A Beginning with LUA
About a year ago I was reading something (blog, article, billboard, I
don't know what) that was talking about running Windows XP as a Limited
User Account (LUA) full time. This idea had been kicking around in the
back of my noggin (very technical term for my brain) for a while and I
decided it was time to give it a try. I wasn't sure of all the reasons
(ok, none of the reasons(well maybe one reason but it was wrong)) why
this was a good idea. I had just seen enough people refer to it as a
Good Thing that I simply accepted it. I quickly jumped into Computer
Management and removed myself from the Administrators group. That was
easy. What's the big deal? My computer didn't suddenly stop working, no
blue screen (ok, the background was blue but it wasn't the BSOD). I
started launching some of the applications I use and they all seemed to
work fine. So I started to work like I normally would.
I think I then found a demo of some application I wanted to try. What
do you mean I don't have enough privileges to install this app!? Oh
yeah, I'm not an admin anymore. Uh, what did I set the Administrator
password to when I installed Windows 6 months ago? I eventually found (guessed)
the Administrator password, logged in as Administrator, installed the
application and everything was good again.
It was around this time that I found a blog on the subject that enlightened my poor dark soul.
Aaron Margosis' blog
was exactly what I needed to see. It was fixing problems for me before
I even knew they were problems. More importantly it was giving me good
reasons for running a LUA. The theory of Least Privilege and
Zero Day Attacks
were now dancing in my head (noggin). I started to look at what I do on
the computer and break it down into 2 categories: works as LUA, does
not work as LUA. The list looks something like this:
Works as LUA
Reading email
Browsing the internets
Writing software (I was not doing web development. Web development works but takes steps I had not taken yet)
Writing documents
Instant messaging
Playing games (this one surprised me)
Does not work as LUA
Installing software
Configuring the machine
Once I had that list I looked at where attacks usually happen:
Email, browsing the web, software install(hidden with a benign
application). Two of those three are on my works as LUA list. By
running as LUA I can reduce the attack surface for 2 of the 3 areas
where most attacks happen. If I prevent 1 single attack it is worth it
(in my opinion(this whole thing is my opinion why do I feel the need to
say that?)).
As a software developer there is another advantage to running as a LUA.
The software you write is far more likely to work when it is run under
an LUA. It will not be accidental that it works, you will have found
problems earlier in the cycle and developers know that probelms found
earlier are way easier to fix than problems found later. Oddly though,
developers are the least likely to want to run with a LUA. They tend to
think that they know enough about security to avoid all of the
potential threats and that they are constantly doing 'advanced' stuff
on their machines so they *need* to run with Administrator rights. They
(we) do not need to run with Administrative privileges. It is not
writing software as an LUA that drives me away from running as LUA all
the time, it is poorly written software that refuses to work with
limited privileges that drives me away. If the developers would write
software as LUA they would fix their software and it would be that much
easier.
I have more to say on this subject but I will stop now and continue another time.