The Safety of Root

These days it’s more or less recommended practice to use your computer from a limited account for day to day use. On Linux, this is standard procedure but on Windows a lot of people still use their system under the Administrator account. I certainly don’t disagree with the suggestion to use a limited user account.

Under Linux, I use a limited user account. On Windows, I use the Administrator account. 

Firstly, I don’t think running your computer under a limited user account provides much extra protection. The most important thing, to me, on my computer is my data – my work, photos and music. I’m not too bothered about my software as if I ever had to wipe my computer, I could reinstall it all again.

As far as I am concerned, the worst thing a malicious program could do would be to ransom or delete all my work, photos and music. I don’t care if it deletes all the programs or renders the system unbootable – I can always reinstall it. For normal home users it may be more of a pain to have to start again but there are some pretty decent software packages today to get your data.

So whilst using a standard account makes it harder for someone to compromise your whole system, it’s just as easy to compromise your data which is what really matters (IMO). For that reason, I still use the Administrator account on Windows.

On my system, I also have several other accounts configured for family members. I know they won’t be installing any programs but yet I have given them Administrator accounts. This is because when I tried it with normal user accounts there were all kinds of problems with the printer not working properly, applications breaking, etc. It’s a lot less hassle on Windows to use an Administrator account. And the trade-off in security isn’t too great.

On Linux there is no reason to be using the root account every day because all software for Linux is designed to work under standard user priviledges. Hopefully Vista will change this for Windows.

3 thoughts on “The Safety of Root

  1. I’m sure there was a tool to limit access on windows to certain things (may be professional only).
    The bad thing about UAC on Vista is that it’s so easy to get around it, so it may defeat the malware trying to get in but it doesn’t stop the idiots from deleteing something important.
    I suppose the good thing about limited access on Linux is that if my sister is using the computer, she’ll have to su/sudo and know the command to edit anything, which she obviously won’t know.
    The root user will also have to give her priviledges when creating her account.
    Of course, it means that everything is done twice as slow.

    I just hope that UAC will require the root admin password for tasks that could affect the system.

  2. I see the job of most security utilities as *to prevent information-leak*. Anything that leaks could be something that would identify you, leading to ID-theft attacks.

    Alternatively, if you make a living out of licensing your copyrighted creative works, leaking them all into the public domain could cause extreme hassles proving ownership down the line.

    The other possibility is that the whole box gets owned, which on one hand is bad, but actually if all you have to do is reinstall the OS and restore your data (which is nice & tidily stored under your ~) then it’s not such a biggie (apart from learning not to get cracked again).

  3. The thing is that lots of badly designed windows software relies on you being logged in as Administrator.  This includes a lot of malware!

    More to the point, it’s easier to clear out again.  IIRC the only way one can run something on startup as a normal user is the startup folder, and deleting something from there beats a full reinstall and restore from backup! 

    Another part of the value is that on a multiple user computer, someone else can’t mess up your stuff.

    Unfortunately, I’ve found that if you give a sibling a restricted account and show her how to do Run As or just say to use the Admin one for those (non-net) apps that don’t work, sooner or later she’ll work out how to switch Admin mode on for her account anyway.  Bah!

Leave a Reply

Your email address will not be published. Required fields are marked *