With recent media scares about disk-eating viruses, security continues to be a pressing issue that appears to show only incremental improvement. My latest peeve:
Why are there still Windows applications written that require a local user account on a workstation that has administrator rights? I can cite three examples, at random:
1. The very popular Mavis Beacon Teaches Typing used to teach keyboarding skills. This application requires that the user account used to log into the computer be an admin account. This requires either that a separate student account be set up just to run this application…or that the student who is logged in can then create havoc on the workstation by downloading and installing all manner of spam/spyware/malware etc.
2. The Polycom PVX desktop videoconferencing software requires administrative rights for the user on the computer.
3. The AIM real-estate software from Stewart also requires admin rights.
The latter two applications are more likely to be found in a professional or corporate setting where you’d think that random html drive-bys would be less of a problem. Ahem.
We are all in this together. Dumb network administrators, dumb users, and dumb programmers. But you can’t blame the dumb administrators or the dumb users if the dumb programmers are too lazy to figure out how to allow their application to run with standard user credentials.