{"id":204,"date":"2009-10-27T19:42:00","date_gmt":"2009-10-28T00:42:00","guid":{"rendered":"http:\/\/www.nathanhunstad.com\/blog\/2009\/10\/windows-security-why-not-run-with-instead-of-run-as\/"},"modified":"2009-10-27T19:42:00","modified_gmt":"2009-10-28T00:42:00","slug":"windows-security-why-not-run-with-instead-of-run-as","status":"publish","type":"post","link":"https:\/\/www.nathanhunstad.com\/blog\/2009\/10\/windows-security-why-not-run-with-instead-of-run-as\/","title":{"rendered":"Windows Security &ndash; why not Run With instead of Run As?"},"content":{"rendered":"<p>I&#8217;ve had a bit more time to see exactly what UAC does in Windows 7, and I&#8217;ve decided that Microsoft still isn&#8217;t getting this right. UAC, and the &quot;Run As\u2026&quot; command, are a good idea, but I think they are making it needlessly complicated and confusing.<\/p>\n<p> <!--more-->  <\/p>\n<p>First, a quick-and-dirty summary of how things work: in Windows, you can either have an account with full Administrator privileges that allow you to do anything to the computer, such as change settings and install programs, or you can have a limited account that allow you to do neither. Although this is a gross simplification, it works well enough. Ideally, you will do things as a limited user except when you need to be an Administrator and explicitly ask for a privilege elevation. That way, if you accidentally download a virus or something else that is nasty, it won&#8217;t be able to do any damage since you are running without Administrator privileges.<\/p>\n<p>Windows has long had a &quot;<a href=\"http:\/\/en.wikipedia.org\/wiki\/Runas\" target=\"_blank\">Run As&#8230;<\/a>&quot; command, and starting with Vista, it has <a href=\"http:\/\/en.wikipedia.org\/wiki\/User_Account_Control\" target=\"_blank\">UAC<\/a>. Both attempt to improve the Windows security situation, but both fall short. As I learned with Windows 7, when you get the UAC prompt on an installation, for example, or if you explicitly do a &quot;Run As\u2026&quot;, the installer runs as if the Admin account is calling it, not my limited user account. For some installers, this means that program shortcuts end up in the Admin user&#8217;s Start Menu or desktop, or that program settings are in that user&#8217;s profile path, not my path. I was wondering why some programs I installed under my account weren&#8217;t showing up or starting correctly, and I determined last night that this was why. They were all being installed to my Admin account.<\/p>\n<p>This problem exists because the installer is running as the Admin user, not as my account with elevated privileges (hence, the &quot;Run As\u2026&quot;). That&#8217;s not what I want. What I want is to elevate <em>my<\/em> account temporarily to run the install program as me, so it is configured correctly for my account. Instead of a &quot;Run As\u2026&quot; command, we need a &quot;Run With\u2026&quot; Administrator privileges. This is exactly what <a href=\"http:\/\/sourceforge.net\/projects\/sudowin\/\" target=\"_blank\">Sudo for Windows,<\/a> which I was using in XP, does. I thought that Windows 7 and it&#8217;s new, improved UAC would eliminate the need for something like Sudowin, but I am wrong.<\/p>\n<p>So, Microsoft, tell me this: why doesn&#8217;t Windows have an integrated &quot;sudo&quot; command by now? If it did, I think it would make things a lot easier than the current confusion with &quot;Run As\u2026&quot; and UAC. What users really need is a prompt that essentially says, &quot;Okay, you are installing a program and making changes to Windows. Are you doing this on purpose? Do you really want to do this?&quot; That would drastically reduce malware infections, while making it easy for users who are installing something to be able to do that with minimal fuss.<\/p>\n<p>Of course, there are lots of security problems with Windows, and this is just one of them. But I think this would be a fairly easy solution that would pay dividends.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I&#8217;ve had a bit more time to see exactly what UAC does in Windows 7, and I&#8217;ve decided that Microsoft still isn&#8217;t getting this right. UAC, and the &quot;Run As\u2026&quot; command, are a good idea, but I think they are making it needlessly complicated and confusing.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[19],"tags":[20],"class_list":["post-204","post","type-post","status-publish","format-standard","hentry","category-tech-2","tag-windows","entry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts\/204","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/comments?post=204"}],"version-history":[{"count":1,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts\/204\/revisions"}],"predecessor-version":[{"id":205,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts\/204\/revisions\/205"}],"wp:attachment":[{"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/media?parent=204"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/categories?post=204"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/tags?post=204"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}