Admin User vs Standard User
HTML-код
- Опубликовано: 30 авг 2022
- 80% of Windows Users are Administrators... Is this a security flaw?
Ransomware vs Admin/Standard Account (PC Security Channel): • Ransomware vs UAC .
►► Digital Downloads ➜ www.cttstore.com
►► Reddit ➜ / christitustech
►► Titus Tech Talk ➜ / titustechtalk
►► Twitch ➜ / christitustech 
Наука
I love that Fitgirl part 🤣🤣🤣
a _fit_ _girl_ not sure what you mean by FitGirl Repacks 😳
Lol
True lol. He wanted to talk straight but couldn't because he really didn't wanted to talk about it and just use it as an example about how people run random shit.
The repack goddess is here😂
The problem lies deeper. Windows software often tend to ask for admin rights without any real reason. It's just became a normal behavior for users to click "Yes" in the UAC prompt without second thought (or even disable UAC, I will just press F for them). Because lazy software developers just don't build their apps properly (e.g. storing settings in the installation folder instead of the user home directory or registry etc.) or even ask elevation for "just in case".
The fact that Windows essentially buries the user's home directory has always driven me absolutely nuts and yeah what you describe is why I just generally hate windows applications, almost everything does what you describe.
It cringes me every time people suggests disabling UAC or disabling firewall because it's annoying or can't get their game to work.
What's even worse is sometimes this "advice" comes from Linux newbies or even sysadmins.
Nowadays Windows apps are a lot more respectful to the permissions, unless you are using some legacy/dodgy apps.
@@shamringo7438 most people just don't understand why running stuff as admin/root is bad. Even if you are running only a 100% trusted software, just remember how many 0-day arbitrary code execution vulnerabilities being discovered in the browsers constantly. And now imagine that any random website can have a full admin access to your system. Or even multiplayer games can have such (recent example - Dark Souls 3, servers were closed for some time because of it, but actual vulnerability existed for years), imagine random hackers you happen to play with have a such access. Its bad even with a restricted user, but totally catastrophic if you run as admin.
I think that it is abundantly clear that Windows really was designed as a single-user system with an administrator added to it later while *nix was designed as a multiuser system from the ground up. In my opinion a multiuser system makes more sense and I like it that even services are treated as users on *nix-systems.
@@shamringo7438 It depends on the user, for some users it is fine to disable UAC but I wouldn't recommend it to the ordinary user, at least that UAC-popup makes them think a bit before they do something, in the best case.
Titus: *Pirates a game made by EA*
Me: Ah yes, the man of culture.
Unofficially speaking for a friend, "Most pirate games from EA tend not to have a virus included compared to other studios. It's almost like people hate companies that support pay to win".
@@Bishop1091 Yet people stil play there after many years. I was a hero mod *volunteer on AnswerHQ from EA for a couple of years and the amount of times people told they would never play any EA again...I agree with the sentiment, but they surely aren't alone doing that and there are games, like that Star Wars game from 2 year ago or so meant for soloplay, those are quality games for the price you pay with no expensions or p2w options. But, FIFA 23 is the last one for now, so that's one game less. We will see how it goes from then on, not having all the rights anymore (FIFA asked way too much) might alter the FUT mode. (People should play Pro Clubs to begin with anyway, no need to buy packs there neither and more fun with either friends or randos.
@@nlx78 that is true. I I'm mostly venting because I miss playing games in LAN party's that worked or offline games on my own. I still buy any games that look good from origin, steam and u-play but I wait for the game to be out for more then a month before I buy just to see gameplay on youtube and reviews.
Thank you for letting us know in real world, very relatable struggles for a Windows user!
When moving from Windows XP to 7 and 10 I always wondered if the UAC actually helped from a security standpoint.
On Linux, whenever it does ask me for sudo It lets me think If I need to do the thing that I'm setting out to do, where Windows is , like another comment mentioned, asking so often. Windows cry's wolf so often we're numb to it 😸
"By some girl that happens to be fit" lmao you killed me. Yeah if you use that i would advise disabling the run as admin option on the shortcut that get created. Or better just treat your windows install as hacked and encrypt all your important data on the linux drive. Also having backups is important.
Better yet. Put the thing on a totally separate machine with nothing else on it.
