Fortunately, larger corporations that install Microsoft Windows XP Professional usually don't grant the laptop user full administrative rights. The same cannot be said of smaller businesses, many of which simply purchase laptops from the local store -- laptops pre-installed with Windows XP Home Edition.
The default user of a Windows XP Home system automatically has full administrative privilege. This means that a virus that penetrates whatever security barriers are present will also operate with full administrative privilege.
Imagine the damage that such an administratively empowered virus or worm can do. My mind is boggled by the fact that this is a default security configuration. Are you not outraged at such insecure practices?
In view of the proliferation of worms and virus activity, it is simply irresponsible to use Windows [computers] that give users any form of administrative privilege. If you must use Windows XP Home Edition, create a non-privileged user account and do not use the default (Administrator) account.
A better solution is to use Windows XP Professional and keep your antivirus and antispam subscription up to date. Log on only using a non-privileged account that cannot install software or make any system changes. Lock down the file system, so that the user can access only the confined areas of disk storage that are necessary to permit them to work.
Better still, use the truly secure Linux operating system. Six months after making the change, you will not use Windows again. The cost of Linux is also much less than the cost of upgrading Windows XP Home Edition to Windows XP Professional.
More alarming laptop security facts
Laptop proliferation can have a negative impact on the security of business information. Two things ought to alarm the business IT manager: the way that older laptops are being disposed of and the theft and loss of laptops. Recently, I met someone who had purchased a pre-used laptop from a company, only to find that he was able to access spreadsheets that contained detailed customer financial data.
Last, but not least, how many businesses count the true cost of owning the Microsoft Windows operating system on laptops? Do they factor in the cost of regular replacement of the laptop itself? Do they consider the ongoing cost of antivirus software or office automation software upgrades or downtime?
One of my friends mentioned recently that his company no longer repairs damaged Windows operating systems on laptop computers. They estimated the cost of recovery of virus-infected laptops at $420 per incident. Since the cost of complete replacement is only $500, it does not make sense to attempt recovery.
My friend's company replaces laptops running Microsoft Windows, on average, every 15 months. By comparison, most laptops will last for three years or more. When Linux is installed on the laptop, there is no need for antivirus software, except to scan e-mail, and that can be done on the corporate e-mail server.
In other words, the use of Linux on a laptop eliminates the need for single-machine antivirus updates and limits its security vulnerabilities. This will permit the Linux laptop to last as long as the hardware does -- a savings of at least 50% on hardware alone. Add to that the lower cost of software, as well as increased robustness, and it's hard to fathom why the logical choice meets with such ardent resistance.
Take back control of sensitive corporate data, and help users to become more productive: Use Linux!
Terpstra is an IT consultant and author of the new books, Samba-3 by Example: Practical Exercises to Successful Deployment, 2nd Edition and The Official Samba-3 HOWTO and Reference Guide, 2nd Edition.