[Part 3 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.]

Do You Need Administrative Privileges?

Included for completists, though I don't think I've added anything here to the original blog. I think it's worth making the point again, though.

Log on to your computer with an account that doesn’t have “Administrator” privileges, to reduce the likelihood and severity of damage from self-installing malware. Multi-user operating systems (and nowadays, few operating systems assume that a machine will be used by a single user at a single level of privilege) allow you to create an account for everyday use that allows you less privileges than are available to an administrator.

Most competent system administrators are familiar with (and adhere to) this “principle of least privilege” – simplistically, the more privileges you have as a user, the more damage you can do – and use a privileged account only when they need it to perform a specific task. Following their lead will give an extra layer of protection. However, as always, you shouldn’t think of this as any sort of Magic Bullet. Apart from the fact that there is no Magic Bullet, some modern operating systems have somewhat diluted the least privilege model, making it rather easy for a user with little knowledge of the security implications of administrative privilege to use it inappropriately, exposing the system to threat.

David Harley
Director of Malware Intelligence