BleepingComputer.com: Standard user accounts and safe browsing

Hi,

Windows security center suggests that a person should surf the net using a standard user account instead of an administrative account.

What do you think about the effectiveness of this suggestion?

Mesmerized, on May 27 2009, 09:27 AM, said:

The suggestion is extremely good, and the effectiveness of using a standard user account is arguably (and in my personal experience of some years) far greater than the use of any Antivirus product.

Most, I would say well over 95%, of all malicious software and exploits either completely fail to infect a system when the user is logged in as a standard user rather than ad admin or only succeed in infecting that standard user account instead of creating a system wide infection. Most malware requires admin privileges to succeed in doing what it does, and although more malware is coming out that can run and infect without admin rights, using a standard user account is still an excellent security measure. Indeed, it should be _the first_ security measure that all other measures are based on: limiting the rights that unknown/bad stuff have and giving the good security and system level software full rights. Your firewall, your antivirus, everything is more effective, theoretically, when they run with admin rights but the user is logged in as a standard user. This is because executable code runs with the rights of the logged in user that executes the code. If you are logged in as a standard user, any malware that runs also gets only standard user rights (assuming there isn't a rare privilege escalation or system service exploit). This means that malware running with only standard user rights cannot, for example, infect system files or terminate security programs like antivirus realtime monitors that run with admin rights, making the security software much more efficient.

You should always run as a standard user when doing anything that doesn't absolutely require an admin account. You have certainly heard how Linux and Mac OS X are said to be far more secure than Windows. One of the biggest reasons for this difference in security is the fact that Linux and OS X make people use standard user accounts, instead of admin accounts (admin on Windows is the same as Root on Unix based systems like Linux or Mac OS X, so using the OS X admin account is not the same as using the admin account in Windows).

I'm a newbie in this forum, so take my advice with a grain of salt, and Google around. Microsoft suggests using standard user accounts for a reason. It really does increase security enormously. Whereas signature based antivirus fails when it meets something new and different, standard user accounts still protect you against old and new malicious code with same effectiveness - just as long as you don't give admin rights to everything that asks for it without thinking it through.

Nice answer Snakes

boopme, on May 28 2009, 04:26 AM, said:

Thanks I'm used to running as a standard user, I've done it for many years and as long as I've been using NT series Windows'. Never had problems with it.

The explanation you provided helped me understand a bit more about some things on the Mac and Linux stuff (as to why some malware fails in it). There's always something new to learn. Great explanation.

Some years ago I bookmarked a good site detailing some benefits of running standard user (or "limited user") accounts, and it seems to still be online. It has articles written by Microsoft software engineers among others: http://nonadmin.editme.com/WhyNonAdmin

There was a link to an article that I thought had a very good summary about why running with admin rights is bad and running with a standard user account instead is good. I will quote the article:

Quote

I will add another example: what if you're browsing one of your frequently visited sites but it has been hacked and is now serving malware? If you were running as admin, and the malware was so new antiviruses don't yet detect it, guess what will happen... That's where running as standard user can limit the severity of the threat:
To paraphrase that quote, if you're running as a standard user, an exploit...
- cannot install kernel-mode rootkits or keyloggers to hide itself and spy on you, only user-mode malware that is much easier to detect and destroy
- cannot install or start services, or disable them
- cannot install ActiveX controls or addons
- cannot access data belonging to other accounts (so your kids on their own account cannot screw up your account and its files!)
- cannot cause code to run whenever anybody else logs on (no system wide infection of all user accounts), it can only infect the standard user account itself
- cannot replace critical OS or program files with trojan horses or other malware
- cannot disable/uninstall/terminate security software like antiviruses or firewalls
- cannot cover its track in the event log
- cannot render your machine unbootable (by deleting critical system files, for example)
- cannot gain control over the entire network

Standard user is great. It isn't infallible, and there are evil things malware can do even to a standard user account, but it's many times safer than admin accounts. And it helps against human error, too: what if you or your kids accidentally delete some important system file that you need - well, you can't do that with a standard user account, as only admins can delete system files. Some software is coded so poorly it doesn't work right with standard user accounts, but those are getting rarer all the time, and personally I prefer not to use such software (if they are so poorly coded they don't work with standard user rights, who knows what security vulnerabilities they have). And some software just isn't meant to run as anything except admin, like any software that does system maintenance work: defragging, checkdisc utilities or installing software and such. For those cases, you have to log in as admin for the moment, or use Run As.

I would recommend anyone running Windows XP/Vista/7 or any modern operating system to transit to using standard user accounts for daily browsing and working, and to only use admin accounts when it is absolutely necessary. It may feel a bit awkward at first, but it's a great security benefit.

Great explanation SnakeOnThePlane , I never thought that using a standard user account had so much advantages!!!

I still have a question though:

When I run Firefox for the first time using a standard user account, I discovered that the so many add-ons and themes that I had installed before were not available for this account so I run Firefox as an administrator, does this make a difference? I mean is it safer to run Firefox using my standard user account or it does not make a difference?

Mesmerized, on May 29 2009, 10:28 AM, said:

Running as a standard user does have a whole lot of security advantages.


About Firefox: Yes, it does make a big difference. It is much safer to run Firefox using your new standard user account than it would be to run it under an admin account. It really goes for all software. Admin accounts and any software running in an admin account can do anything, and that's why they're so "dangerous." Firefox is a good browser, and safe, but it's even safer under a standard user account, because of the reasons mentioned in previous posts. Firefox, like any browser, has had its share of vulnerabilities, and although the Mozilla organisation patches quickly, there are also vulnerabilities that aren't in the Firefox code but can infect people using Firefox - Adobe Acrobat Reader exploits, Adobe Flash exploits, and so on. A lot of these vulnerabilities are impossible for the bad guys to exploit if you're running as a standard user.

I don't currently use Firefox (instead I use Opera, and in a standard user account of course), so I cannot be as helpful as I'd like, but... I think that in Firefox the extension and themes are installed "per user", meaning that they are installed in the user's profile folder (in XP, Documents and Settings\[user's name]\Application Data\Mozilla), so that each user can have different extensions. That is why you aren't seeing all your extensions that you had on the admin account in your standard user account. What you could do is try installing your favourite addons and themes again, using Firefox in your standard user account. To install them, just do what you did when you installed them in your admin account. https://addons.mozilla.org ahoy! That ought to work, I think. Good luck!

Also, a reminder: since standard user accounts cannot make system-wide changes and install software system-wide, they also cannot make software updates that are system-wide. Meaning that when a new Firefox version, or any other program, comes out, to update you should log in as admin to perform the update. Standard users cannot write to Program Files where the system-wide installations are supposed to go, so you will need to do updates as an admin. However, anything that are installed per user like Firefox extensions (I think) can be updated by a limited user, but only for that account. To some people this is a little annoying, and I admit it can be a bit boring sometimes, but it is worth it. It's like seatbelts in cars - it is kind of bothersome to always put those on, but they do help.

I understand now, thanks for clearing it out !