Windows 7 - Run as Administrator?

[The Wildcard]

Recently upgraded to Windows 7. Quick question. If I am using user account that is part of the Administrator usergroup (and therefore has administrator privelages), why do I still need to run programs with the "Run as Administrator" option?

Should it not always run every program as administrator?

 

[n7]

No, that was done away with since Vista, as having everything running with full admin privileges is a security disaster (e.g: XP)...

 

[Snapster]

Recently upgraded to Windows 7. Quick question. If I am using user account that is part of the Administrator usergroup (and therefore has administrator privelages), why do I still need to run programs with the "Run as Administrator" option?

Should it not always run every program as administrator?

You will only need to run programs 'as administrator' if that program uses/modifies any system level data or settings, such as anything in windows or program files. Most normal programs are now better written to not require access to such places, however there are still a few that haven't been updated ...

 

[Nothinman]

Recently upgraded to Windows 7. Quick question. If I am using user account that is part of the Administrator usergroup (and therefore has administrator privelages), why do I still need to run programs with the "Run as Administrator" option?

Should it not always run every program as administrator?

Because with UAC enabled your token has all of your admin rights stripped unless you explicitly elevate a process' privileges.

 

[BarkingGhostar]

No, that was done away with since Vista, as having everything running with full admin privileges is a security disaster (e.g: XP)...

Maybe that just is urban legend. I can cross my finger and knock on wood, but I've not had a problem with XP Professional in the 7-8 years I've been running it in Admin and on six different computers in my home.

And I d/l hundreds of gigabytes of 1's and 0's each month without a problem. Maybe its just users doing silly stuff than the OS.

 

[Chapbass]

Maybe that just is urban legend. I can cross my finger and knock on wood, but I've not had a problem with XP Professional in the 7-8 years I've been running it in Admin and on six different computers in my home.

And I d/l hundreds of gigabytes of 1's and 0's each month without a problem. Maybe its just users doing silly stuff than the OS.

How is this Urban legend? Think about it: If a virus says "Hey, lets delete x file in c:\windows\system32" and its running as administrator... OKAY! DELETE.

Comparatively, with Vista/7, UAC pops up, and if you're smart and realize you have no idea what this program is, you say no. Access denied, no modification done at all.

Depending on what the user is doing, this may or may not happen often, but from a security standpoint, running as an admin on a day to day basis is a bad idea.

 

[corkyg]

If one is the only person in the house that uses the computer, and one does not surf unknown places, and one has top rated firewall, AV, and AMW installed, where would the risk be? Why would one have a virus?

Point is, all general rules are subject to exceptions. Sometimes common sense is in order.

 

[Nothinman]

Maybe that just is urban legend. I can cross my finger and knock on wood, but I've not had a problem with XP Professional in the 7-8 years I've been running it in Admin and on six different computers in my home.

And I d/l hundreds of gigabytes of 1's and 0's each month without a problem. Maybe its just users doing silly stuff than the OS.

No, running as admin in any OS is retarded and asking for trouble. It's just that Windows made it a huge PITA to do properly before Vista.

 

[hclarkjr]

Recently upgraded to Windows 7. Quick question. If I am using user account that is part of the Administrator usergroup (and therefore has administrator privelages), why do I still need to run programs with the "Run as Administrator" option?

Should it not always run every program as administrator?

there is a hidden administrator account in 7 that you can use also. i am currently running my computer from it. i delete the user account created during setup. running from that you do not get asked to run as administrator

 

[hclarkjr]

for more information on this built in administrator account read here http://www.sevenforums.com/tutorials/507-built-administrator-account-enable-disable.html?filter

 

[Chapbass]

there is a hidden administrator account in 7 that you can use also. i am currently running my computer from it. i delete the user account created during setup. running from that you do not get asked to run as administrator

This is terrible advice. If your account gets hijacked, which account do you plan to use to recover your existing one? Normally when you boot into safe mode you have the Administrator account where you can do some repairing if your account is messed (say, your profiles aren't saving...).

 

[hclarkjr]

why is it so terrible? i am behind a hardware firewall plus the built in windows 7 firewall so i doubt i am going to get hijacked. plus i have ESET NOD32 running which is one of the better anti virus software out on the market.

