I love that Fitgirl part 🤣🤣🤣

The problem lies deeper. Windows software often tend to ask for admin rights without any real reason. It's just became a normal behavior for users to click "Yes" in the UAC prompt without second thought (or even disable UAC, I will just press F for them). Because lazy software developers just don't build their apps properly (e.g. storing settings in the installation folder instead of the user home directory or registry etc.) or even ask elevation for "just in case".

Titus: *Pirates a game made by EA* Me: Ah yes, the man of culture.

Thank you for letting us know in real world, very relatable struggles for a Windows user! When moving from Windows XP to 7 and 10 I always wondered if the UAC actually helped from a security standpoint. On Linux, whenever it does ask me for sudo It lets me think If I need to do the thing that I'm setting out to do, where Windows is , like another comment mentioned, asking so often. Windows cry's wolf so often we're numb to it 😸

There are some programs that fail to install correctly when the user’s primary account is not an administrator. I had to make a pair of scripts to elevate my account and restore it to normal just to deal with those issues. Also, don’t get me started on admin-owned shortcuts on the desktop. It’s clear to me that Windows was not made for the average home user to run as anything other than administrator.

I think the solution in these cases is -kinda- simple (it depends, anyway): You just don't run any "shady" piece of software/code without knowing what it does, just because some random guy/group of people on the Internet says that "it's safe" (I recently had a discussion with someone on this platform 'cause he was recommending the use of "Windows AME" to anyone who wanted to avoid Microsoft's telemetry, almost claiming that "it was totally safe and trustworthy..."). There are methods and tools to avoid any disastrous outcome, like using VMs to try anything that could be potentially dangerous, sandboxing software, you can even upload a file to VirusTotal and see if there's anything wrong with it. Or, if you have the resources and knowledge -or the will, money and time to learn-: use another PC/laptop exclusively for anything "risky", don't connect it to your main network (or else, learn to use and configure VLANs, firewall rules, etc., and isolate it completely from the rest of the other clients in your network...) and then, run whatever you want as Admin. I mean, minimize the "impact surface". Or else, put your trust in it, take the risk and deal with it. See you next time, Chris. Keep up the good work!

Absolutely love the FitGirl reference

"By some girl that happens to be fit" lmao you killed me. Yeah if you use that i would advise disabling the run as admin option on the shortcut that get created. Or better just treat your windows install as hacked and encrypt all your important data on the linux drive. Also having backups is important.

@Chris Titus Tech you're a smart guy. You wouldn't lay out a problem if you didn't know or have a plan to tackle it. Awaiting a Vid on the solution for partitioning/segmenting users ...

I agree in theory on this. But as an MSSP and someone dealing with many different types of users, Business, Residential, businesses with HIPAA, PCI and other compliance needs I've taken a different approach. And it doesn't matter if you have Admin rights or not. If your running Threatlocker (like all my systems do) along with other layers like Huntress, some sort of AV, and Senteon, well I have yet to have a single client of mine get ransomware or even malware for that matter. I'm well aware that nothing is 100% secure. However, and I'm not divulging all the things I do but it is A LOT!!!! just so I don't get that call about Ransomware, or cleaning off malware etc. And of course and last resort and layer, ya just have to have air gapped backups that are tested regularly in case the worst happens. but, like the old saying, an ounce of prevention is worth a pound of cure. And after 35 years of doing this, I was tired of cleaning malware back in the day so for the last 15 years, I have done everything possible to prevent the mess (which is Windows) and it's users and just Deny everything unless I approve it. Harsh stance for Managed Systems, but it's the only way to get close to that 100% secure. Mine might be like 99.99% And yeah, I take it to extremes but hey, it is windows so ya kind of have to unless it's a system you don't care about then game, install and do whatever, and if it breaks, nuke and pave as they say.

"Some Girl that happens to be Fit", That is a good reference for those who get it.

Keep admin account, family and kids will want to install weird games on your pc, at least when they intent to install something, they will have to ask you to elevate, and you get to decide

HELP: Windows 10 issue. I have a external drive, with an old System back up. No matter what I've done, it wont let me delete it. I am Administrator, I've gone in and changed permissions. Is there anyway to force the deletion of this. Would free up a couple gigs of storage. Thanks.