@@donaldmickunas8552 yes i dont store any personal info on my machine. I do pirate a lot . If it gets infected i just reinstall windows.
Lol you don't need to do anything of this at all
I used her Repacks for almost all my life and stopped lately because I can afford buying games from steam finally
No viruses and 0 risk downloading from her website and I never got a single virus,
And I use admin account too
Don't spread false information mate
@@MaxUmbra I don’t have to do anything. However, it is wise to take precautions. Especially when claims are inconsistent. 😉
I think the solution in these cases is -kinda- simple (it depends, anyway): You just don't run any "shady" piece of software/code without knowing what it does, just because some random guy/group of people on the Internet says that "it's safe" (I recently had a discussion with someone on this platform 'cause he was recommending the use of "Windows AME" to anyone who wanted to avoid Microsoft's telemetry, almost claiming that "it was totally safe and trustworthy...").
There are methods and tools to avoid any disastrous outcome, like using VMs to try anything that could be potentially dangerous, sandboxing software, you can even upload a file to VirusTotal and see if there's anything wrong with it. Or, if you have the resources and knowledge -or the will, money and time to learn-: use another PC/laptop exclusively for anything "risky", don't connect it to your main network (or else, learn to use and configure VLANs, firewall rules, etc., and isolate it completely from the rest of the other clients in your network...) and then, run whatever you want as Admin. I mean, minimize the "impact surface".
Or else, put your trust in it, take the risk and deal with it.
See you next time, Chris. Keep up the good work!
just run it , then you will see what it does
i was running modded versions of windows for the last couple years and they ran nice. but i swapped back to ms build because ease of use and simplicity.
On any modern pc thats not 15 years old, having a windows install that takes like 500mb ram more or less or has like 1% less cpu load simply doesnt matter. pcs are powerful enough these days. Yes they come heavily debloated and are ready to use right after install BUT you trade that for support and security. You cant use official updates and whatnot, you have to wait and rely on manual injecting cleaned and debloated updates.
and thats the point: the selling point of 3rd party windows distributions is: ''debloated...less timewaste on doing it yourself'' but the fact that i need to manual watch out for updates and download and install 3rd party updates al the time by hand makes this point completly unvalid. the time i save debloating and installing windows, i spend twice on maintaining and updating a system.
Absolutely love the FitGirl reference
@Chris Titus Tech you're a smart guy. You wouldn't lay out a problem if you didn't know or have a plan to tackle it. Awaiting a Vid on the solution for partitioning/segmenting users ...
Great work 🥳 Thank youuuu 💜
There are some programs that fail to install correctly when the user’s primary account is not an administrator. I had to make a pair of scripts to elevate my account and restore it to normal just to deal with those issues. Also, don’t get me started on admin-owned shortcuts on the desktop. It’s clear to me that Windows was not made for the average home user to run as anything other than administrator.
Agreed. I ended up running everything as an admin. No problems so far.
I generally agree with you but I can see how requiring a password for elevated privileges would enhance security. If a malicious actor attempts physical access to the machine a password would stop them from deploying malware onto it (assuming the malware needs elevated privileges), the same applies for scammers through a remote desktop software connection or a malicious rubber ducky USB plugged in by accident.
Unfortunately if a malicious actor or a 10 year old kid with google or a bit of knowledge really wants access to your pc its not that hard to get past the password. At the computer store I work at we use a few freeware programs to remove passwords and if we just need the data boot Linux from a usb to recover data. Linux will go through password protected accounts like they don't exist. It is unfortunately gotten to the point where passwords only irritate the owner.
@@Bishop1091 winblows
Great video thanks for your insight
"Some Girl that happens to be Fit", That is a good reference for those who get it.
I only understood the user problem after getting old enough to have my own personal computer! Problems just magically disappeared! lol
I 100% agree with you Chris .. great video.
