Administrator Accounts
UPDATE: For those of you who are Mac users and laughing at the poor Windows users, this affects you too. The Rootpipe malware silently escalated its privileges to your maximum privileges to launch an attack on your system. Apple just recently fixed this, but ONLY FOR THE CURRENT VERSION OF OSx – apparently, it was a pain to fix. So, this is good practice for both Windows and Mac users.
Most home users, at least on Windows and probably on the Mac, have the userid that they log in with every day set to be a local administrator. Unfortunately, this is often the case in small businesses (and some large businesses) as well.
The reason why people do this is because certain actions require you to be an administrator and if you are not running as an administrator, you will either have to log off and log on as the administrator or see a pop up prompting you to enter the userid and password for an administrator account. Sometimes, installing a new program or adding a printer are examples of when this happens. In companies where the user is not given an administrator level account, they would need to open a help desk ticket. This annoys the user and makes work for the help desk, so security goes out the window.
Years ago – like when Windows XP was first released – there were a lot of programs that required administrator level accounts just to run because they were poorly written. When Microsoft added the UAC feature (user account control) and businesses stopped giving users administrator permissions, these companies got a lot of tech support calls and probably lost customers, so they fixed it so that you did not have to be an administrator to run the program. The most common reason that you had to be an administrator is that the programs wrote to system protected folders, which is a no-no anyway. There are still a few programs that the average bear might use where you need to be an administrator, but they are rare.
The downside to logging in every day as an administrator is that IF your computer becomes infected with malware, the malware can do anything to that computer – anything.
Where we are seeing this the most is with Ransomware malware like Cryptolocker. Cryptolocker encrypts your files and suggests that if you pay them a ransom (typically a couple of hundred to a couple of thousand dollars), then they will send you the keys to decrypt your files. Of course, if you have good backups, you can tell them to pound sand – or just ignore them. If you don’t have good backups – and the files are important – then, for the most part, you have to pay the ransom. Some variants of the malware not only encrypt your data files but also encrypt system files – effectively turning your computer into a very expensive brick.
If, when the malware is installed or activated on your computer, you are not running in the role of an administrator, the malware can do less damage. In this case, less is definitely more.
To add insult to injury, if you have network access (like to a file server) or if you are an administrator in a small business and you have write access to other servers in the company (see this post from a few months ago – a non-profit organization lost their entire company infrastructure because an administrator was linked to all the company’s servers with write permissions), the effect can be, shall we say, dramatic.
This is a perfect example of convenience vs. security.
If it is more important to avoid logging in with extra permissions to do the occasional job that requires them vs. avoiding having all of your important files at home or work encrypted, then the all too common practice of running as an admin is a good strategy.
If, on the other hand, you don’t want to have to explain to the CEO of your company or your household (likely by looking in the mirror) why your systems are down, why you can’t get any work done and why you have to go buy some bitcoins and send them to Russia or China, then that extra step of NOT being a local (or worse yet, domain administrator at work) is a really good plan. At work, this can be a “resume generating event”.
Convenience, Security. Pick either one. You don’t get both.
See this article for some additional details.