My blog has moved and can now be found at http://blog.aniljohn.com

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Sunday, March 7, 2004
« Secure Software: Oxymoron? - A response... | Main | Life-cycle developments fail security »

I run my Windows XP Pro machine as a non-Administrator. 

I am not an Administrator, I am not a Power User, but a lowly User on my machine.  I have been doing this for almost two years now.  I am productive on my machine when I am carrying out my regular tasks and I have had minimal issues with developing/debugging .NET Applications that range from Winforms, to Web Apps to Mobile Apps.

I believe in the Principle of Least Privilege.

That belief has protected me from Trojans such as Back Orifice and virus's such as ILoveYou, which attempt to write to the Windows System Directory and to certain registry keys.   As a lowly user, I do not have the authority to write to these protected areas, so I have weathered them. Needless to say, I keep my anti-virus protection up to date as well as you can never be too careful.

In developing as a non-administrator, I have encountered errors that I would not have encountered if I was running with admin privileges. I believe that this in turn has made the systems and software that I build much more secure.

Please, join me and become a lowly user, and experience the freedom it gives you :-)

BTW, this little bit of info sharing was prompted by a recent memory. My friend Andrew, who has been doing this for a while as well, mentioned running as a non-Admin during his DevDays presentation.  I also saw a couple of recent references to the section of Keith Brown's book that mention this as well.

If you are interested in the reasons for doing this and need information on how to accomplish this, please take a look at the following reference material.

 
Tags:: Security
3/7/2004 3:40 PM Eastern Standard Time  |  Comments [4]  |  Disclaimer  |  Permalink   
Sunday, May 8, 2005 12:06:50 AM (Eastern Daylight Time, UTC-04:00)
A collection of
ScottWater
Sunday, May 8, 2005 12:06:50 AM (Eastern Daylight Time, UTC-04:00)
Jason Row
Sunday, May 8, 2005 12:06:50 AM (Eastern Daylight Time, UTC-04:00)
Yep, me too. And it feels great!
bliz
Sunday, May 8, 2005 12:06:50 AM (Eastern Daylight Time, UTC-04:00)
Fantastic advice from an experienced developer. When writing code, always code in "User" mode, not as Loca Administrator. I can't count the number of times we've designed a system and had to tack on a way to get it to work with users who weren't Admins. Doing this would have solved a lot of heartache. Eventually we learned, but I wish I'd read this years ago. I mean, it was just published last month, but still. Lots of links and justifications included. Enjoy!...
Ensight - Jeremy C. Wright
Comments are closed.