I agree in theory on this. But as an MSSP and someone dealing with many different types of users, Business, Residential, businesses with HIPAA, PCI and other compliance needs I've taken a different approach. And it doesn't matter if you have Admin rights or not. If your running Threatlocker (like all my systems do) along with other layers like Huntress, some sort of AV, and Senteon, well I have yet to have a single client of mine get ransomware or even malware for that matter. I'm well aware that nothing is 100% secure. However, and I'm not divulging all the things I do but it is A LOT!!!! just so I don't get that call about Ransomware, or cleaning off malware etc. And of course and last resort and layer, ya just have to have air gapped backups that are tested regularly in case the worst happens. but, like the old saying, an ounce of prevention is worth a pound of cure. And after 35 years of doing this, I was tired of cleaning malware back in the day so for the last 15 years, I have done everything possible to prevent the mess (which is Windows) and it's users and just Deny everything unless I approve it. Harsh stance for Managed Systems, but it's the only way to get close to that 100% secure. Mine might be like 99.99% And yeah, I take it to extremes but hey, it is windows so ya kind of have to unless it's a system you don't care about then game, install and do whatever, and if it breaks, nuke and pave as they say.
It really may not matter as much as people think because you computer stores login info so even if you are not a admin but the admin was on of the last 5 to login the cridentials for the admin account could be comprimised unless you make changes.
Windows Wednesday is the day I'm reminded why I avoid Windows like the plague. Thanks, Chris! Keep up the good work.
Just remember, windows server exists
Apple is worse.
I have to agree. I work in a computer repair store and have set up a few computer's for a customer with standard account plus paid anti virus and never gave them the admin password as they never should have need of them. A few days later some of them came back with ransomware. If someone wants to download that free game they will find a way
Give them Linux. I use Ubuntu and no malware in 20 years.
I got tired of windows pop-up warnings, that is why I use Admin
nice
I only partially agree, some users I have helped will break everything if there isn't some big pop up that requires a un/pw, they are the kind of people that don't like passwords at all, so when faced with that prompt they give up quickly.
The pitch for FitGirl was so damn smooth haha
Beard ✅ thanks Chris!
I'm running Win 11 (fresh install) and I can't drag-n-drop things anymore, my main issue is draggin images/links to my other running programs, but I also can't add an app shortcut into the taskbar with drag-n-drop and after some research it seems the issue can be fixed by disabling user account control, and while researching if that is a good idea (someone said they can't log in anymore after disabling it) I landed on this video. Do you have any thoughts on that?
By the end of the day you gotta run stuff in VMs and make backups to keep yourself safe. Sure, not running shady stuff as admin is good and all, but that's honestly just a meme at this point. Our perception of what seems safe can differ a lot, and either way keeping yourself safe from exploits can be quite difficult. Those may just run, admin or not, and still cause privilege escalation and whatnot. You'd have to tweak the privileges quite a bit for it to be worth it I guess, but it's all just a hassle so I'd rather just go with VMs or scan everything you download in VirusTotal and keep your AV updated and that should keep you reasonably safe.
I agree with you Chris.
"Windows XP is the bastard child of ME and 2000 ..... LOL
Keep admin account, family and kids will want to install weird games on your pc, at least when they intent to install something, they will have to ask you to elevate, and you get to decide
Totally with you on this one. And it's another password to remember which can get cumbersome.
There's no reason to bother with a regular user account on Windows. There are 101 ways to escalate privileges on Windows bypassing the UAC. On UNIX operating systems they make a decent effort at stopping privilege escalation because this is at the core an OS that is designed with multiuser mainframes in mind. While Windoze is designed for "Personal Computers" in mind. Even group policies are not going to save you from privilege escalation in Windows. If someone breaks through the browser sandbox or some other remote code execution scheme, it's game over and that's it. In Linux/BSD and friends you can harden by making .bashrc or whatever config file de default shell uses immutable, use a non-standard shell, firejail. People are actually confident making pubnixes that provide shell accounts to anyone after a bit of hardening.
Pretty much sums up my conclusions of a few years now. the Windows and *nix user permission structures are fundamentally different, and a fair bit of the logic behind them just isn't cross-compatible.
The only real difference on Windows, is that a standard user gets a password prompt on UAC, where an admin still gets the prompt, and all the protections that come with, but with no need for a password. It could be said that a virus could run an autohotkey script in a chainload to approve the virus, but UAC blocks input from non-admin inputs as well, rendering that moot.