I think all of this is trash. I hate windows, Mac, Linux. Istuff, android. Smart tvs, proprietary trash that strips you of user freedom and repair ability and the lack of vision from these companies that follow in apple’s path. It’s disgusting

Pretty much sums up my conclusions of a few years now. the Windows and *nix user permission structures are fundamentally different, and a fair bit of the logic behind them just isn't cross-compatible. The only real difference on Windows, is that a standard user gets a password prompt on UAC, where an admin still gets the prompt, and all the protections that come with, but with no need for a password. It could be said that a virus could run an autohotkey script in a chainload to approve the virus, but UAC blocks input from non-admin inputs as well, rendering that moot. Runninf a standard user, I've found actually causes issues when it comes to running programs with escalated privelages, as they will direct to running out of the admin user's folder rather than the regular user's folder, which can cause issues with programs that only need to be run as admin for certain higher functions, such as rufus, for example. Rufus works fine, but I have to direct it out of the admin user folder and into my own user folder when pointing to an image I want to flash, every single time. Other applications will restart themselves in admin mode, and then complain about being run as admin unnecessarily because they don't have the cache of the active user session from before to trigger the intended function.

There's no reason to bother with a regular user account on Windows. There are 101 ways to escalate privileges on Windows bypassing the UAC. On UNIX operating systems they make a decent effort at stopping privilege escalation because this is at the core an OS that is designed with multiuser mainframes in mind. While Windoze is designed for "Personal Computers" in mind. Even group policies are not going to save you from privilege escalation in Windows. If someone breaks through the browser sandbox or some other remote code execution scheme, it's game over and that's it. In Linux/BSD and friends you can harden by making .bashrc or whatever config file de default shell uses immutable, use a non-standard shell, firejail. People are actually confident making pubnixes that provide shell accounts to anyone after a bit of hardening.

I'm one of the ones not "receiving" this well. lol I agree with the points you make BUT the user's behavior is separate from the account. If I train my users not to always elevate OR what I usually do is simply not tell the standard user the password for the admin account, that user's ability to "elevate on a whim" is pretty much eliminated. What I use standard Windows accounts for most is to guard against the entire system being impacted by something malicious, vs that user's account. So, if someone installs some 'bad' software that borks the system (from the perspective of their account), I can reboot the system, login as the administrator and blow that user's account away to see what else might need to be dealt with, if anything. This is akin to a Windows user's profile going "bad" and when they login, the system runs like a dog and when another user logs in, the system runs fine. So, I think it's important to separate your points into two different discussions: 1) admin accounts vs user accounts; 2) How user's behavior impacts the functionality of a standard account vs an admin account. Thanks for posting!

I have to agree. I work in a computer repair store and have set up a few computer's for a customer with standard account plus paid anti virus and never gave them the admin password as they never should have need of them. A few days later some of them came back with ransomware. If someone wants to download that free game they will find a way

I might be missing something here since I haven't used Linux ever, but you said that in Linux, everyone runs as standard user and whenever you need the admin privileges, you just elevate it using the sudo superuser command, but well isn't that the exact same thing as the "Run as Admin.." option on Windows, and if so, wouldn't that mean that they are pretty much the same in giving user admin acces when required meaning there isn't that much difference in how elevation works in Windows vs Linux?

I got tired of windows pop-up warnings, that is why I use Admin

By the end of the day you gotta run stuff in VMs and make backups to keep yourself safe. Sure, not running shady stuff as admin is good and all, but that's honestly just a meme at this point. Our perception of what seems safe can differ a lot, and either way keeping yourself safe from exploits can be quite difficult. Those may just run, admin or not, and still cause privilege escalation and whatnot. You'd have to tweak the privileges quite a bit for it to be worth it I guess, but it's all just a hassle so I'd rather just go with VMs or scan everything you download in VirusTotal and keep your AV updated and that should keep you reasonably safe.

Windows Wednesday is the day I'm reminded why I avoid Windows like the plague. Thanks, Chris! Keep up the good work.

I only understood the user problem after getting old enough to have my own personal computer! Problems just magically disappeared! lol

I generally agree with you but I can see how requiring a password for elevated privileges would enhance security. If a malicious actor attempts physical access to the machine a password would stop them from deploying malware onto it (assuming the malware needs elevated privileges), the same applies for scammers through a remote desktop software connection or a malicious rubber ducky USB plugged in by accident.

I only partially agree, some users I have helped will break everything if there isn't some big pop up that requires a un/pw, they are the kind of people that don't like passwords at all, so when faced with that prompt they give up quickly.

Great work 🥳 Thank youuuu 💜

Is elevating whilst running as standard user not the equivalent of sudo in Linux ?

I tried Standard User but it caused more problems with where it installed files when I had to elevate. I gave up and went back to Admin

It really may not matter as much as people think because you computer stores login info so even if you are not a admin but the admin was on of the last 5 to login the cridentials for the admin account could be comprimised unless you make changes.

Somehow he looks quite hungry...

My wife is a normal user on her laptop, and her surface, without access to the admin (my) password. She watches a lot of Asian shows on "less than legitimate" web sites (like from China). I don't have any network drives persistently mapped, I connect when I need to. And I back up her information weekly. She very seldom needs the elevated privileges and she's been protected for the better part of a decade. I, however, am the only account on my windows machine and naturally admin.

