Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Least Privilege Can Be the Best



 By: David Coursey
2005-03-03
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Opinion: Forcing administrator privileges to be set as the default for all accounts leaves users exposed to malware.

Want fewer security hassles? Demote yourself!

Want to do something right now that can help protect you from malware? Then stop being an administrator. No, I am not suggesting a career change, though I suppose that would have much the same effect. Rather, I hope youll consider using your desktops administrator account only when absolutely necessary and creating a user account for general computing.

Why am I making this suggestion? Because too many people do all their computing as administrators—even those whose user name is something besides "Administrator."

This opens their machines to all the malware the Internet has to offer. Reducing your privileges can stop malware that requires administrator privileges to create its mayhem, making this perhaps the easiest way to improve system security.

Advocates call this "least privilege" computing because everyone operates with as few privileges as are necessary to get their work done. In his blog, Microsofts Aaron Margosis says this decreases a users exposure to Internet threats.

Resource Library:
As to why this is important, Margosis slides into some metaphors I hadnt thought of:

"Well, if you were a surgeon, would you always want to hold an unsheathed scalpel in your hand? Or would you prefer to keep it in a safe place until you actually need it? Does that metaphor work? How about running with sharp scissors?"

In his blog, Margosis explains specifically how malware can exploit administrative rights to harm your machine and discusses why developers shouldnt do programming as administrators. He also takes his Microsoft colleagues to task for not always setting the best example.

Read Larry Seltzers opinion here about Microsofts participation in the malware removal market.

All this sounds pretty good so far, but weve learned that behind every silver lining lies a big dark cloud, which in this case is the "gotcha" of least-privilege computing: Some apps dont run unless they have admin rights. If you change your user properties from administrator to "standard," some of your applications might stop working. Become a "restricted user" and even more software may break.

My friend, Susan Bradley, discovered this when she tried to secure her own desktop at the accounting firm where she works. She grabbed some screen shots of apps that failed.

(If you want to try this, open the User Accounts control panel in Windows XP and create a new account with reduced privileges. I dont actually recommend changing your current account, which you will still want to use at least occasionally.)

Why does least-privilege computing break applications? Because of programmers who write everyday applications that require them. Why do they do this? Because using admin rights made it easier to write certain programs. It also didnt used to be a big deal. This type of development, however, encouraged all user accounts to be set up with admin privileges by default, opening the door for some of the malicious code were fighting today.

(It should be mentioned that Mac OS X and other Unix-based operating systems assume users run in a restricted mode and thus avoid these sorts of problems.)

Click here to read more about new least privilege-based anti-malware software from Hewlett-Packard Labs.

I am aware of no "complete" list of apps that break when a non-administrator tries to run them. But I can point you to a couple of sites that encourage programmers to write better code and that include some examples of programs that dont work.

Keith Brown has gone so far as to create a "Hall of Shame" of applications that require admin mode to run. Susan Bradley has a site, Threatcode.com, which also lists applications and provides links to resources.

With 20/20 hindsight, its now easy to criticize developers for overstepping the bounds of good programming practice. Some vendors are offering fixes that allow their apps to run in a reduced privilege environment. Users can also use an admin log-on when they run specific programs and a standard or restricted log-on the rest of the time.

I hope you will experiment with this, as I have been. Reducing privileges may be the easiest thing we can do to protect systems from the malware invasion.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Least Privilege Can Be the Best
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By David Coursey
 