Runninf a standard user, I've found actually causes issues when it comes to running programs with escalated privelages, as they will direct to running out of the admin user's folder rather than the regular user's folder, which can cause issues with programs that only need to be run as admin for certain higher functions, such as rufus, for example. Rufus works fine, but I have to direct it out of the admin user folder and into my own user folder when pointing to an image I want to flash, every single time. Other applications will restart themselves in admin mode, and then complain about being run as admin unnecessarily because they don't have the cache of the active user session from before to trigger the intended function.
I'm one of the ones not "receiving" this well. lol I agree with the points you make BUT the user's behavior is separate from the account. If I train my users not to always elevate OR what I usually do is simply not tell the standard user the password for the admin account, that user's ability to "elevate on a whim" is pretty much eliminated. What I use standard Windows accounts for most is to guard against the entire system being impacted by something malicious, vs that user's account. So, if someone installs some 'bad' software that borks the system (from the perspective of their account), I can reboot the system, login as the administrator and blow that user's account away to see what else might need to be dealt with, if anything. This is akin to a Windows user's profile going "bad" and when they login, the system runs like a dog and when another user logs in, the system runs fine. So, I think it's important to separate your points into two different discussions: 1) admin accounts vs user accounts; 2) How user's behavior impacts the functionality of a standard account vs an admin account. Thanks for posting!
By some girl that happens to be fit.🤣 Killed me with that one.
I just used a windows 10 install for nearly 2 years with a standard user but I did run into some problems with some programs. My most recent install I gave up on that. I have TPM,memory isolation enabled and malwarebytes so I figure im alright.
the shady guy talking about a girl who is fit. awesome!! i get your feeling that how easy the delivery is.
Is elevating whilst running as standard user not the equivalent of sudo in Linux ?
He didn't go over this very well, the reason it doesn't matter is that applications can elevate themselves in Windows regardless of your permission lol it's pretty dumb
yes, but for win you dont have to retype your pw which is way better
best would be an os where you can pick which rules are allowed for the app
Because the Sims is critical piece of software for many users, me included, the only issue i see here is the price of the software and its publisher release model innovations
Many commercial applications require the users run as an admin user (or at the very least in the admin group) total PITA
I have so much trust in myself that I do the good old `net user administrator /active:yes` . Would not recommend obviously but for my usecase it is just plain nicer to use.
F
Lol I remember the days where that was the only way to get the system to just DO anything because UAC was so busted
Yeah, well, if you mess it up, there is always the wipe and reinstall option IF you are one of the very few with good backups.
Good info. Now how about Windows Home vs Pro?
Somehow he looks quite hungry...
I try Windows every version as user, there is always some program or windows setting that doesn't work right.
HELP: Windows 10 issue. I have a external drive, with an old System back up. No matter what I've done, it wont let me delete it. I am Administrator, I've gone in and changed permissions. Is there anyway to force the deletion of this. Would free up a couple gigs of storage. Thanks.
Get the ownership for it.
Or try using Linux to delete it.
Boot into Linux and delete in from there
Format the drive
On Linux, I'm used to sudo only when installing something from package manager or editing things system-wide, makes me think twice of what I do. On Windows, the prompt is everywhere, even when it shouldn't be, so users are most likely to click 'Yes' on everything instead of reading, and I'm guilty of the latter. Having the AV doesn't help either, users can be trained to just allow the software because it's a false-positive, that's the case more often than not, and you can even bypass the detection if you know how
In the end, it's difficult and can't be easily solved. No matter what you do, you just can't save the user from themselves; they'll always want to have it their way, even if they're not gonna like the result
And I agree about the girl that's fit, she does interesting things; just be careful there's many out there pretending to be her
I might be missing something here since I haven't used Linux ever, but you said that in Linux, everyone runs as standard user and whenever you need the admin privileges, you just elevate it using the sudo superuser command, but well isn't that the exact same thing as the "Run as Admin.." option on Windows, and if so, wouldn't that mean that they are pretty much the same in giving user admin acces when required meaning there isn't that much difference in how elevation works in Windows vs Linux?
Yes, but linux software just tend to not require the root access without a real reason. And even more, GUI apps often will just refuse to run as root.
it is worse imho , as you need to write in pw all the time , i bet every linux users use short pw-s for that
@@orkhepaj my question is just why does he act like this is some big problem exclusive to Windows, when it is something that exist in every desktop OS?
