, mailto: [EMAIL PROTECTED]
Is your picture included in the Official Win-Home List Members Profiles Page?
http://www.besteffort.com/winhome/Profiles.html
If not, write to: [EMAIL PROTECTED]
