by Carl Anctil
The principle of least privilege is quite simple. The concept is to provide users with just enough privilege to perform their duties. But how do you apply this guide in a home environment?
For the home user, the least privilege principle is applied by using a normal, basic user account (not an administrator account). With this method, people can effectively limit the potential damage should that account get compromised or otherwise infected with malware. This is possible because normal users are limited with their access to non administrative areas of the operating system.
The concept or principle has been used in Unix and Linux for a long time. In fact, the Unixes have always had the benefit of the “root” super user account for performing administrative tasks. Users login using their regular account for everyday duties and only switch when they need to increase their privilege to complete an administrative task. They SU (switch user) to the super user (root) temporarily to complete the necessary administrative task.
On the Windows platform, users should also use a normal, basic user account for everyday use. Since the release of Vista, Microsoft has introduced this principle via User Access Control (UAC). This is a new feature in Windows and one that has caused many frustrations among Vista users. The reason behind this frustration is before the release of Microsoft Vista, most Windows users were able to run everyday tasks with elevated privileges such as the local administrator on the computer. With the introduction of UAC , this is now impossible, for every user is run with limited privileges. When a user attempts to perform an administrative task, a pop-up is presented with a dialogue requesting the password for the currently logged-in user before permitting a more elevated privilege mode. This pop-up is the kind of dialogue that users who are not familiar with the least privilege principle find frustrating and annoying. They didn’t have to deal with it before, and don’t fully understand the security benefits.
UAC in general is actually a very good thing. It’s designed to prevent malware from installing itself without user intervention. It also provides the user with a mental pause to perhaps help prevent mistakes before they are carried out. I hope people will learn to appreciate and understand the importance of the least privilege principle.