Is it okay to use an administrator account for everyday use if UAC is on?

windows security user-accounts administrator uac
11,170

Solution 1

is an administrator account as safe these days as a standard account coupled with the built-in Administrator account when needed?

In short: Still no.

The longer answer...

UAC is not a security feature

Back in the days of Windows XP and previous versions of Windows, it was quite difficult to practice the Principle of Least Privilege, not least in a corporate environment. The principle implied that you would do all your day-to-day tasks using a standard user account. Any tasks requiring admin privileges would be executed using a separate account with admin rights (given that the user had a legitimate need for it).

But Windows XP wasn't designed with this in mind, and there were many quirks and limitations, when running as a standard user - even if you also had access to an admin account. As a standard user, you were not able to click on the systray clock to show the neat month calendar, you couldn't change network settings and the "run as" function didn't work for everything (especially Windows Explorer, and thus also Scheduled Tasks, Printers and other shell folders, if memory serves me right).

Of course there were workarounds for a lot of these deficiencies, but it took a lot of time to discover, document and, well, work around them.

Security is a balance between, well, security and convenience. UAC was introduced with Windows Vista, primarily to detect when admin rights were needed, and to automatically prompt you to authenticate with an(other) account, with admin rights. This made practicing the Principle of Least Privilege a lot easier.

As a side-effect, performing tasks requiring admin rights, while logged in with an admin account, gives you a chance to actually confirm that you want to exercise these rights. UAC prompts when installing software seem reasonable, whereas when opening a normal webpage doesn't.

However, it turns out most users don't use separate accounts and quite a few day-to-day tasks require admin rights (adjusting settings for clock, network, power plan etc.), and would thus trigger an UAC prompt in Vista. This slew of prompts causes most users to

a) Blindly accept any UAC prompts, with no attention to what was actually requiring elevation, or

b) Disable UAC confirmation entirely

With Windows 7, Microsoft made several Windows executables auto-elevate permissions, so if you you're using an admin account, some actions are automatically executed with elevated (admin) rights. This made UAC seem a lot less obtrusive.

UAC auto-elevation can be exploited

So, in Windows 7 there's a built-in mechanism for auto-elevating rights. If this mechanism can be exploited, by an application running with standard user rights, then UAC (which was not designed to be a security mechanism), can be circumvented and you can end up running applications with admin rights, though you haven't been prompted to confirm it.

Turns out UAC auto-elevation can in fact be exploited by injecting code, as proven by Leo Davidson (Windows 7 UAC whitelist: Code-injection Issue (and more)) and discussed and demonstrated by Long Zheng (UAC in Windows 7 still broken, Microsoft won’t/can’t fix code-injection vulnerability).

Conclusion

Seen from a security perspective, it still makes sense to use separate accounts for day-to-day work and anything requiring admin rights. This is the only way to be (reasonably) sure, that no applications run with admin rights, without your explicit authorization.

That said, it's a balance between convenience and security. As pointed out by @GeminiDomino, you could also fill all ports with epoxy, as used by the military. You could also run your computer "air gapped", like Bruce Schneier, so that it never directly connects to any network.

In the end it comes down to if you're OK with having to explicitly authenticate when performing admin tasks or not.

Solution 2

The most secure? Disconnect the network and monitor, fill all the ports with epoxy, and disassemble the hard drive, scattering the parts through the dungeons of Hyrule.

Seriously, though, your concerns are well-founded, in my experience. Not just because of malware and other naughty software, but because you are, in the end, human. In the context of a limited user, you can make mistakes that do a great deal of damage, of course. As an administrator, you can do all of that damage, and much more.

Running day-to-day as admin can be very tempting, especially when dealing with certain software packages that don't seem to like to cooperate with "Run as Administrator" in their updates (I'm looking at you, VirtualBox...), but since your title says "secure", I'm going to say that it's better to deal with those as they occasionally come up, like you do now. Good instincts.

Happy new year!

Share:
11,170

Related videos on Youtube

Valentin Radu
Author by

Valentin Radu

Updated on September 18, 2022

Comments

  • Valentin Radu
    Valentin Radu over 1 year

    Since I switched to Windows 7 about 3 years ago, and now using Windows 8.1, I have become familiar with the concept of User Account Control and used my PC the following way: a standard account which I use for every day work and the built-in Administrator account activated and used only to elevate processes when they request so, or to ”Run as administrator” applications when I need to.

    However, recently after reading more about User Account Control, I started wondering if my way of working is good? Or should I use an administrator account for every day work, since an administrator account is not elevated until requested by apps, or until I request so via the ”Run as administrator” option? I am asking this because I read somewhere that the built-in Administrator account is a true administrator, by which I mean UAC doesn't pop up when logged in within it, and I am scared of not having problems when potential malicious software come into scene. I have to mention that I do not use it on a daily basis, just when I need to elevate some apps. I barely log in into it 10 times a year...

    So, how's better? Thanks for your answers! And Happy New Year, of course!

    P.S. I asked this a year ago (:P) and I think I should reiterate it: is an administrator account as safe these days as a standard account coupled with the built-in Administrator account when needed?

  • Valentin Radu
    Valentin Radu over 10 years
    OK, I've got your point! Thanks for sharing your oppinion :D
  • Joe Schmoe
    Joe Schmoe over 10 years
    Haven't these 2 exploits been fixed in Windows 7 RTM? The articles seem to be dated 2009 and before W7 RTM was released. See this post for more information: blogs.msdn.com/b/e7/archive/2009/02/05/…
  • abstrask
    abstrask over 10 years
    As I read the blog entry you linked to, they've just made sure that changing UAC level, will trigger UAC confirmation too (which sounds sensible). As per Leo's website (which I linked to): "Everything below still applies to the final retail release of Windows 7 (and all updates as of 14/Sep/2011)". I know lots of patches have been released since, but it doesn't sounds like it's considered a security hole and MS may not want to patch it ("this behavior is by design")?
  • Joe Schmoe
    Joe Schmoe over 10 years
    Yes, you are correct. I missed that important part - that it still applies as of 2011. I really should have paid more attention.
  • abstrask
    abstrask over 9 years
    The link to the informative post on the Windows blog is dead now. I have updated the link so it points to the last crawl at archive.org
  • Hey
    Hey almost 7 years
    As of today there is an option in Windows 10 to disable UAC auto-elevation, which will show the prompt for every admin task.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

"The requested operation requires elevation" when using Admin login
How to elevate PowerShell without closing the actual one?
Is there a way to allow users to install a specific program without opening full admin rights?
The folder C:\users has suddenly gone
Log in to Windows 10 as Administrator using RDP
How to let standard user run an application that asks for administrator previleges
Running something on Windows startup with elevated privilege
Can't edit Local Security Policy
Automate UAC to not prompt for admin user/pass when app needs "run as administrator"
There are multiple TEMP* accounts in \Users\ since switching to a limited account