Ramblings & ephemera

Why you should not run Windows as Admin

From Aaron Margosis’ “Why you shouldn’t run as admin…” (17 June 2004):

But if you’re running as admin [on Windows], an exploit can:

  • install kernel-mode rootkits and/or keyloggers (which can be close to impossible to detect)
  • install and start services
  • install ActiveX controls, including IE and shell add-ins (common with spyware and adware)
  • access data belonging to other users
  • cause code to run whenever anybody else logs on (including capturing passwords entered into the Ctrl-Alt-Del logon dialog)
  • replace OS and other program files with trojan horses
  • access LSA Secrets, including other sensitive account information, possibly including account info for domain accounts
  • disable/uninstall anti-virus
  • cover its tracks in the event log
  • render your machine unbootable
  • if your account is an administrator on other computers on the network, the malware gains admin control over those computers as well
  • and lots more

Comments are closed.