Is a Windows installer that doesn't require admin rights dangerous?

Installing something without needing admin privileges is no more dangerous than running a no-install program with standard user permissions. This is also less dangerous than installing something WITH admin privileges (or indeed, running anything with admin permissions).

Running a random program downloaded off the internet, of course, is potentially dangerous - even if it doesn't require admin.

If your ISSO's concern is "you're running random internet code, and the author of that code makes it easy for you to be lazy about asking me to vet it", then this is quite valid and factual. (you might debate the cost/benefit, but it is valid)

If the concern is "this installer is more dangerous than other installers or no-install programs because it doesn't escalate its access level", then no, this is factually incorrect.


Well, if it doesn't need admin rights, that means that it can only do what a regular user can. Of course, you won't really know what the installer is doing (but do you ever really know?) but you can be assured that it won't be able to do anything that an unprivileged user can't, so I don't see the problem if you trust the source.


On the windows platform, whether an app installer tiggers UAC (User Account Control) is not up to the app and the app cannot circumvent UAC. If the app install requires to do anything that would require admin, UAC will be triggered. This would include writing to system directories or registry settings that are system wide.

If an app install doesn't trigger UAC, that indicates the app is installing under the non-admin user's profile directory, and only setting registry under the user's own profile. It is certainly possible for a user to install malware, and the malware designed to only mess with that user's files/settings, the damage will not extend system wide.

In the context of ransomware threats, this means ransomware that targets only the user's own files would fly under the UAC radar.

To protect against that and satisfy your ISSO's concerns, your organization would need policy and protective tools to prevent running any app that is not provided by the company and certified. That is incredibly hard to do effectively, and to do that would require a very large investment in staff to certify apps as the business needs demand them.

Obviously, the above is only true if UAC has not been disabled or tampered with. It used to be fairly common for people to disable UAC because it was an annoyance, as apps that really shouldn't need admin would trigger it. For example, it used to be common (and still happens) where running a game requires elevation because the game does and auto-update at each run. These days, apps are better behaved and UAC really should not be disabled.

Updated for clarification following good comments:

It should be mentioned that when logged in as a user with local admin, there are ways of circumventing UAC. For best protection, one should not have admin rights for their everyday account, and create another with admin rights. UAC will prompt for that admin credentials when system wide settings are changed or software installed, but UAC can't be circumvented entirely if UAC is enabled.