Tuesday, December 14, 2004

Microsoft Users Run as Admins?

In an article posted on http://news.com, Microsoft's CIO, Ron Markezich, talks about many issues from outsourcing to testing software in-house. One point that he brings up is how his users "are the admins of their machines". This statement is not suprising, but provides more insight to me as to why it is so difficult to administer a Windows domain full of non-privileged users. A well known security basic is that users should be granted only enough power to perform their function, and if the software vendor is testing the application in a state that is not the normal method of use by their customers, the customer is going to have a less than satisfying experience using the application. One way to correct this problem would be to perform testing by half of the users as admins with the other half as non-privileged users.

Link to Article

When a department in Microsoft is testing software in a non-secure manner, this indicates to me that they are not taking security seriously. Security is a market that Microsoft has taken a huge hit on. Only when they realize just how important security is will they stand a chance and have the potential to be competitive among people who do take security seriously -- until then, they will have to cater to people who don't know any better than to run as admins and become infected with spyware and other malware, which will further tarnish their reputation.

No comments: