- What's the Problem with Running as an Administrator?
- The Almighty Administrator
- What's Next?
The Almighty Administrator
These problems arise from the fact that members of the Administrators group have godlike powers over the local machine. When you log into Windows (or any operating system) with administrative privileges, you essentially tell the operating system to bypass all user limitations. Various software apps and environments, such as the Microsoft .NET Common Language Runtime (CLR), can impose their own limitations beyond those imposed by the operating system. But you're still bypassing protections built into the operating system, because administrators have virtually unlimited permissions to access and change any resource.
For most things you do on a computer, you don't need administrative privileges: reading email, surfing the web, opening Word and Excel documents, reading your new baby's pictures from a digital camera. As a developer, you probably spend most of your day editing text files, an activity that certainly doesn't need administrative privileges. (Interacting with server software, such as developing some web applications, may require a higher level of permissions. In a later article in this series, I'll cover those situations and how to work securely without administrative privileges.)
This is not to say that you never need administrative privileges. Sometimes you will need elevated privileges; for example, when you need to do any of the following:
- Modify the operating system (install service packs, repair or upgrade an installation, and so on), including making changes to the Windows registry
- Configure the operating system (set policies, create or change passwords, configure network settings, etc.)
- Manage logs and create performance counters
- Run legacy applications developed for Windows 95 and ME, written back in the last millennium when we were all blissfully unaware of how damaging a software attack can be
We all need to do these sorts of things from time to time. But how often? For most of us, the answer is probably a couple of times a day or week, for a few minutes at a time. That certainly doesn't justify running as an administrator full time, making your machine susceptible to attack 24 hours a day, seven days a week!
And yes, there are people who do administrative tasks all day long as part of their jobs. They probably do indeed need to run as an administrator nearly all the time. But it doesn't mean that they should run with such godlike privileges when doing inherently unsafe activities, such as reading email or surfing the web. I have yet to meet a software developer who requires administrative privileges for more than a few minutes a day.