If you are still running these at your business or at home, an upgrade is called for as soon as possible.

Enter Rubber Ducky. This utility presents your system’s performance as an aquarium with five components: water (physical and virtual memory), fish (network traffic), plants (hard drive activity), bubbles (CPU activity), and, of course, the Rubber Ducky.

Each of these components tells you something about your system. If the water level is too high, it means your computer is using up all of its memory, and the poor little ducky will drown. If the water is muddy, it similarly means that your machine is using too much virtual memory. Both of these are symptoms of not enough memory in your computer and are usually easily addressed by purchasing and installing more. After all, you can never have too much memory.

The fish represent network traffic. If you are downloading large files, streaming music, etc., you will see more fish than normal. If your computer is not doing anything, and you see a lot of fish, then something else is probably going on the background (possibly some sort of malware, doing things like using your machine to send spam and viruses), and it may be worth investigating.

The plants indicate hard drive activity. Lots of plants? Your drive may be overused or again, something you don’t know about could be using the drive. Perhaps an automated backup is running, or maybe something has gone wrong.

Finally, the bubbles indicate the CPU usage. Lots of bubbles? Your system is either underpowered or there may be a runaway program that is monopolizing the processor.

While Rubber Ducky System Monitor is not an in-depth diagnostic tool, it does provide a friendly, easy to read display that anyone can easily understand. I recommend this for users who want to understand their system’s performance without having to dive deep into the guts of Windows to do so. Plus, it makes a squeaky sound like a real rubber ducky when you click on it. How cute is that?

There are several options.

1. Use Windows Vista or later. (Gah! I can’t believe I just suggested that. If you know me, you know I really don’t like Vista. Hopefully Windows 7, which looks promising, will be better.) This is because Vista makes you not an administrator by default, which is the opposite of the way XP and previous Windows versions did things.
2. Make a standard, non-privileged account and use it every day. Make a separate, administrator account, and use it only when absolutely necessary to install software. As an example, you would do your normal web surfing, email-checking, and word processing stuff as a normal user. But when it came time to install the latest Firefox update, or software patch, you would log off, log on as the administrator account, install the patch, and log off, and log back on again as a regular user. At first, you may think this sounds like a lot of work, but if you consider that you almost always have to reboot after installing new software anyway, the additional time is negligible.
3. Use DropMyRights from Microsoft. This is a little program which MS distributes for free, that allows you to run programs as a non-privileged account. While it does require a little fiddling to make a batch file or a shortcut, it would only take a few minutes for someone with some IT experience to configure.
4. Use the RunAs command, which lets you issue a single command to be run as a different user. This is included in Windows XP and later versions, and as far as I can tell, makes DropMyRights irrelevant, as it can also be used by an admin user to lower the rights of a program, such as a web browser, to run as a non-privileged account.
5. As a self-proclaimed IT contractor and consultant, of course I have to suggest that you have “your IT department” do anything that requires administrative rights. While I realize this may be out of the budget of some small businessess, in reality, you most likely don’t require software to be installed all that often, and can probably get by with this option. As always, if any of these measures sound appealing but you don’t know how to do it yourself, or are just unsure, check with your IT staff for help.

My rationale for  not wanting admin rights is as follows:

• Administrative rights give you the ability to install programs.
• Viruses, spyware, and other malware are programs. Therefore,
• administrative rights give you the ability to install viruses, spyware, and other malware.

I usually start lose people here because they think I mean they would intentionally attempt to install viruses, spyware or other malware. No, that’s not what I’m saying. The problem is that viruses, spyware and their ilk either pose as legitimate software, like a browser plugin (“You need a new video player to watch this movie. Click here to install!”) or an email attachment which you think you want to run (“Click here to view this greeting card!”).

As an average user, you do not require administrative rights to run your own machine. If programs need installing, then this is something you (or your administrator) should do separately, under a special, administrative account. You do not need to be an admin all the time. This is the principle of Least Privilege: you have only the minimum power that you require to do your job. Extra rights means extra responsibility and the potential for extra damage.

