Edit:
Some of this may not be Microsoft's fault. It's whoever's fault who put Windows on the machine and configured it so insecurly :\.
For those of you who don't know, Windows XP Media Center edition is more or less Windows XP Professional, with the Media Center shell "ehshell.exe" (watch tv, record it in proprietary, 'DRMed' format, listen to radio, play games with your remote control, etc).
It's obvious the target audience here is generally, the average computer user with some extra money, so why is it that by default you LOG IN AS ADMINISTRATOR? I am not kidding. When I got this computer (I wouldn't have gotten it if it wasn't more-or-less XP Pro, since home is ... crappy), the login screen had two users. Guest, and Administrator. And what's even better is that computer companies don't want to provide you with recovery CDs anymore, so if some idiot bought a computer with Windows XP MCE, got a virus and that virus destroyed the cmdcons folder and installed one of those nice programs that has sibling programs to make sure you can't close them or remove them from registry startup, user = screwed. Of course, the user isn't really screwed if they don't know this is going on, and from my experience, most people don't see "websavingsfromebates.exe" as an irregular program that shouldn't be running. This is a step backwards in security.
I guess i'm ok with it being built on-top of XP Pro, but the logging in as administrator as a normal user is just... you kind of have to wonder what someone was thinking when they made that decision. Hey! lets give your mom/pop user who's too lazy (or unaware, or intimidated by the process) to download system updates, and is afraid to run defrag, and uses MSIE for all their web access, a version of windows where they're logged in as administrator. That's what people who don't know a lot about what they're doing need, the ability to delete critical system files that aren't protected by WFP for some reason (ntldr, for instance).
Possible Fix:
After thinking about this, I suppose one could change the protections on the kernel32 memory space, and intercept particular API calls used to execute programs, if cmdcons wasn't an option (deleting through recovery console). I would say use FAT32, but then you have no real file protections at all for seperate users.
Edit:
I do NOT recommend running IIS, unless you enjoy someone telling you they were able to access a lot of your files, and yeah, having up-to-date patches isn't good enough -.-.
[ August 20, 2004: Message edited by: anphanax ]
