Home > Computers and Internet > Why you don’t want to run as Admin

Why you don’t want to run as Admin

I’m a big fan of Windows UAC. It allows users to run as non admins, but still gives them control to make changes to their computer, but only when they want to make changes to their Windows computer. I’ve been a big advocate of running all computers as standard users and (virtually) never logging into the computers administrator account. I was able to convince my brother that this is the proper way to run a system and it seems to have averted him from disaster.

Yesterday my brother noticed that a fake Windows Defender popped up saying his computer was infected. I don’t know how he recognized it was fake, but props to him for recognizing that it was. Then it tried to make changes to his computer which required administrator privileges, but since he runs as a standard user the malware was getting blocked by UAC prompts. Since my brother wasn’t actively doing something which required admin permissions (he was trying to view a video on the web) he kept denying the prompts. Eventually he shut down his computer and rebooted it, but this time logged in as the administrator account. He then used Malwarebytes to scan his system, and it did find issues with his standard user account. Apparently the Symantic AV on the system wasn’t able to block/detect this malware. In between the two, they were able to cleanup his system.

He then logs back into his standard user account, but he can’t start any program. Any shortcut he clicks on to start a program results in a pop-up asking which program should be used to open the executable (which really doesn’t make sense, executables know how to run themselves). If he double clicks on a data file, the program registered for that file type can open, but launching the program directly does not. I have him check the properties of one of the shortcuts, and instead of targeting a program in the Program Files directory (which is where the program is installed) it was pointing to some folder in his user accounts AppData section. The malware had retargeted all of his links from what they should have been to something the malware wanted them to be. But now that the malware had been removed, none of the links in his account worked anymore. At this point he decides that it’s easier to abandon the account than to clean up every shortcut in his account; plus there might have been some other quirky things left behind. He says it took him about twenty minutes to create a new account and move all of his data over to the new standard user account.

Now if he had been running as admin the situation would have been a lot worse. The malware probably would have done lasting harm to his Windows laptop. Because he chose smart practices over the convenience of not dealing with UAC prompts, he was able deny the UAC requests and protect his computer. Of course if he knew what caused the malware to infect his account in the first place, he could avoid that too, but there should still be precautions in place for learning experiences. Defence in depth.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: