I’ve been running as a non-privileged user (e.g. not anadministrator account) for a while now, reducing the securityrisks of day to day computing. This was spurred on by the risingprevalence of root-kits, which are even being unleashed on anunknowing public by respectedcorporations.
While this is simply a well-known good practice, it isremarkable how many ridiculous little irritants one runs intotrying to do this: Even widely used applications like winamp fail to run as a non-adminwithout security tweaks, and of course you can’t even open thesystem tray calendar without customizing your user rights. Thus farI’ve been very impressed by the behaviour of Visual Studio 2005 andfriends, which seem to do a great job of living within theconstrained permissions. I have to su every now and thento do some administrative tasks, but the threat window is vastlyreduced.
Of course we all know that this is simply a good practice (and Iwould have done it far earlier if not for some demandingdevelopment tools), just as a number of other standard but sadlyignored security precautions should be the norm. On this theme,earlier today I was wondering if there was a “Computer SecurityDay” – A day when people could be gently reminded to takecomputer security initiatives (such as not running asadministrator) to make the computing world better for everyone:While it might seem like it’s only for individual gain, weall gain when there aren’t millions of zombie computers atthe bidding of hackers and spammers.
Turns out that there already is such a day.It’s actually coming up in just a couple of weeks, as it occursevery November 30th. Which brings me to my real comment -scheduling such a largely business-related event to occur on aspecific calendar day is ridiculous, and of course almost 30% ofthe time that’s going to fall on a weekend. It seems only logicalthat it should have been the 3rd Tuesday of November, orwhatever.