I was absolutely stunned to read that Microsoft gives its users Administrator rights and is only now thinking about removing them.
Every Windows users is assigned a security level, this can vary from a Restricted User who can't do things like add software or access system files up to an Administrator who can do anything and go anywhere.
Windows sets users up as Administrators unless it's told differently. In other operating systems like Mac OS X you do not get Administrator (or Root) privileges unless your specifically given them. If Windows set up restricted user accounts out of the box then we wouldn't be seeing the tidal wave of spyware and rubbish on Windows computers.
The main reason we don't set kids and office workers as Restricted Users is because many Windows applications don't run well without Administrator rights. We've tried it at many offices and homes and people have begged us to give them rights. Sadly, many of the worst offenders are Microsoft products.
Realising that Microsoft workers themselves have admin rights explains why this has happened. Microsoft's internal testing would never pick up the mess that restricted users find themselves. What's more they wouldn't know which of the software and hardware companies were supplying bodgy code that won't work without full rights.
The fact that Microsoft workers aren't forced into Restricted or Power User groups only confirms to many of us that Microsoft just doesn't get it when it comes to security. We can only hope that the upcoming Microsoft Vista does a better job than the previous attempts.
Diana Epps has a far more well thought out view on this on her blog. It makes good reading and explains the issues well. The comments also put forward some good perspectives on this.
Wednesday, May 24, 2006
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment