It can also be said that already running a potential malicious or buggy software as a non-privileged user poses considerable risks. Given the right environment it can be very dangerous though, for example when being inside the network of a nuclear power station.
The impact of these new attack vectors can be small and the risks acceptable if the system does not contain any sensitive data and is not used for sensitive activity like online banking. Such a deep evaluation is out of the scope of this site.īut what can be said is that running a software as administrator provides additional and powerful attack vectors compared to running as an unprivileged user. Deciding if a specific software is sufficiently secure would require a deep evaluation not only of the specific software but also of the environment where the software is run in, i.e. There is only being more or less secure and the idea of being sufficiently secure by having most relevant risks mitigated.
From the perspective of IT security there is no 'being safe' or 'being secure' 1.