Because the Sims is critical piece of software for many users, me included, the only issue i see here is the price of the software and its publisher release model innovations

I haven't even started watching the video and Im going to comment that I tried running as standard user and it's a nightmare. so much software is either not compatible, bugs out or actually not working without a lot of tinkering.... it's annoying at best.

Almost every software asks Admin rights before installing. This ruins the fine line between admin and user access. There is no point.

I try Windows every version as user, there is always some program or windows setting that doesn't work right.

Many commercial applications require the users run as an admin user (or at the very least in the admin group) total PITA

On Linux, I'm used to sudo only when installing something from package manager or editing things system-wide, makes me think twice of what I do. On Windows, the prompt is everywhere, even when it shouldn't be, so users are most likely to click 'Yes' on everything instead of reading, and I'm guilty of the latter. Having the AV doesn't help either, users can be trained to just allow the software because it's a false-positive, that's the case more often than not, and you can even bypass the detection if you know how In the end, it's difficult and can't be easily solved. No matter what you do, you just can't save the user from themselves; they'll always want to have it their way, even if they're not gonna like the result And I agree about the girl that's fit, she does interesting things; just be careful there's many out there pretending to be her

Yes Widnows is not perfect, but I would not go as far saying that local admins accounts are not secured. Yes the account "administrator" is fully open and no one should use it, but the others admins account are somewhat protected by the UAC. Yes UAC is far from perfect and there are knowned vulnerabilites but sudo also had few CVE. We have seen what Microsoft is capable of with DRM in Xbox game pass and how Apple lockdown their system. Trust me I prefer to keep my admin user rights.

if you get an unexpected UAC and Hit yes youre absoulutely correct thats a PEBKAC error when viruses start flooding the system 😂 😂

The Girl Who's Fit is actually really safe along with a certain russian gentleman

The pitch for FitGirl was so damn smooth haha

user accounts are still useful for restricting users from downloading unknown software or elevating permissions for software, for example family computers where you don't want a 9 years old who watched a yt video download bunch of malware

the shady guy talking about a girl who is fit. awesome!! i get your feeling that how easy the delivery is.

I didn't realize how nice it was to not have to worry and install countless security updates and run near daily scans until I moved to Linux (and Mac for photo continuity) . Your comment that Windows was built completely wrong from a security standpoint resonates with me every time I have to work on my wife's Windows 11 machine as she will not make the jump and I know when to say calf rope.

I just used a windows 10 install for nearly 2 years with a standard user but I did run into some problems with some programs. My most recent install I gave up on that. I have TPM,memory isolation enabled and malwarebytes so I figure im alright.

I'm running Win 11 (fresh install) and I can't drag-n-drop things anymore, my main issue is draggin images/links to my other running programs, but I also can't add an app shortcut into the taskbar with drag-n-drop and after some research it seems the issue can be fixed by disabling user account control, and while researching if that is a good idea (someone said they can't log in anymore after disabling it) I landed on this video. Do you have any thoughts on that?

Running as standard user is out of the question for me. I have to run as admin. Always.

Yeaaaah, I think it's one of those things where technically it's better, especially if you say share a computer with someone less savvy, to run them as user. but single user, you're the one using it and trust yourself to not absentmindedly click shady things when it matters, just stick on admin, I think most of us would rather run the risk of us being wrong than deal with entering the UN/PW every time we need to elevate something, and with viewers here trending more towards power users, it's probably a bit more often than your normal web browsing users. That said... I am trying to get ahead of myself borking my PC with admin rights and trying to segregate things out.... just in case...

One user you shut not run as is the build in "Administrator" user. because it runs everything as admin kinda like using the root user as user account on linux

Great video thanks for your insight

You said "how cobbled together Windows was". I think you meant to say "how cobbled together Windows is". Once you get past the material design of windows 8, 10, 11....every system and submenu looks and functions pretty much the same as Windows 2000+ versions.

I 100% agree with you Chris .. great video.

The UAC is kinda pointless because in Windows, applications often times have the ability to just elevate themselves without your permission, the UAC doesn't stop sh** so I just turn off the pop-ups completely, that thing only pops up when I'm trying to deliberately run something anyway and any malicious attack on my system isn't going to ask me if I want it to run lol, that would be one generous malware attack if it did haha.

What do you mean by "built incorrectly"? 6:43

Windows does allow you to kida restrict an admin account by changing a group policy in the registry. When the authentication pops up, you can configure it to ask for username and password, or only just a password, every time for any user, including admins. The registry key is ConsentPromptBehaviorAdmin; do search on Microsoft docs for the entire list of options. Some thing to add to Windows toolbox? I dual boot and keep untrusted programs on windows so i made my default account an admin and have authentication ask for a password only, like sudo and other authentication windows work on Linux. What are they going to do?? Make me suk less in League???