x}r۸j9km"u#dKb[^L*EBERv4s'ˮO7t%_q*D th4?{$sG3L{B.cnQ?sOuޙ'76{R(-GFgP+N-w5 E]0eNFNv@\}@^sF7D%x_'Щ=ѩ&€wɔiPoل͙ؗ6}^~b .hѱ ⌳Il/G tyG`aFNo Vs7-R#X@vIna>E4f™EQ udnxЖ-AA9E,[3SAVU̠`W:k1㝩S9m<]st/۽>9]vcGV=Bg#j`Bmiue_Zrn`KK']3Q&ںa#j庤"3 >]u4>wOHN,m90dio,Y\H.)żMa)(7F`X@7? iP2Z-8oX@/@ש#a7tBmҔj 9B%yȝ7hr Ce)#8?S̓IhJq䰉c,XSl؅ RMFB@e ,}PEtBAͨ0 . If(;΀/3A.r)i" 6=aL+^*,-j\כUsNVWt];3eя0-px=ivZם6_.=t[:0*>cq4Y`I-. 8ǹ:mo:J=6RQ ^,ԕo+&rO f[Ԗ-Pò˔A ~~;fC 6aͨ6s|ix>:ACA4icŦh4@ӧ&h`Cҋ:LZ w|hx: # 00gw9&z4@۠h&r<kIMlLJ.??6 ; G`p&;xk=`DkwCGHb1LTE}vACAX' 6)@}9\PڝfZȴc@p(^HIRЙj!@9zէl)>3-%֊eRuc"$l ʰ.R.Y!d[o|aa1EYQ^JKHD@CR)Ե aY^`(ytMʆТ=iM!*cc9m _*P?>2ei;aZPګY3ld tAq!r?-j(6 SXSq:hzE>^ijێyorG SǏiЦ0T]2agRJMIas(zq |X0b=9[8[%f//+ igu]ؓ.[\|zN 0|p4'Z>plZ`/R7&¿4wڳJ)ՇI ,ǒR.%&"I D ȸla,ri L*gXsM>QȚ a(JuѧɅi s M~N hPU*1 "I;4/V G/{۹Oј*#؉ko` 2l3sF&/frsE% yB$BRhg[QZn3C zoaRI?I L!2Bsݧ}=1g匬3 ; hUkbS{jEQգRVq~W`sϏyO?"5Tx /OqC}{3i4ZOPz;t5ܦ;pCs.S+)c# ,c`7 $̮$fG` cP.')Pc0].Q9)5fJ ݛyh 䂲`3 ]lW1M_@+j&zg|ѺIXɑ1[DG`{ nȵ( 5zfy@L t@z#xؽL HMҚNHYX9RRkEBZG cqe@ۍ`L ؇`m/JZʚw ^,]hD1(dyDF4@/=q8bk lb{}pq@d#RqCݜ5m"uy@VIJXhQ;_6MONVШ6>s7}&no^{y˙yr dZKp|avJreH˷"gfh ItLe``l۹+em|m*Mn1}c%[Ŵw)n<0{L3gF= PhoUrl2y6(Z`EO7DF3۝">{$ L3saӳP.T*E0=k@" a]&k꾬=M~qDyC[Vޫ*eάRo(QU-q'F.҂^ߍKSbvvLʪH٭X+qe l&SRZ/ւ `PS*GzO`"@(}p'fPzQrZ#&;}$XU]zT#UT-Vr!~͓^cEZ`ЯxLl AKl!/`.R(c/zfD]R/)3nQ/ ~egm! P?PG te[,Z+>J _BQ`о(&w,dU]uv'HGϢ.cn{pvH*ۧ>]E!1`\E]M q޲oSR=h3 J@FG$bwmɾW2zV^;隿ð wNa區ޅsѺ~׽_>Q#r޽H^+΃ Gw"y!KrBë<'uxq)qڎ7M,#LkCuWndL-һnw9`R4c5ɅH' fmDu8eVyy~¯n-,d20!&Wktvă}BHHR ~tDۿ:o}du^k 2 m D785C He*4Д+e3ѓ:)K+y5EY-.l*$'?v 81 zQc%Fc?^SϗIOg 4˼gtY/YI &?Y9\9ZtKmG8vk>]ha*S+SaZ;crI řA0*vluCh/K/+ h&ڍ>#^%M[rc2 !R?L%3 * k^)s,:'!(}gI̔ENxf0 _B4gAW6AgRFMo j Մ@[1v@8Mym.H"Ƈb2>=zcQO?w:iUl _pC%ǝ%%YXƻ2Oٙz,IlvőuR{?oArK )qsr8gA澖ęqqĿq;Â'-R,KJon(jQQ_'W߉҇k{s4F*O&"!;9Ϗ4[hOd@xl.CI瀑ۗa wI°X^ypiV _ȫסl>Dq 75?Sћ`{%(;c*(br'&=bJ5g~&2crH"l3SJ{)l0RDs'\09+;Kݙ9we!bD0:@ @$ h)E"J=LIZȔ/OqnVuWjP eIN`$D/[*}4}01Բm73E K\FBo-mlnYqWA6ٖG/#5mXx,ۧk~׿hb^ܥ<$A30I3&_Ċc՗_N!F^ߒ՞ر f = 6Pя+lGjכ+$>nI~"S`3Aw 8eHKj}Øu* 2΋ctA}s)|[2"+*uԲP)<PvhY+0g DB|iP%:(B4ږC dy˦5Y'}ܱ6Lh  4C"""P$EZ@j3νE Ҭ8$;ykKy6GcU"{qDn9Ez+>P&!9(G!♉_3t1}FX9X 0Qy&qY+l襚9/8`f IYrb (G^w:s[RSLL7J[xC }~M=$Mjb 4wCyC3{/{/{/{/x/KRy/3tE%S1tx$=NnjQbVIF"\|GRnIW'`n.