Tuesday, August 02, 2005

Least Privilege: How It Works

When using a least privilege account, you have write access to your own user files and to shared user files, but you have NO write access to the system directories (c:\Windows and below), and you have NO write access to the location for application programs (c:\Program Files). Because you have no write access, you cannot install or remove programs when using a least privilege account, and neither can malware and spyware install itself (with or without your permission).

For malware to be there next time you turn on your computer, it must put make changes in the system file and application file areas. But from a least privilege account, malware cannot do so. Not one bit. So when running as least privilege, logging off flushes most malware.

It is helpful to keep how least privilege works in mind. Any task that would seem to require write access to system files must probably be performed from within an administrator account. These would include install/remove software, install/remove hardware drivers for new hardware or removed hardware, install/remove printer drivers for new/removed printers, add/remove/change Users and user account types, install "Critical Updates" from Microsoft, and apply virus definition updates.

Some applications do not work properly from within a least privilege account. This is because such applications were written expecting write privileges in system and program file directories. When such programs attempt to write to the system or program file directories, they cannot do so, with untoward results. It is fair to say that such applications are not "least privilege compatible".

Why Least Privilege is Better than Anti-Virus Software

The vendors of anti-virus software find out about new malware only after computers are infected and the problem is reported. Customers of anti-virus software vendors get the fix after the vendors figure out a fix, vendors make the fix available in the form of updated virus definitions, and customers download and apply the updated definitions. So by the time an updated definition is available for download, some number of systems is infected with the new malware and such systems are waiting for a fix. Look at it this way: most computers in the world today function as guinea pigs for the anti-virus vendors.

In most cases, least privilege prevents the infestation in the first place. For most malware, YOUR computer would no longer function as a guinea pig for the anti-virus vendors.

Monday, August 01, 2005

The Security Principle of Least Privilege

begin quote

If low-privileged processes are compromised, they will do a lot less damage to a system than high-privileged processes are capable of doing. Consequently, using a non-administrator account instead of an administrator account while completing daily tasks offers the user added protection against infection from a host of malware, external or internal security attacks, accidental or intentional modifications to system setup and configurations, and accidental or intentional access to confidential programs or documents.

end quote