Wednesday, March 08, 2006

Running as Limited User - the Easy Way

One of the prime examples of a best practice that is often ignored is the principle of least privilege. Sure, everyone knows that the temp working in Customer Service shouldn't have access to the Finance Department's file share, but beyond simple file permissions, many users are allowed to run as a local administrator on their systems. In general, this is a very bad idea, not just because of the damage that can be caused by the user, but because a large majority of spyware and adware infections could be prevented if the user didn't have admin access to the system at the time of the infection attempt.

While having all users operate in a limited account at all times is the ideal, unfortunately it is not the reality for many companies. There are many applications (Quickbooks, for one), that are not able to function when running as a limited user. Not to knock Quickbooks' design team, because I'm not a software engineer, but in general, this inability to run as a limited user is the result of poor software design. And I don't mean to single them out, because there are many products that have this problem. Sometimes there are workarounds that will allow the application to run in spite of the limited privileges, but other times that is not possible.

Mark Russinovich, over on his blog, has put forth another interesting option that deserves consideration. On a system that cannot be operated using a limited user account, Mark proposes using a limited account for applications that are prone to compromise, such as web browsers and email clients.



Post a Comment

Links to this post:

Create a Link

<< Home