ڥ"VR8H8Kշf\ L<~ ChU1bse~  IBũmqt"E0ܘ0(]0bJR{g*ί|5! бlitc+j+ǖmCB7.j.c3IGG"e^+ tfݎ*{WNUvGe󯌡SٿggQ?(es^1Xo|֊[NiΞCcWqĴ} Έ[=qCb$JC,"^tIw'y}Dd',gh6*`aV3ص/0q_n ]WgaLǔuǏ{'s:^я{0G&_"P<7 ƥ=:=m _vnOn/ =ˠꕂvךSN|l:›\Jmo? DXܟ= )U|5Xsò+4R]ƆWc3cYx݃Cp]D*`%0=4>RPy!FvUϏ{Kb+I7{$qhkkj55AV^ he+cZrD,?tUHE/]^|=~8. dP /_Z6`㾛za/lshh,vxRȥc.ὔjPWK.}KRG*+N+tW=:]3&ME*^0HuPZMF UP+$1V6㥶|Z.{9`Cy<VzZ3XZOkݲP;Xif‹yb+n'-{sx"(ͪNDpdi:{ >ah oKm $:ƒr/'&y - lMᗚkN烔KpʭCף:̹OdLD0[n莇z OYZ+)`{T"I~ȣϮ½Vyą9? Փ>.,bGc0/Ř`^.b¼yւ 9X*l XQF ,G Ř6_O>K7b91  1[ w-kt ziv0%i4X>;'G/0޻K{YV^@\6Ylng9HΜD ^ r 9?SRmF 96z_`yZ^Oa.=([XYrVfQ"KxfVؖmmq.]%fk)J`y]3lS; Jl~'dM,ûe|U:j|%w;҅fZ,sNbc:&  )IoRG,U|ŽP0\'M='yg0\*nr-i`Ik ld Dps<3LۈX 9S":^knٌ\? ǡlclN׽bbWoP$P`+wdc||9+LŌ+Djc4q"m]N*@[`'*!L)%n67ءp_~g4:`3Xej xpƥxm)6lD < 23LkR>ɖàFP8Y|obyLgA~,1G.us x\jHMj$Ѕ:y,@#!9ωōa]NMݗ>0C(-ŌC 5Z(OBVBBveX &z(1—<3eu|^*շӄ^I+\QY / Ij WuGk`f:j,\uuuI^w:rݽt{s޻P֚_ԝ^Iisuݽ`Mfbv>L5mkkLJy22 Sr}=\h^Epɂwᝧ%;<ĉ3^<J*Q^e=DU@*8[4K!~ݾj6Z[Aw/N|veI:o|jQ=ZuRؙFIg p!>Ew;'һ䚡IJ/΁3C_׌k(\~NmeQ>\;'P~sAww?l.?gvmgCCL2~Q ?m.?ak^dȂȠ">Eyy(_~gP~Q(GF_d^f%e\]f_O/C@2U\W_\gOg7ks?f~3A(*h&࿛ Ku1Ay+CZWpzz;9(/Rz UKӌ:gJ3V^V`{AJ1g_?C+@Oq{uk'R+ ]Q%<3Lk[M2P+ȣ_zi k{JyHJ r hxVydR byeï?+w;]SҤ]z.{%])7[O'ikr(%s<2g)h{U2̉h#{"̵0[QǒGlg]#=D~(sҗe&os?b4YQ" =P7].6tpSn&o0U` }ꞿexvY^][j7mχ}>Y;yУx߇ oRg=j{4oqa #o`<o}eR76ևɇ{x C:חU]=F}EP,hMdBgpX`$"7<R9g~F]SKt-o.` DǽLԌn@ 9w>*%U-)UTj%ww~0 zS(B]N-U+zT,.g /(@#غM{%}C3<8fȳRLq u+ҷJ!'\Cxīm!R+2&dof2nQKpޤv,P@pTR Psoy =u XI=?diǤK4l!%KlŜh'bC']UL3,O~f+g- تGШswӦB~Saș zRP lJ//ӡxCKQ,V 50=_ou–'"F'Bλ6^2_XZ$ǖ]bsor:=fGg4yxaw.f ]C?y% o p1Q.`k=oc$-K?Xv7i\ݏIvM[M"m >qY|5h_u4rz V$ǖ1x_'05:%,<3΃8̆I ůD|݅N,gnHh10'th.mc6H_,mgvlChnܙex;r"d`M_k&g/jxY~2&A>ಓH_b'ceq#&b5b P|_ |nꋞ  xN ̄08B8LȮFy+-}x= 94Id`" N_dvO~%Bp|"ϷϒeΌzLU"z̴t{Zt_"Da+Fvޒ{־( ;CLqA>X읚6(ɿع Ә1J1А8v2COA3t ӏke[ O2CZ24`)yc<9znG}޴5cHPWFׁݞV OXo} 8lO.dZs}olI #Ox~ag~ r@b;#O]&\f\j_fJ.ѮRTnbbq8g;kClB pcQ*Ԯ]^x[9`^|˼kAѾYmw0w>L/#=Z&C`H؂{wXiWe1JpC)tO˰CNt3B ׀5V`=H_S(|9NRnãÍXǸ׬[ [+ qy6` <Щ0D\bXe܌1MF.D]khT[%**S6 /ߵS3pݼg®"vyXA\X3' {J>{~w!Ǹ 0tczw^?W- ɤ{-̅2 !δ^xyu~ҕ^)If`cQd+8*)ؐsk`4bOP1,F Qv7`N*)Asa#Dl ;ApNWe S<"Y4.'`y/:|]x O0gWPэX-f1%Dv88)ҡCCĚBJ>eS1#'@n0\|UH d9[H^م53\j/YH~> \99.@OI"cXM1}aE|@'W#.rW|ŠN|M鼳r1^@:m]t?Jzfk`gg~NXvQJe