@@Dhruv-qw7jf most of his viewers are linux kids , they want to hear win is bad linux is the best
@@orkhepaj I bet you know nothing about sudo, because it has very flexible configuration. You can configure it in many different ways, like ask password only once per session, only once in a certain period of time, don't ask for certain apps, or even don't ask the password at all.
privilege escalation attacks like when you are a admin use4r
Yeaaaah, I think it's one of those things where technically it's better, especially if you say share a computer with someone less savvy, to run them as user. but single user, you're the one using it and trust yourself to not absentmindedly click shady things when it matters, just stick on admin, I think most of us would rather run the risk of us being wrong than deal with entering the UN/PW every time we need to elevate something, and with viewers here trending more towards power users, it's probably a bit more often than your normal web browsing users.
That said... I am trying to get ahead of myself borking my PC with admin rights and trying to segregate things out.... just in case...
Biggest reason to use an admin account (according to me of course) , cool factor.
Windows does allow you to kida restrict an admin account by changing a group policy in the registry. When the authentication pops up, you can configure it to ask for username and password, or only just a password, every time for any user, including admins. The registry key is ConsentPromptBehaviorAdmin; do search on Microsoft docs for the entire list of options. Some thing to add to Windows toolbox?
I dual boot and keep untrusted programs on windows so i made my default account an admin and have authentication ask for a password only, like sudo and other authentication windows work on Linux. What are they going to do?? Make me suk less in League???
I haven't even started watching the video and Im going to comment that I tried running as standard user and it's a nightmare. so much software is either not compatible, bugs out or actually not working without a lot of tinkering....
it's annoying at best.
The way you mentioned fitgirl is .....🤐
who? we don't know who you're talking about here. 🤫
who? we don't know who you're talking about here. 🤫
(2)
Sorry, off- topic; but: WE could use some help with something for affordable chromebox/ chromebook. Security for Gallium or current distro [ lightweight ] safe enough to use as with a current kernel; thank you.
I tried Standard User but it caused more problems with where it installed files when I had to elevate. I gave up and went back to Admin
I think with windows it depends of use case and what kind of data are in the computer
One user you shut not run as is the build in "Administrator" user. because it runs everything as admin kinda like using the root user as user account on linux
What is the Active directory equivalent in linux to control user permissions to resources across the network? Is there a construct similar to an AD domain?
I've never used it but you can use Samba that is suppose to be compatible with AD. For my I used to handle my Linux users access through Puppet and later on Salt Stack. I've stopped being a DevOps since 2016, so today I guess Ansible should do the trick.
FreeIPA
@@darin7553 Very interesting. Only for Red Hat and fedora but very promising. Thanks I will keep an eye on this project.
user accounts are still useful for restricting users from downloading unknown software or elevating permissions for software, for example family computers where you don't want a 9 years old who watched a yt video download bunch of malware
9yr old shouldnt watch yt vids
Yes Widnows is not perfect, but I would not go as far saying that local admins accounts are not secured. Yes the account "administrator" is fully open and no one should use it, but the others admins account are somewhat protected by the UAC. Yes UAC is far from perfect and there are knowned vulnerabilites but sudo also had few CVE. We have seen what Microsoft is capable of with DRM in Xbox game pass and how Apple lockdown their system. Trust me I prefer to keep my admin user rights.
exactly , that xbox mess is just pure pain
Does linux even support SSO similar to AD?
What do you mean by "built incorrectly"? 6:43
Agree 100%
By some girl that happens to be fit... Say no more, we understood you 😂😂😂
"By some girl that happens to be fit". That was funny.
My wife is a normal user on her laptop, and her surface, without access to the admin (my) password. She watches a lot of Asian shows on "less than legitimate" web sites (like from China). I don't have any network drives persistently mapped, I connect when I need to. And I back up her information weekly. She very seldom needs the elevated privileges and she's been protected for the better part of a decade.
I, however, am the only account on my windows machine and naturally admin.
Yes it matters for tech savvy person not for a naive user.
The Girl Who's Fit is actually really safe along with a certain russian gentleman
Ah yes, he's an honest guy :)
I didn't realize how nice it was to not have to worry and install countless security updates and run near daily scans until I moved to Linux (and Mac for photo continuity) . Your comment that Windows was built completely wrong from a security standpoint resonates with me every time I have to work on my wife's Windows 11 machine as she will not make the jump and I know when to say calf rope.
