Gartner Blog Network

Yes, Standard Users can Install Software

by Neil MacDonald  |  March 15, 2011  |  Comments Off on Yes, Standard Users can Install Software

The conventional wisdom is that a user who is configured with “standard user” privileges (the least possible in Windows 7) cannot install software (or malware for that matter).

This is incorrect.

Software that writes to the user’s data directory, and that doesn’t write to protected portions of the registry, can install correctly as a standard user, and an increasing number of enterprise software vendors are doing exactly this (e.g., Google Chrome and Mozilla Firefox).

If the good guys can do this, so can the bad guys. Indeed, malware writers can use the same techniques to install software targeted at stealing end-user-accessible data and personal information, even when users don’t have administrator rights.

If you really want to control what applications a user is allowed to install and execute, you will need to do more than just run them as standard users. For example, Application Control (aka whitelisting) is one approach that I frequently discuss with clients.

I talk about the ability of standard users to install software and other issues in this research note for clients that just published. In this research, my colleague, Mike Silver, and I provide a comprehensive set of best practices for removing administrator rights from end-users on Windows. In terms of “security bang for the buck” you can’t do much better than this and most organizations have specific projects underway to do exactly this using Windows 7 as the catalyst for the removal of administrator rights from end users.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: endpoint-protection-platform  microsoft-security  windows-7  

Tags: best-practices  defense-in-depth  endpoint-protection-platform  lockdown  microsoft-security  reducing-cost  whitelisting  windows  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.