Let’s take some non-IT examples. Consider your workplace.

• Does every employee have a master key, allowing them to get into any and all rooms, offices, closets, safes, on the premises?
• Does every employee have the ability to write checks from the company checkbook?
• Does every employee have the ability to sign contracts and enter into new business agreements or hire new employees?

(Note: If you answered “yes” to any of these and you have more than two employees, you can probably stop reading right now, as you have larger problems that I can’t begin to address in this forum.)

Now, I do realize that the three examples could be potentially more of a risk than administrative rights over a desktop PC, but consider the example where a user has admin rights over their PC, and, by one way or another, that PC is compromised by some form of malware. That malware in turn is used as a springboard to launch an attack against the company’s servers. Once compromised, all data on the server is available to the attacker, including emails, client/patient/student/employee/payroll records, financial data, etc.

No, You Don’t Need That Program Installed

We commonly get asked “but what if I need to install XYZ program?” I answer “then you should call us and we’ll do it for you.” At first blush, this may sound a bit excessive, but in reality, it is not. Installing software, while easy, is an avenue for security holes. You should not need to be installing software on any given day. Generally, after the first week or two, everything you need installed on your system should be installed, and you should be good to go without administrative rights. After that, it’s usually some sort of actually needed software package which, once installed, is all set and doesn’t need much care and feeding afterward, so again, I recommend to my clients that we do software installs for them.

Example 1: We regularly get requests to install WinZip, for example. My clients are amazed when I tell them they do not need WinZip anymore. Now, I know that WinZip has a lot of features that Windows “Compressed folders” do not share. I also know that, to date, almost none of my clients are aware of said features and wouldn’t use them if they were. They want to make zip files and open zip files, which Windows has been able to do since 2001. Additionally, WinZip by default installs an agent which sits on your system tray, taking up memory.

Example 2: The next most-requested program? iTunes. Yep, iTunes. My standard response, which I got from David Hoelzer, is “What is the business need for iTunes?” iTunes is another example of stuff you don’t need always running. When you install iTunes, you also get QuickTime, the Apple Mobile Device service, and Apple’s software updater, which all constantly run in the background, chewing up CPU time and memory.

Why Is My System Slow?

When people ask me “why is my system slow,” the answer is almost always because they have unnecessary software installed (malicious or otherwise).

• You have to have administrative rights to install software.
• When you install software, it frequently installs an “agent” or “service” which runs all the time, even if you don’t know you’re running it.
• Agents or services which run on  your system slow your system down.
• Ergo, your admin rights slowed down your system.

If I still haven’t impressed upon you that this is bad, (intentionally) installing unneeded software programs can also slow down your system. Before you install  anything on your system first ask yourself

• Do I need this program installed?
• Do I know all of the ramifications installing it?
• Is my system slow enough already?

If you’re interested in addressing this issue , please see the follow-up post.

Today, we’re announcing modifications in Windows that adapts to recent changes in the threat environment. Specifically, we’re announcing changes to the behavior in AutoPlay so that it will no longer enable an AutoRun task for devices that are not removable optical media (CD/DVD.).  However, the AutoRun task will still be enabled for media like CD-ROM. There are more details on the change over at the Windows 7 blog as well as at the Security Research and Defense (SRD) blog.

Good! In an admittedly controversial move, we recommended this exact same thing months ago to combat the spread of Conficker, and made the change  to several clients’ networks. At first, there was some grumblings because USB sticks and digital cameras did not automatically mount, but we were able to convince them of the added security benefits. I am pleased to see Microsoft doing the same thing by default.

What does this mean to end-users? Simply that if you want a certain program to run when you insert a USB stick, camera, or other storage device, you will need to tell your computer to do this. It sounds like a hassle, and it is indeed a small extra step you need to take. However, even Microsoft has finally admitted that it is a great benefit to your system’s security, and therefore should be applauded.