Fri Aug 07, 2020 2:54 pm
Workarounds to avoid Innerspace running as Administrator?
I'm sure there's a good reason for this, but I have to ask: Do I really have to run everything as administrator?
The IT professional in me is terrified by running everything as admin. Especially on the computer that I now (thanks to COVID) am using for work.
My goal: Is there some way I can make Innerspace run as a less privileged user? Or at least let OBS/Discord PTT work without running as Administrator?
It's not that I don't trust the folks at ISBoxer - but rather that running Innerspace as admin means I have to run everything else as admin too.
First it's Innerspace, then it's the game client. Not ideal, but feels fairly safe being closed-source programs that not many people use.
But if those two run as admin, now I have to run OBS as Admin in order to capture my gameplay (again, not ideal, but OBS doesn't interface with the world, so seems an unlikely target).
And, most importantly, if I want to play with others, I have to run Discord as admin for my "Push To Talk" key to pick up the keypresses.
Honestly it's Discord that worries me: it's basically a javascript page in a web browser, but with privileged access to the filesystem that a web browser doesn't normally have. Electron (the framework Discord is built on) even has a documentation section about taking precautions against this[1]. And that even assumes it's running as a non-privileged user, so running as admin seems infinitely more dangerous.
Basically: if Discord is running as admin, and somebody can make it execute arbitrary javascript, now it's able to modify files on my computer willynilly, perhaps even installing a rootkit and/or covering its tracks some other way. Discord, with such a large userbase, seems like a good target for would-be hackers. While I'm sure their engineers wouldn't intentionally build something vulnerable, accidents and oversights happen. To make matters worse, I tend to leave Discord running 24/7, so I can see new messages. So I have to either: remember to re-launch Disc as the right user every time I start/finish playing OR it's sitting there running as admin 24/7 just waiting for somebody to exploit a zero-day and ruin my day.
Is there some simple solution here that I'm totally missing? Or maybe these fears are less of a threat than I'm imagining?
[1] https://www.electronjs.org/docs/tutorial/security
The IT professional in me is terrified by running everything as admin. Especially on the computer that I now (thanks to COVID) am using for work.
My goal: Is there some way I can make Innerspace run as a less privileged user? Or at least let OBS/Discord PTT work without running as Administrator?
It's not that I don't trust the folks at ISBoxer - but rather that running Innerspace as admin means I have to run everything else as admin too.
First it's Innerspace, then it's the game client. Not ideal, but feels fairly safe being closed-source programs that not many people use.
But if those two run as admin, now I have to run OBS as Admin in order to capture my gameplay (again, not ideal, but OBS doesn't interface with the world, so seems an unlikely target).
And, most importantly, if I want to play with others, I have to run Discord as admin for my "Push To Talk" key to pick up the keypresses.
Honestly it's Discord that worries me: it's basically a javascript page in a web browser, but with privileged access to the filesystem that a web browser doesn't normally have. Electron (the framework Discord is built on) even has a documentation section about taking precautions against this[1]. And that even assumes it's running as a non-privileged user, so running as admin seems infinitely more dangerous.
Basically: if Discord is running as admin, and somebody can make it execute arbitrary javascript, now it's able to modify files on my computer willynilly, perhaps even installing a rootkit and/or covering its tracks some other way. Discord, with such a large userbase, seems like a good target for would-be hackers. While I'm sure their engineers wouldn't intentionally build something vulnerable, accidents and oversights happen. To make matters worse, I tend to leave Discord running 24/7, so I can see new messages. So I have to either: remember to re-launch Disc as the right user every time I start/finish playing OR it's sitting there running as admin 24/7 just waiting for somebody to exploit a zero-day and ruin my day.
Is there some simple solution here that I'm totally missing? Or maybe these fears are less of a threat than I'm imagining?
[1] https://www.electronjs.org/docs/tutorial/security