most windows programs haven’t run as root in over a decade.
a program only runs as “root” in one of three situations:
The app manifest says it is a requirement.
The executable does not have an app manifest and has the “Run as Administrator” compatibility flag (only applies to apps built for XP or older).
The user manually invokes the program with super user permissions (right click and “Run as Administrator", or manually set the above compatibility flag).
There are still far too many system components which run with spooky elevated privileges. Don’t believe me? Try nuking permissions on Windows update or activation nagware, disconnect from the internet and see how long those changes persist. Sometimes it is a few reboots.
This is a fundamentally insecure security framework, which no amount of glue or sandboxing can fix.
most windows programs haven’t run as root in over a decade.
a program only runs as “root” in one of three situations:
There are still far too many system components which run with spooky elevated privileges. Don’t believe me? Try nuking permissions on Windows update or activation nagware, disconnect from the internet and see how long those changes persist. Sometimes it is a few reboots.
This is a fundamentally insecure security framework, which no amount of glue or sandboxing can fix.
how would you expect something like windows update to function without elevated privileges?
what?