suDown | sudo for Windows XP | |
keeping low profile | safety and comfort in system administration |
Current version: 2.21b (3/feb/2010) |
The purpose of the suDown Project is to make using low privileged accounts in Windows XP* easier which is an
effective security layer against harmful virus, worm, trojan or spyware software. If some malicious program manages
to get past your security programs or break in through an unpatched security hole of your web browser, email client or
operating system it still finds itself in an unfriendly low privileged environment where the possibilities of replicating
and doing harm are quite limited. For a practical example see the
demonstration subpage.
An old Unix rule is that you don't use an administrator level (root) account for your everyday work. Breaking this rule
exposes your system to unnecessary security risks. But working with a non-root account can be uncomfortable if you
suddenly need higher privileges in order to install software or make significant system configuration changes.
Unix based operating systems has two utilities to handle these kind of situations: "su" (abbreviation for substitute user)
and "sudo" (short for superuser do). You can use "su" to quickly change your active user to another one and execute
commands with the other user's context. The runas command of Windows is quite similar to "su". The other Unix
command "sudo" is a bit different in that it allows a permitted user to execute a command with superuser privileges
but with his own context.
Recently Windows Vista* delevopers have come up with the User Account Control facility (UAC). There your user is
still an Administrator Account by default but it runs in a low privileged environment and you can elevate your rights
only when necessary.
"suDown" is a play on words: it is the abbreviation of the terms "switch user down". Basically it transforms your
original Administrator account to a Sudoer account which is still an administrative account but runs in a low privileged
environment. This approach provides you with extra security against malware and other unwanted programs during
everyday work and also gives you easy access to higher privileges anytime you need them.
Transforming your user account into a Sudoer account is as easy as placing it to the so-called "sudoers" localgroup
and suDown takes care of the rest. Privilege elevation in the low privileged environment can be evoked through the
"sudo" program which is available from the command line and with the right-click context menu. The "sudo" command
authenticates you with the password of your user account and executes the given application in the context of your user
but with administrative permissions. It also caches your password for 5 minutes so running multiple applications with
high privilege is comfortable enough.
The main difference is that with suDown you can run applications under the context of your user account and not
with another one's. In practice this means that the launched application sees your user account's environment,
your Desktop, Start menu and Documents for example. In case you install software through sudo, you remain the
owner of the installed files and registry keys and the icons will be placed where you expect them to be so later
you will be able to configure and use the software even under your low privileged account. sudo also caches your
password for a short time so you won't need to authenticate yourself again and again as with runas to launch
multiple programs with high privileges. And you don't have to give out your root password to anyone because
everyone can use his or her own password.