MyDoom (was: Test)

[Dan Jenkins]

A debate on Windows vs. FOSS security does have to take into account the 
applications being run on the operating system. I rarely hear anyone 
mention that in these discussions. A secure OS does little good if the 
applications require security to be overridden for them to operate.

Regularly I encounter Windows applications that require higher 
privileges to install or even to run than I would normally be willing to 
grant users. Or they require considerable analysis to identify just what 
areas they need extended privileges in which to operate.

For example, one of our clients must use a specific program to view CAD 
drawings which requires Administrator rights to RUN, not just install. 
So every user in the company has to have administrator rights to view 
their major customer's attachments! I realize that analysis might 
identify all the registry keys, directories and files this application 
needs access to and allow the sysadmin to grant the specific rights 
required. But, the average end user is not going to do that - especially 
when the viewer's instructions say it must be run with Administrator 
privileges.

I've seen a number of applications which require Administrator rights to 
run. I see many that require Administrator (not even the more 
restrictive Power User) rights to install. Using what I consider 
reasonable security on a Windows system often means that the end-user 
cannot install their own software - which many see as a god-given right 
or, at least, an impediment to their job. I realize installing software 
can be dicey security-wise and perhaps ought to be limited to a 
higher-level of security, but requiring high level rights just to 
install an attachment viewer, a pricing catalog, a font package or a 
file upload utility (all of which I've encountered recently) seems 
excessive to me.

-- 
Dan Jenkins (dan at rastech.com)
Rastech Inc., Bedford, NH, USA --- 1-603-624-7272
*** Technical Support for over a Quarter Century