What if you give your kid a computer and dont give him or her admin so only you can install stuff. Duh

I have so much trust in myself that I do the good old `net user administrator /active:yes` . Would not recommend obviously but for my usecase it is just plain nicer to use.

Still much better to run as Standard User. Way too easy to accidently click "Yes" to a UAC prompt when logged in as Admin as opposed to typing in the admin password.

Now talking about this famous girl who just happens to be fit I thought the programs were all safe or that she is considered as a reputable source? Am I missing something?

"Windows XP is the bastard child of ME and 2000 ..... LOL

What is the Active directory equivalent in linux to control user permissions to resources across the network? Is there a construct similar to an AD domain?

If you want a UNIX like prompt in Windows you just need to activate that thing. Then you will have a UAC prompt that will tell you to put your password. That is a really super easy method. Your system is yours so you just need to customize it on your own, Windows never took it away from you. It never did. Just lame excuses from a normal user. Use everything from the core of your heart. WINDOWS,UNIX, LINUX,BSD they are all great systems I just love them all because I have choices for every other platforms.

Beard ✅ thanks Chris!

Sorry, off- topic; but: WE could use some help with something for affordable chromebox/ chromebook. Security for Gallium or current distro [ lightweight ] safe enough to use as with a current kernel; thank you.

Totally with you on this one. And it's another password to remember which can get cumbersome.

Yes it matters for tech savvy person not for a naive user.

Using a standard user was more helpful in the Windows 7 days from what I understand. Now, you're right. It's not really going to help anyone with Windows 10 or 11.

Biggest reason to use an admin account (according to me of course) , cool factor.

Does linux even support SSO similar to AD?

I think with windows it depends of use case and what kind of data are in the computer

By some girl that happens to be fit.🤣 Killed me with that one.

I think the sims should repack their standards

It makes total sense I find your channel very informative sir for a lot of people.

privilege escalation attacks like when you are a admin use4r

Good info. Now how about Windows Home vs Pro?

There is a way of running Linux (mint n others) as an admin without a password at all! You can use Rufus with persistence and + you need not install at all, you as is and run it from a USB! That's what I'm doing with Linux Mint! I use all type of Windows always as Admin with no passwords and I never had a virus or otherwise infect my system, I run a full antivirus scan every week!

Good honest discussion, but I feel more comfortable just being a Srandard User...

I agree with you Chris.

By some girl that happens to be fit... Say no more, we understood you 😂😂😂

way back in the windows 98se days... only know about one virus i got in my life, was before opera got sold, they somehow got hacked and ransomware was added to their installer. if i wasn't running as a regular user everything would have gone poopoo. if i'd logged into admin before my regular user, it wouldn't have helped. it moved the shortcuts on the desktop and start menu, that's all it did.

"By some girl that happens to be fit". That was funny.

What's the problem with the computer? Well... You... That's what I want and can't say every single day... Nice video

Microsoft should consider throwing windows out the garbage and making an operating system from scratch.

ah yes the good old fitgirl i install 90 percent of my games with that because games are super expensive in my country

windows admin is not really admin.

The only problem with windows is its existence. It is sooo freaking annoying

The way you mentioned fitgirl is .....🤐

Ah yes, he's an honest guy :)

I run Linux and for gaming I own consoles, don't need an ill designed OS managing my data.

Hello titus I switched to Linux recently (garuda linux) and it's amazing but I have problems with installing packages, because I have an 128gb ssd(for root and swap) and 1tb hdd(for two partitions) and no matter if it was pacman or paru every package I install get stored on the ssd and the hdd remains empty I really want to use (pacman,paru,nix..etc) without filling my ssd

You are not wrong. Not in one point.

Always use the legit website of the girl that happens to be fit otherwise it's very unsafe.

I used to just be a user, like in Tron. It seemed like almost every issue said must be administrator to make the changes. I got tired of being told I can't make changes.

I never expected you to know about girls that are fit.

There's no difference in *nix with mounted shares as a user and windows with connected network shares. Same as with applications that require root (aka administer) to install/configure (or not). A user having access to the sudo command is identical to a modern windows "administrator". IDENTICAL! The same sort of virus/ransomware can and dies the same degree of damage in both scenarios. Do you advocate Linux users to disable "sudo" and require performing separate logins as root of administration purposes? If not, there's NO DIFFERENCE!

Almost 30 years using Windows, always ran as Admin, most of the time even without active AV. Periodically scanned, just to make sure. I had a single incident, due to my own incompetence, which was solved in a matter of minutes after it happened. IMO common sense, a good backup strategy and a testing VM is the most effective line of defense.

Agree 100%

Haha CTT is a dirty ol pirate like all of us!

The __only__ reason I don't use linux as much is that girl who is fit can't support linux :(

Running as a admin is worth it sort of, just saying! But you need to know what you do even if that means going to the dark side haha XD