homepage Welcome to WebmasterWorld Guest from 23.22.2.150
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Microsoft / Deprecated - Microsoft Windows 7 Operating System
Forum Library, Charter, Moderators: bill

Deprecated - Microsoft Windows 7 Operating System Forum

    
90 percent of Windows 7 flaws fixed by removing admin rights
bill

WebmasterWorld Administrator bill us a WebmasterWorld Top Contributor of All Time 10+ Year Member Best Post Of The Month



 
Msg#: 4108186 posted 11:40 am on Apr 1, 2010 (gmt 0)

90 percent of Windows 7 flaws fixed by removing admin rights [arstechnica.com]

After tabulating all the vulnerabilities published in Microsoft's 2009 Security Bulletins, it turns out 90 percent of the vulnerabilities can be mitigated by configuring users to operate without administrator rights, according to a report by BeyondTrust. As for the published Windows 7 vulnerabilities through March 2010, 57 percent are no longer applicable after removing administrator rights. By comparison, Windows 2000 is at 53 percent, Windows XP is at 62 percent, Windows Server 2003 is at 55 percent, Windows Vista is at 54 percent, and Windows Server 2008 is at 53 percent. The two biggest exploited Microsoft applications also fare well: 100 percent of Microsoft Office flaws and 94 percent of Internet Explorer flaws (and 100 percent of IE8 flaws) no longer work.

 

jecasc

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4108186 posted 12:00 pm on Apr 1, 2010 (gmt 0)

Yeah right. Since by removing admin rights, most of my applications don't work properly anymore we can then all turn off our computers for the day close the office and go home.

On the bright side: That fixes 100% of Windows 7 flaws.

maximillianos

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4108186 posted 1:20 pm on Apr 1, 2010 (gmt 0)

Flaws? I thought Win7 was finally the turning point for Microsoft?

This however does not surprise me. Maybe they should implement what Unbuntu Linux does. They prompt you for the admin's password when needed. Otherwise you are running as a non-admin.

J_RaD

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4108186 posted 1:41 pm on Apr 1, 2010 (gmt 0)


Yeah right. Since by removing admin rights, most of my applications don't work properly anymore we can then all turn off our computers for the day close the office and go home.


what? you never heard of a right click and "run as administrator" ? this isn't something new or ground breaking...they have been teaching admins not to login as the administrator since NT 4.0 days.

step 1. login as administrator
step 2. create a new user
step 3. get the heck out of the admin account.
step 4. (optional) disable admin account.


They prompt you for the admin's password when needed. Otherwise you are running as a non-admin.

that is what 7 does, but instead of asking for a password it prompts to run as admin.

Brett_Tabke

WebmasterWorld Administrator brett_tabke us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4108186 posted 2:11 pm on Apr 1, 2010 (gmt 0)

> 90 percent of Windows 7 flaws fixed by removing admin rights

Thus making win 7, 100% useless. There is no way I could last an hour on my machine without admin rights.

Demaestro

WebmasterWorld Senior Member demaestro us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4108186 posted 3:10 pm on Apr 1, 2010 (gmt 0)

> this isn't something new or ground breaking...they have been teaching admins not to login as the administrator since NT 4.0 days.


And yet it is still a problem? You would think that this being an issue for so long that they would come up with a way that you can run as admin without every program that you interact with inheriting the same permissions.

Ridiculous, that it has been a known issue this long and still no real fix, even with how many new releases between NT and win7?

I am really starting to think that we need a class action suit against MS, where any moneys from a judgment would go into a fund that people could apply to receive money back to recoup from lost hardware, software, cost of removing viruses, cost to replace files.

J_RaD

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4108186 posted 6:21 pm on Apr 1, 2010 (gmt 0)

you wouldn't run linux as root, and you wouldn't run windows as admin.

what is the rub here?


Thus making win 7, 100% useless. There is no way I could last an hour on my machine without admin rights.


how so? are you running windows 7? I am, Im also running with the admin account disabled under a seprate account. You need to do something that requires admin privg you get a prompt... big whoop you can even disable the prompt. Its no different then running linux and having to enter the root password to do something.

Demaestro

WebmasterWorld Senior Member demaestro us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4108186 posted 6:52 pm on Apr 1, 2010 (gmt 0)

and you wouldn't run windows as admin.


So why be able to create users with the Admin role?

If all that is needed is an admin password to allow admin actions then why allow users to create an account with it? This goes double for Home editions which are mostly used in homes, and homes usually don't have a systems admin so what is the point of an admin account?

If this was newly discovered then I would be telling people that they need to be careful and not be angry, the fact that this has been ongoing since around 2000 and still isn't addressed is what has rubbed me wrong.

J_RaD

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4108186 posted 10:26 pm on Apr 1, 2010 (gmt 0)

and homes usually don't have a systems admin so what is the point of an admin account


um..... what does having a sys admin have to do with the "administrator" account on a computer?


If all that is needed is an admin password to allow admin actions

again...how is any of this different then linux/unix and the root account?

why is this a confusing concept to you?

Brett_Tabke

WebmasterWorld Administrator brett_tabke us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4108186 posted 12:00 am on Apr 2, 2010 (gmt 0)

> how so? are you running windows 7?

startup:
- verizon pc monitor won't run with out admin rights.
- running apache from command line needs admin rights (not running as a service)
- win 7 barks about alot of programs that I have to manually click 'ok' to run even as admin. (how can I turn that off)?

Even running as admin 100% there are still alot of things that have trouble. Our main prob with win 7 is network shares between vista xp and win 7. We have two boxes we simply can share the root of. So we have to install vnc's and such to get them to share. I am sure if I would have set all those machines up as admin, there wouldn't be this issue.

J_RaD

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4108186 posted 1:00 am on Apr 2, 2010 (gmt 0)


- win 7 barks about alot of programs that I have to manually click 'ok' to run even as admin. (how can I turn that off)?



head to control panel, then users, then adjust user account control. that should take care of that.

running apache from command line needs admin rights (not running as a service)


right click on your cmd and pick run as admin, you can also make a short cut that does this automaticly.

the networking stuff.. win7 homegroup works fantasticly. that is if you are all running windows 7.
what exactly do you mean share the root? do you mean just the root of the drive or what? I can figure it out in the morning.

Brett_Tabke

WebmasterWorld Administrator brett_tabke us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4108186 posted 4:45 pm on May 14, 2010 (gmt 0)

> user account control.

that is everyones first 10 clicks on a new machine isn'st it?

> you can also make a short cut that does this automatically.

Seems to only work on somethings. What am I missing? (tried and tried). I can not start apache without a prompt coming up.

> what exactly do you mean share the root?

ya, root of system drive. c:\

J_RaD

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4108186 posted 5:40 pm on Jun 2, 2010 (gmt 0)

In the Advanced Properties, check "Run as administrator," and click Ok: Anytime you launch the shortcut, you will have administrator privileges

now everytime you run apache it will have the proper privilages.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Microsoft / Deprecated - Microsoft Windows 7 Operating System
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved