Advice Request Question on the Security of a Standard Account on Windows 10

[ChoiceVoice]

my kids like to do minecraft modding. this is what i'd consider a higher risk activity (java software made by unknown programmers). they sign in with their own non admin account (with microsoft parental controls on). my separate admin account is also on that system. i was wondering if anyone has tested how robust the division is between accounts? has there been any rootkits or malware or trojans or whatevers that has managed to find security holes and pass to the other side and infect it?

i have noted that when my kids are installing something, that sometimes their account requires the admin password. how much penetration is this giving into my account from theirs? (and no, the mods do not require admin password, luckily - but Minecraft did when it was installed. so i have a copy of minecraft on my side, that is not used, and they have theirs, but with theirs, they add the mods, which mine does not have -- confused yet? lol).

(and AVs used are irrelevant to this discussion, the robustness of the built-in account separation is my curiosity and whether someone should trust it, say to do banking in a different account). - and i get that if they were infected with a keylogger that my admin password could be compromised from their account.

 

[shmu26]

Microsoft's official position is that a standard user account is designed for privacy purposes -- a standard user cannot accesss the private files of another user, and cannot change system settings, either.

However, a standard user account is also very effective for security purposes. In the vast majority of the cases, a standard user can only shoot himself in the foot. It is very unlikely that the security of another user, or the system as a whole, will be compromised.

This assumes your version of Windows is modern and updated. The less you update, the more security concerns you have.

 

[Andy Ful]

...
i have noted that when my kids are installing something, that sometimes their account requires the admin password. how much penetration is this giving into my account from theirs?
...
(and AVs used are irrelevant to this discussion, the robustness of the built-in account separation is my curiosity and whether someone should trust it, say to do banking in a different account). - and i get that if they were infected with a keylogger that my admin password could be compromised from their account.

As you correctly suspect, there is no full separation. From the first fragment, it follows that your children can log on to the Admin account when they are logged on non-admin account. So, they can install the malware on the Admin account too.
If you want to have the separation between accounts, then your kids cannot know the Admin password.
Anyway, there is a partial separation for malware that does not use Admin rights or tries to bypass UAC.

 

[ChoiceVoice]

my kids don't have the admin password. but if Minecraft is installed on both accounts (b/c that's what it does when you install it) - and later, when you add mods in the limited account (no password needed for this), and one is malicious, it seems that the security of the windows account separation isn't only contingent on windows inbuild defensiveness and separation, but is also contingent on Minecraft itself. essentially, a program can be exploited to compromise another account (?). honestly, there are likely a hundred ways a hacker might figure out how to do this. i just find it troublesome that we put so much faith in something that doesn't seem to be tested as thoroughly as antivirus effectiveness.

the gist of it seems to be that no labs or security companies have tested the effectiveness of the account separation (we simply trust microsoft's claims). so if a new banking trojan infects my kid's account, it may be able to infect my admin account or lift confidential info from it (without admin passwords, just by exploiting inherent windows flaws). i would like to see contests for hackers to attempt this, like they used to do to find browser weaknesses.

honestly, if we truly thought these separate accounts were bulletproof, our testers here wouldn't test malware samples in a virtual zone, but in a standard/limited account, and then just delete the account afterwards. so, if someone has a machine they want to wreck, i mean test this with, lol, they can remove all AV, form a standard account, and simply install all the malware samples. then after a couple of days, log into the admin account and start checking to see if it is compromised.

 

[Andy Ful]

my kids don't have the admin password. but if Minecraft is installed on both accounts (b/c that's what it does when you install it) - and later, when you add mods in the limited account (no password needed for this), and one is malicious, it seems that the security of the windows account separation isn't only contingent on windows inbuild defensiveness and separation, but is also contingent on Minecraft itself.
...

On what evidence you think that "it seems that ..."?
The situation is rather clear. If Minecraft uses a service or can run some processes with Admin rights, then there is no separation. If not then it is a separation.
If Minecraft shares files outside the %UserProfile% and the game is played also on the Admin account, then there is no separation.

the gist of it seems to be that no labs or security companies have tested the effectiveness of the account separation (we simply trust microsoft's claims).

Microsoft's claims are well proved by the statistics of infections. For example, the well-known sandboxing application ReHIPS uses account separation. The account separation is very strong, but it can be exploited. There were such exploits, but they were very quickly patched by Microsoft. The account separation is probably the strongest feature in your setup. If your admin account will be infected, then the account separation will be the most improbable source of it.

honestly, if we truly thought these separate accounts were bulletproof, our testers here wouldn't test malware samples in a virtual zone, but in a standard/limited account, and then just delete the account afterwards.
...

The tests are done on the Admin account, because most home users are infected on the Admin account. This is the standard method of testing AVs, which is used all around the world. If you would test the malware samples on SUA (Standard User Account), then this would be like to taste a cake with a plastic wrapper.

 

[shmu26]

my kids don't have the admin password. but if Minecraft is installed on both accounts (b/c that's what it does when you install it) - and later, when you add mods in the limited account (no password needed for this), and one is malicious, it seems that the security of the windows account separation isn't only contingent on windows inbuild defensiveness and separation, but is also contingent on Minecraft itself. essentially, a program can be exploited to compromise another account (?). honestly, there are likely a hundred ways a hacker might figure out how to do this. i just find it troublesome that we put so much faith in something that doesn't seem to be tested as thoroughly as antivirus effectiveness.

the gist of it seems to be that no labs or security companies have tested the effectiveness of the account separation (we simply trust microsoft's claims). so if a new banking trojan infects my kid's account, it may be able to infect my admin account or lift confidential info from it (without admin passwords, just by exploiting inherent windows flaws). i would like to see contests for hackers to attempt this, like they used to do to find browser weaknesses.

honestly, if we truly thought these separate accounts were bulletproof, our testers here wouldn't test malware samples in a virtual zone, but in a standard/limited account, and then just delete the account afterwards. so, if someone has a machine they want to wreck, i mean test this with, lol, they can remove all AV, form a standard account, and simply install all the malware samples. then after a couple of days, log into the admin account and start checking to see if it is compromised.

I don't know Minecraft in particular, but there are plenty of programs that work as follows: the main program files are installed in system space, which is shared by all users. Personalizations of the program are stored in user space, and are limited to that user. A standard user account is unable to make changes in system space. This has been tested. However, there are cases where this rule is broken. This is called privelage escalation. Such security lapses are usually patched quickly after they are discovered.
If you want stronger security, by all means you should opt for advanced security solutions such as Hard_Configurator, VoodooShield, Comodo Firewall, Kaspersky Internet Security with proper tweaking, or any of the other advanced security solutions.