Re: Anti-Virus Software Suggestions

On Wed, 28 Sep 2005 06:56:49 GMT, kashe@xxxxxxxxx wrote:

>On Tue, 27 Sep 2005 02:51:08 -0500, Ron Hunter <rphunter@xxxxxxxxxxx>
>wrote:
>
>>Scott Peterson wrote:
>>> Ron Hunter <rphunter@xxxxxxxxxxx> wrote:
>>>
>>>> I would agree that in any case where multiple people use the same
>>>> computer, this arrangement would avoid problems, although it is somewhat
>>>> of a PITA to work with such a system.
>>>>
>>>
>>> Not really. Even on windows there's no reason to do all your with
>>> with admin authority.

Other than the original set up and some program installations there is
little reason for using admin privileges, just as there is no reason
for using HTML mail reading. I use plain old OE with all the fancy
stuff turned off so it's just a text reader. I don't use IE.

>>>
>>
>>Having operated the other way, I can tell you that my uses would make
>>any authority other than admin almost useless to me.

I don't even use admin most of the time.
I only have a couple of apps that need admin privileges, but not the
admin account. I have no idea why they did that, but my firewalls,
anti virus, and all but one bot checker run for any one on the
machine. Users with "user" privileges can not change firewall and
anti virus settings and I don't want them to be able to do so.

All of my photo editing apps, as well as scanning programs work under
"user" as well as admin. So too do my office apps, mail, and news
group (Agent) apps. The mail accounts are set up per user any way
except on the machine where I use different accounts. There I have
the mail the same for all of my accounts. It's a relatively simple
copy operation to synchronize those accounts.


>
> You have certainly heard the old saw about there being old
>admins and bold admins, but no old, bold admins. If you have to be
>constantly running as root, you don't understand your job.
>
>
>> Given a secure
>>environment, it is just not worth the hassle to work with any other
>>authority. Were the computer not physically secure, then I would
>>probably lock it down tight, and deal with the PITA aspects of having to
>>log off, and back on all the time.

One of my machines operates unattended and in an environment where any
one could walk in and sit down at the keyboard.

There is no big deal about logging off and on. If left for 5 minutes
it logs itself off. I can sit down, move the mouse, type in the PW
without even looking at the keyboard and be back on in seconds.

I was a sys admin for a couple of years back when I had to work for a
living. (Moved on to programmer and then project manager before
retiring) Users could only use the apps already installed on the
machines. They had to change PWs every 30 days and the system would
not let them reuse the old PW for either one or two years. I've
forgotten now. PWs had to be at least 8 characters with at least 2
numbers and could be virtually any mix of letters, symbols, or
numbers, but they could not be recognizable words. Depending on the
areas where their machines were located the machine would log off in
either 5 or 10 minutes. An individual could not use the same PW on
multiple accounts. The PW control was built right into the systems.

Even for the big systems we did not use thin clients. We used PCs
with terminal emulators.

Violation of corporate computing policy was grounds for receiving your
walking papers. I know of at least two guys who got tossed for
visiting the seamier side of the net.

The users were told how they could and would use the machines in
writing and that straying outside the guidelines was grounds for
termination. We had over 1,700 PCs on site. We had very few problems
even back when we ran Win 98.

I know of no viruses or trojans ever infecting that site.

Roger Halstead (K8RI & ARRL life member)
(N833R, S# CD-2 Worlds oldest Debonair)
www.rogerhalstead.com
.

Relevant Pages

  • Re: Local Accounts
    ... All 3 users had accounts on all 3 computers. ... Well maybe true but when the client machines were not in a domain we had sofware installed that we did not want to reinstall when on the domain. ... The local admin account can be useful for some system changes, ...
    (microsoft.public.windows.server.sbs)
  • Re: Invisible Admin account
    ... if they are admin they can undo anything you ... or specific accounts log in with smart ... Short of hacking your machines up with your own rootkit-like ... Adminstrator account that another user with administrator access could not ...
    (microsoft.public.win2000.security)
  • Re: Users dont have permission to install software?
    ... > they do get the admin rights to their machines. ... We need another 'mode', such as 'install only mode', where a user can login ... Les Connor [SBS Community Member - SBS MVP] ...
    (microsoft.public.windows.server.sbs)
  • Re: Keep admins off of client machines
    ... something other than Domain Admin rights. ... and then you have a level I'll call the Data Administrators. ... manage your Domain if you intend for them to not have full control. ... > access to various machines, so we can't rely on inventorying profiles. ...
    (microsoft.public.windows.server.sbs)
  • Grrr!! Admin Rights disappearing again
    ... Thanks for posting Rita. ... admins were functionally different than the built in Admin ... All of the machines I use and support have/get the latest ... There was a critical security ...
    (microsoft.public.win2000.security)