From Aaron Margosis’ “Why you shouldn’t run as admin…” (17 June 2004):
But if you’re running as admin [on Windows], an exploit can:
- install kernel-mode rootkits and/or keyloggers (which can be close to impossible to detect)
- install and start services
- install ActiveX controls, including IE and shell add-ins (common with spyware and adware)
- access data belonging to other users
- cause code to run whenever anybody else logs on (including capturing passwords entered into the Ctrl-Alt-Del logon dialog)
- replace OS and other program files with trojan horses
- access LSA Secrets, including other sensitive account information, possibly including account info for domain accounts
- disable/uninstall anti-virus
- cover its tracks in the event log
- render your machine unbootable
- if your account is an administrator on other computers on the network, the malware gains admin control over those computers as well
- and lots more