Full Trust can’t be trusted

Microsoft gets blamed for a lot of security problems, and for the most part, they deserve it. There’s no excuse for the irresponsible “on by default” policy that resulted in so many vulnerable Windows 2000 IIS installations. That’s why Nimda was so devastating. Windows 2003 has a great security record, mostly because of Microsoft’s new “off by default” policy. I expect Windows XP SP2 to be similarly successful.

Here’s what disturbs me, though. Even if we eliminate all the system vulnerabilities, what about the biggest vulnerability of all – the user? The fastest growing virus vector is complicit users:

In the past year, spyware problems have become especially pernicious, leaving companies scrambling to respond to customers who don’t necessarily realize they have spyware. Companies are concerned about the cost of dealing with such calls. But perhaps more worrisome, they fear customers will wrongly blame them.

Spyware generally refers to programs that land on computers without their owners’ knowledge. They can deliver hordes of pop-up ads, redirect people to unfamiliar search engines or, in rare cases, steal personal information. Users most often get them by downloading free games or file-sharing software – and consenting to language buried deep within a licensing agreement. And because they consented, “in some ways it ties our hands because we can’t legally interfere,” said Mike George, head of Dell’s U.S. consumer business.

It’s a thorny problem. How do you protect users from themselves? Unix users will quickly respond with “users should not run as root.” And they’re right:

Unfortunately, running as root (or Administrator) is common in the Windows world. In fact, Microsoft is still engaging in this risky behavior. Windows XP, supposed Microsoft’s most secure desktop operating system, automatically makes the first named user of the system an Administrator, with the power to do anything he wants to the computer. The reasons for this decision boggle the mind. With all the lost money and productivity over the last decade caused by countless Microsoft-borne viruses and worms, you’d think the company could have changed its procedures in this area, but no.

Windows, unlike Unix, started life as a single user system. So running as Administrator is deeply ingrained into Windows users. While you can run as a regular user under XP, the User Accounts section of control panel practically begs you not to:

Users with limited accounts cannot always install programs. Depending on the program, a user might need administrator privileges to install it. Also programs designed prior to Windows XP or Windows 2000 might not work properly with limited accounts. For best results, choose programs bearing the Designed for Windows XP logo, or, to run older programs, choose the “computer administrator” account type.

If that doesn’t scare the crap out of the average user, nothing will. The correct, Unix-y idea that users should not run as Administrator will be adopted by the Windows world, albeit excruciatingly slowly. Microsoft has 10 years of history to overcome, and some non-trivial usability hurdles to address. Security is complexity, and users don’t like complexity: they just want to do their thing. To some degree, security and convenience are mutually exclusive.

Although running as a regular user would be a definite improvement in security – at the cost of convenience – it’s still something of an illusion. If users want software bad enough they will jump through any arbitrary hoop to get it, including switching to an Administrator account. Never underestimate the power of a free copy of the latest Linkin Park album. Malware vendors will be more than happy to document the “installation” process for their free p2p file sharing software – File, Run As, Administrator. And once that door is open, it’s open for everyone.

So we’re back where we started: how do you protect users from themselves in an increasingly exploitative world, where malware and phishing grow by double digits every year? Maybe the only answer is something like is Dan Appleman’s education effort. While we clearly need to continue attacking the technology part of this problem, it’s unrealistic to think we can ‘solve’ security through technology alone.

Jeff Atwood

Written by Jeff Atwood

Indoor enthusiast. Co-founder of Stack Overflow and Discourse. Disclaimer: I have no idea what I'm talking about. Let's be kind to each other. Find me https://infosec.exchange/@codinghorror

⏲️ Busy signing you up.

❗ Something's gone wrong. Please try again.

✅ Success! Check your inbox (and your spam folder, just in case).

Related posts

Welcome to The Internet of Compromised Things

Welcome to The Internet of Compromised Things

This post is a bit of a public service announcement, so I’ll get right to the point: Every time you use WiFi, ask yourself: could I be connecting to the Internet through a compromised router with malware? It’s becoming more and more common to see malware installed not

By Jeff Atwood ·
Comments
Computer Crime, Then and Now

Computer Crime, Then and Now

I’ve already documented my brief, youthful dalliance with the illegal side of computing as it existed in the late 1980s. But was it crime? Was I truly a criminal? I don’t think so. To be perfectly blunt, I wasn’t talented enough to be any kind of threat.

By Jeff Atwood ·
Comments
I Was a Teenage Hacker

I Was a Teenage Hacker

Twenty-four years ago today, I had a very bad day. On August 8, 1988, I was a senior in high school. I was working my after school and weekend job at Safeway as a cashier, when the store manager suddenly walked over and said I better stop ringing up customers

By Jeff Atwood ·
Comments
Make Your Email Hacker Proof

Make Your Email Hacker Proof

It’s only a matter of time until your email gets hacked. Don’t believe me? Just read this harrowing cautionary tale. When [my wife] came back to her desk, half an hour later, she couldn’t log into Gmail at all. By that time, I was up and looking

By Jeff Atwood ·
Comments

Recent Posts

Let's Talk About The American Dream

Let's Talk About The American Dream

A few months ago I wrote about what it means to stay gold — to hold on to the best parts of ourselves, our communities, and the American Dream itself. But staying gold isn’t passive. It takes work. It takes action. It takes hard conversations that ask us to confront

By Jeff Atwood ·
Comments
Stay Gold, America

Stay Gold, America

We are at an unprecedented point in American history, and I'm concerned we may lose sight of the American Dream.

By Jeff Atwood ·
Comments
The Great Filter Comes For Us All

The Great Filter Comes For Us All

With a 13 billion year head start on evolution, why haven’t any other forms of life in the universe contacted us by now? (Arrival is a fantastic movie. Watch it, but don’t stop there – read the Story of Your Life novella it was based on for so much

By Jeff Atwood ·
Comments
I’m feeling unlucky... 🎲   See All Posts