The wisdom of "Temporary" Adminstrators
Interesting post over on Jesper's blog:
"Temporary " Administrators
As Jesper explains, don't make anyone an administrator temporarily, unless you are prepared to trust them to be an administrator permanently. A temporary administrator can put code in place that will give them access for long after you have revoked their administrative access.
Malicious intentions aside, the pervasiveness of malware should make you think twice about doling out administrative privileges, whether on the local system or domain- (or enterprise-) wide. All it takes is hitting one disreputable website with administrative privileges to turn a system into a Typhoid Mary.
I have had the misfortune to deal with many systems in a similar circumstance. One organization decided, in their shortsighted wisdom, to correct application access issues by giving users local admin rights. This is all too common, especially in small to mid-sized businesses. While this will alleviate the symptoms quickly, it will cause more problems in the long run.
The process of bringing the users' access down to acceptable levels of privilege was painful, but not as painful as attempting to eradicate some of the pests these users had accumulated over the months of surfing the web as administrators. The last few lines of Jesper's post brought back the memory of the solution to this problem:
"Is the rootkit now gone? Noohooo. It is still there, and will remain there until you use the rootkit removal tool: format c:\ (from neutral read-only media)."
This is the only option in most cases, since you can never be sure you have gotten rid of every last piece of malware that can invade a system. I have wasted way too many hours in the past attempting to clean a PC without wiping it out, only to go back a day later to find it just as infected as when I started, if not worse.
"Temporary " Administrators
As Jesper explains, don't make anyone an administrator temporarily, unless you are prepared to trust them to be an administrator permanently. A temporary administrator can put code in place that will give them access for long after you have revoked their administrative access.
Malicious intentions aside, the pervasiveness of malware should make you think twice about doling out administrative privileges, whether on the local system or domain- (or enterprise-) wide. All it takes is hitting one disreputable website with administrative privileges to turn a system into a Typhoid Mary.
I have had the misfortune to deal with many systems in a similar circumstance. One organization decided, in their shortsighted wisdom, to correct application access issues by giving users local admin rights. This is all too common, especially in small to mid-sized businesses. While this will alleviate the symptoms quickly, it will cause more problems in the long run.
The process of bringing the users' access down to acceptable levels of privilege was painful, but not as painful as attempting to eradicate some of the pests these users had accumulated over the months of surfing the web as administrators. The last few lines of Jesper's post brought back the memory of the solution to this problem:
"Is the rootkit now gone? Noohooo. It is still there, and will remain there until you use the rootkit removal tool: format c:\ (from neutral read-only media)."
This is the only option in most cases, since you can never be sure you have gotten rid of every last piece of malware that can invade a system. I have wasted way too many hours in the past attempting to clean a PC without wiping it out, only to go back a day later to find it just as infected as when I started, if not worse.
Post Continues...
posted by i3ia5i at 7:53 PM
0 Comments:
Post a Comment
<< Home