From: Gregg N 

Geo wrote:
> "Gregg N"  wrote in message
> news:43bb58ea$1{at}w3.nls.net...
>
>
>> If this were possible, it would defeat the whole purpose of having user
>> permissions. Could you give a specific example that does not involve
>> exploiting an unpatched vulnerability?
>>
>
> A specific example, how about a sony CD? 
>
>


This is a good example why you should not run as admin. It requires admin
permission to do any damage. Otherwise, the root kit can't be installed. If
you run as non-admin, you would probably be informed that you must log in
as admin before you can play the CD, which would cause me to return the CD
to the store. If you run as admin by default, you would never know.


> Here's the point, I started out saying what's wrong with running as admin.
> There are hundreds of trojans out there that give other people complete
> control of the machine, if they get admin to do it then obviously there is a
> way to get admin from user level access, if not then what the hell is the
> difference if you run as admin or as a low level user?
>
> IMO, running as a user instead of admin gets you so little that it's not
> even worth considering, it's as dumb an idea as the old "rename the
> administrator account" thinking.
>
> Geo.
>


You are wrong. Here's a diagram:

Run as a regular user =>
   vulnerable to exploits of unpatched security-elevating holes in the
operating system.

Run as admin user =>
   vulnerable to exploits of unpatched security-elevating holes in the
operating system.
   vulnerable to trojans (such as Sony music CD) that do not exploit
holes in the operating system.
   vulnerable to mistakes.

Gregg

--- BBBS/NT v4.01 Flag-5