Saturday, October 29, 2005

Least Privilege -- Quick & Easy

Below is a zero risk, zero cost measure than can make your computer invulnerable to the vast majority of the malware and spyware that has circulated in recent years. (Caveat: you still need an effective firewall, as this measure does not stop the bad guys from getting at your computer through the internet connection.) In Win XP, the least privilege accounts are called "Limited". (It seems Microsoft applied the perjorative label "Limited" to discourage people from taking advantage of least privilege protection -- but you do not have to be Microsoft's sucker!)

This should "work" for all Win XP and Win 2000 users:

1) You create new accounts by clicking on Start, Control Panel, User Account, Create an account. Create a new administrator account, and do not name the new account for a person. For example, the name could be "Grand Wizard", "Big Kahuna", or "Root". It is best to put a password on this account.

2) Change the account type for all existing accounts to "Limited". (Passwords are optional for "Limited" accounts.)

3) Use the new account only for administrative tasks like updating virus definitions, downloading security patches from Microsoft, and installing/removing software. Other than installing/removing software, which most people do rarely, tasks like updating virus definitions and downloading security patches from Microsoft can be done every week or two.

4) Use the old accounts for everything else.

Computer users who surf the web, do email with Outlook, and use MS Office applications (Office 2000 or later) should have no problems whatsoever. There could be annoying little problems with some other applications. There is a sledgehammer work around that works for most problems, and it is even documented in Win XP: set up an administrator account, and use that account for the applications that are not least privilege compatible. You can find it in Win XP on the last paragraph of the account type screen after you choose "Limited" account; there is a screenshot here:

There is an inconvenience factor to this work around, as one must switch between the regular ("Limited") account and the least privilege accounts. If the inconvenience factor is unbearable, you can always go back to using your computer "the Microsoft way" -- set the account type to Administrator for all accounts. You can even delete the new Administrator account you set up under item 1 above.

Some applications that are not least privilege compatible can be tweaked to make them least privilege compatible. Aaron Margosis's web log has been recommended by Microsoft for work arounds: