Mike makes an excellent suggestion in the comments for an often overlooked security measure. I’m going to reprint it verbatim:
The “what you should do” list… is a good idea. May I suggest a further item… “make sure anyone else using your machine uses a non-admin account.”
This malware won’t install on XP on a non-admin account, so people need to be aware of that and to take appropriate steps.
Actually, Microsoft’s security model is broken:
- “admin” is effectively “root”;
- many programs are poorly written and outdated and consequently won’t run for limited users;
- the system doesn’t invite the user to setup a non-admin account for use on installation on XP, so most people are not aware of the issue.
The Sony malware pretty effectively circumvents any security model, because it uses social engineering to persuade an user to grant it what privileges it needs to install. However, casual installation of such software is more difficult under a Unix security model.
Excellent points. I’m curious to see if there are good guidelines for running without administrative privileges on Windows. I’ve found one decent series of articles that outlines some possibilities, but I seem to recall internal discussions from my days at Microsoft that some OS level engineering is needed to make this really doable. Anyone have more info?
Once I have something that is reasonably prescriptive about how to live your life in Windows without full administrative privileges I’ll happily point to it.