Is Norton Scheduled AutoUpdate really secure?
Hey ITSecurityGuy. Configuring scheduled scans and Automatic Updates wherever possible sounds like a really great way to protect naive and unsophisticated users before you allow them to connect to the Internet and to protect them afterwards. The devil is in the details.
I don't know about Norton Internet Security, but last I knew, Norton had not fixed the security problem that their Norton Antivirus AutoUpdate had to be run by an account with Administrator privileges. The Windows XP "run as" facility does not allow Norton Antivirus AutoUpdates. This means that an account with Administrator privileges must schedule the AutoUpdate and be logged into the computer when the update occurs. Essentially you must always be logged on as an Administrator to use the AutoUpdate feature.
Although Windows Updates may be mending their ways, I believe that this is also true for applying Windows AutoUpdates. Anyone can download them but to apply them you have to be a member of the Administrators group. I am not familiar with the privileges required by the other programs you are scheduling.
Security best practice says never run with more privileges than you absolutely have to have. The principle of least privileges puts one more layer of security between the latest unpatched exploit and full control of your computer. I wonder how secure it is to always leave an Administrator account available for the latest unpatched exploit, so that you can schedule automatic updates?
Of course, if you don't schedule automatic updates using an always logged on Admin account, and you always assign every user a non-Admin account for day to day use, then I'm sure that Granddad, Mom, the Kids and Joe Smallbusiness all know that on a daily basis they need to close all their apps and use Windows XP fast user switching to log into the renamed Administrator account with a strong password to get their Norton Anti-virus updates and apply all their Windows and Office Critical Updates, then log out of the Admin account before they go back to doing whatever they really wanted to be doing.
And if the updates require a reboot, I am sure they will remember to log back into the renamed Administrator account after the reboot to let the updates finish applying before they log back out of the Admin account and log back in to their non-Admin account so that they can go back to what they were trying to use the computer to accomplish.
In my opinion naive users, security and Windows shouldn't be used in the same sentence.
