Actually, running a computer in administrator mode allows the end user total control over said terminal. For example, most computers in major companies do not have admin rights, and as such, employees can not install software without someone from IT giving the "ok." With administrator mode (the default for most home computers, obviously) the "admin" can install whatever they want, including programs like keyloggers and trojans that could potentially harness sensitive information or piggyback on the local computer into the much more vital corporate network. Most companies, including TJX, surely have firewalls and monitoring programs to prevent this, but by closing the "Administrator" security gap, said system would become much more secure. As others have said, if someone REALLY wants your information, they can get it...but if you lock down your systems, have decent watchdog programs and compartmentalize/back up your major operations and databases, you reduce the risk. Hackers want to be able to get in, out, and not be caught. The more hoops, logs, and passwords you have, the less likely the average/above average hacker is going to run the risk of infultrating your network. This goes for any major company...not just TJX. Systems like Ubuntu Linux, Mac OSX, and the new Vista require users to either enter a password or confirm whenever a new program is being installed, reducing (but not eliminating) the risk that malicous software is installed.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11520/35157#35157