It’s an attractive proposition being a superhero. You get superpowers: you can fly, you can see through walls, you can hear conversations from a mile away. But, of course, it’s no bed of roses either: there are villains bearing Kryptonite round the next corner; or there are bucketloads of personal angst because you can’t be a normal person; or it’s really hard to give someone a high five without smashing them through the nearest wall.
As a group, we software developers tend to be superheroes. No, I don’t mean that we write code that can make mere mortals gasp in admiration (although that is undoubtedly true), but instead I mean that we all tend to run with local admin rights. We can do anything on our machines because we’ve given ourselves the (super)powers and the access rights to do so.
Is this a good situation to be in? Well, I’ll certainly agree it means that, in developing our software, we’re not constantly bumping into roadblocks where we don’t have sufficient rights. We can install whatever software we need and remove it at a moment’s whim. We can write files pretty much anywhere in the file system. We can open up any old port with impunity.
Unfortunately, this relish in having and using our superpowers extends into the software we write. Our applications tend to require superpowers before they will run properly. If someone uses our program or system, he or she will have to have local admin rights too. And therein lies the problem.
One of the biggest security risks in any organization or society is the human one. People, no matter how many times you tell them not too, will open dodgy e-mail attachments. They’ll click on malevolent web links and click OK on the resulting "do you really want to install this" dialog. If only they were running with limited rights, we’d have less problems with viruses, trojans, spyware and the like.
But the superhero ethic is prevalent. Installing Windows XP gives the primary non-admin user admin rights anyway, and we tend not to restrict it later. Millions of normal people out there are running with local admin rights: they are superheroes on their own machines. But do they need these rights? Of course not: the majority of people are surfing, balancing their checkbook, using e-mail, or writing letters. Unfortunately, people haven’t been educated about the need for running under restricted rights; Microsoft hasn’t made setting it up easy enough; and too much retail software erroneously requires admin rights. It’s like everyone had lockable internal doors in their houses for extra security, but then just had one key for them all.
So my exhortation to you (and to myself — I’m as guilty as everyone else) is to restrict the local permissions of your normal login. See what happens. Learn how to install software by temporarily running as admin. Find out which software you run as a matter of course assumes you have admin rights. Get frustrated and berate other companies for their lousily secured software.
Also, see how your software works under a restricted environment. Learn where you should really be installing the user’s config files for your application so that they can be modified (hint: it’s not in a subfolder of C:\Program Files). Learn what devices are available to you, where the restricted rights make a difference and why.
It’s only when developers hide their superpowers that they can be normal people and improve security for everyone else.