It makes total sense I find your channel very informative sir for a lot of people.
You said "how cobbled together Windows was". I think you meant to say "how cobbled together Windows is".
Once you get past the material design of windows 8, 10, 11....every system and submenu looks and functions pretty much the same as Windows 2000+ versions.
I think the sims should repack their standards
There is a way of running Linux (mint n others) as an admin without a password at all! You can use Rufus with persistence and + you need not install at all, you as is and run it from a USB! That's what I'm doing with Linux Mint! I use all type of Windows always as Admin with no passwords and I never had a virus or otherwise infect my system, I run a full antivirus scan every week!
Now talking about this famous girl who just happens to be fit I thought the programs were all safe or that she is considered as a reputable source? Am I missing something?
Running as standard user is out of the question for me. I have to run as admin. Always.
Using a standard user was more helpful in the Windows 7 days from what I understand. Now, you're right. It's not really going to help anyone with Windows 10 or 11.
True. As it stands now the passwords only function is to slow down the owner from logging in or using the pc. A10 year old kid with a flash drive and google can remove the password off a pc in 10 minutes or less depending on download speeds so security is definitely out the window
What's the problem with the computer? Well... You...
That's what I want and can't say every single day...
Nice video
ah yes the good old fitgirl i install 90 percent of my games with that because games are super expensive in my country
Haha CTT is a dirty ol pirate like all of us!
way back in the windows 98se days... only know about one virus i got in my life, was before opera got sold, they somehow got hacked and ransomware was added to their installer. if i wasn't running as a regular user everything would have gone poopoo. if i'd logged into admin before my regular user, it wouldn't have helped. it moved the shortcuts on the desktop and start menu, that's all it did.
The soo fit girl haa 😂
I never expected you to know about girls that are fit.
finally someone said it
Thumbs up. Er, back.
The UAC is kinda pointless because in Windows, applications often times have the ability to just elevate themselves without your permission, the UAC doesn't stop sh** so I just turn off the pop-ups completely, that thing only pops up when I'm trying to deliberately run something anyway and any malicious attack on my system isn't going to ask me if I want it to run lol, that would be one generous malware attack if it did haha.
I'd like to see evidence of that.
I run Linux and for gaming I own consoles, don't need an ill designed OS managing my data.
What if you give your kid a computer and dont give him or her admin so only you can install stuff. Duh
Ahhhh Yes! The girl who is fit. She has helped me out as well.
Always use the legit website of the girl that happens to be fit otherwise it's very unsafe.
Running as a admin is worth it sort of, just saying! But you need to know what you do even if that means going to the dark side haha XD
If you want a UNIX like prompt in Windows you just need to activate that thing. Then you will have a UAC prompt that will tell you to put your password. That is a really super easy method. Your system is yours so you just need to customize it on your own, Windows never took it away from you. It never did.
Just lame excuses from a normal user. Use everything from the core of your heart. WINDOWS,UNIX, LINUX,BSD they are all great systems I just love them all because I have choices for every other platforms.
The only problem with windows is its existence. It is sooo freaking annoying
What shady fit girl?
haha the girl reference i understood...
Windows Wednesday? There is no day in the week starting with the l from Linux. 🤔
In latin-like languages it does: monday (Frech: lundi, Spanish: lunes)
Lundi, french, monday
Monday=Mac Tuesday=Tux Wednesday=Windows
I should have seen it coming that some of you would come with a different language, but I did not. 😆
@@hawkseye5975 Not quite, his previous video was about the keyboard which he uses.
Microsoft should consider throwing windows out the garbage and making an operating system from scratch.
A girl that happens to be fit LOL
I think all of this is trash. I hate windows, Mac, Linux. Istuff, android. Smart tvs, proprietary trash that strips you of user freedom and repair ability and the lack of vision from these companies that follow in apple’s path. It’s disgusting
Almost every software asks Admin rights before installing. This ruins the fine line between admin and user access. There is no point.
It’s for enterprise to prevent users downloading random crap.
You are not wrong. Not in one point.
The __only__ reason I don't use linux as much is that girl who is fit can't support linux :(
She doesn't have to. They work anyway.