 

[splat_ed]

why is it so terrible? i am behind a hardware firewall plus the built in windows 7 firewall so i doubt i am going to get hijacked. plus i have ESET NOD32 running which is one of the better anti virus software out on the market.

Although that will help, it's not 100% guaranteed. Think of it like an onion 😀 The more layers the better. Plus, the greatest threats tend to be user initiated... the firewalls won't help too much and anti-virus won't stop the very latest/greatest.

I agree with Chapbass. You don't need to be in admin mode all the time. Most software will happily run normally. The admin mode gives you that option to recover when things go wrong.

 

[Chapbass]

why is it so terrible? i am behind a hardware firewall plus the built in windows 7 firewall so i doubt i am going to get hijacked. plus i have ESET NOD32 running which is one of the better anti virus software out on the market.

I've seen plenty of people with the exact same setup (or very similar) infected like crazy. like splat_ed said, there is no 100% protection (outside of disconnecting yourself from the net i guess), and you want to have as much protection as you can get.

For that matter, why is running as the single admin such a big deal? If you really want to go around unprotected, just create a normal admin account and turn UAC off....same end result, but you have another account that may not be as infected if you need to do removals.


Regardless, running as the local admin (and thus, not having UAC as a benefit, as well as being an admin all the time) is simply not a good idea. You never know when you might be tired someday and just slip and click on that bad link on google and then you're infected.

 

[sourceninja]

You don't even need a bad click. It could be as simple as a advertisement on a web page you frequently visit (or that page itself is comprised). Then your screwed.

 

[RebateMonger]

You don't even need a bad click. It could be as simple as a advertisement on a web page you frequently visit (or that page itself is comprised). Then your screwed.

Yup. I've seen it happen to several people. They don't click on anything and get owned from a thrid-party ad feed. It's happened to some very respectable web sites.

 

[Nothinman]

why is it so terrible? i am behind a hardware firewall plus the built in windows 7 firewall so i doubt i am going to get hijacked. plus i have ESET NOD32 running which is one of the better anti virus software out on the market.

If you can't see it, you're retarded. Keep on doing whatever stupid shit you're doing...

 

[hclarkjr]

i figured i would get a response such as this. and nothinman thanx for the compliment

 

[Chapbass]

i figured i would get a response such as this. and nothinman thanx for the compliment

Honestly, thats fine if you want to run as admin all the time, doesn't affect me. The big complaint I have is recommending this to other people. Not only that, but you didn't even give a disclaimer regarding the issues that can arise from running as the system administrator.

Not trying to bash your way of doing things, but it isn't really something I would go around recommending.

 

[hclarkjr]

if you follow the link i posted there is warning right at the top telling you to create password for it so it stays secure.

 

[Nothinman]

Honestly, thats fine if you want to run as admin all the time, doesn't affect me. The big complaint I have is recommending this to other people. Not only that, but you didn't even give a disclaimer regarding the issues that can arise from running as the system administrator.

Not trying to bash your way of doing things, but it isn't really something I would go around recommending.

But they do affect you. Those people are the ones running machines that have been compromised and are part of the various botnets, sending SPAM, etc.

 

[hclarkjr]

LOL 🙄

 

[Nothinman]

LOL 🙄

Laugh all you want, it's true.

Hell, in the past 2 months we have 2 separate clients have virus outbreaks because of people running XP and having admin rights on their PCs. One was a variant of an older virus that Trend didn't have a definition for yet, luckily I was able to set an egress rule on their ASA to block all outbound SMTP traffic to minimize the spreading and their blacklisting while we waited for Trend to get us an update. And it was convenient to have the ASA logs in order to figure out exactly which PCs we had to look at.

I don't know exactly what had infected the other client's machine, just that they got an email from their ISP stating that they detected traffic going to known botnet control addresses in another country. Once again I really just setup a rule on their router, no firewall at this place, to block and log all traffic to those ranges and then someone else on-site did the cleanup.

 

[Chapbass]

if you follow the link i posted there is warning right at the top telling you to create password for it so it stays secure.

Creating a password so that the account stays secure from people accessing it isn't the same as having only limited access so malware can't infect the rest of your machine. Totally different things.

Nothinman, good point, didn't think about botnets...

 

[StinkyPinky]

Why would anyone want to run with full admin access? That's a ticking bomb. The first rule of any secure system is to run with the barest possible privileges that you need to do your job. Network Security 101.