Running with Reduced Privileges
"I do not read e-mail, browse the Web, or access the Internet in any form when running as an administrator on that machine. And I do not do so because the Web is the source of most of the nasty attacks today." --Michael Howard, Microsoft Security Engineering
After fighting it for years, Microsoft reluctantly decided that's the best policy for ordinary users too. The new Windows Vista, which will replace Windows XP, is being designed from the ground up so that the user does not need to run as an administrator for things to work well.
Meanwhile, what can you do now? Personally, I follow a policy very similar to Michael's, specifically, Option 4 below. Option 1 is probably the easiest to implement, but it's a little less convenient in day-to-day use, and doesn't work in all cases. No matter which option you use, you'll be *much* more secure online than without it.What are Windows accounts?
Windows XP allows you to create two kinds of accounts -- Administrator and Limited. (The situation is essentially the same for XP Pro as well as XP Home.) Limited accounts cannot install programs and hardware; make system-wide changes; or access and read all files. Only Administrator accounts can. Most viruses, worms and spyware are blocked when you are running in a Limited account. [more from Microsoft]
Great! Why not just run under a Limited Account all the time? Well, Limited Accounts do not work well in practice for many users. It could have been otherwise. Other operating systems work well that way.
However, as is often the case with Windows, there are several other ways to "skin the cat." Below, you will find four options, any one of which will lend your computer much of the improved security that Windows Vista will have.
Option 1: Switch accounts when necessary
Setting up Option 1: Create a new Administrator account, and then change your existing account type to "limited". That way, all your documents, preferences, etc., remain intact. [more from Microsoft]
Option 1 is the easiest one to understand and the easiest to use. As stated above, this option doesn't work well for some users though. For example, some programs need to be run under the same account that they are installed under, and a few programs will not run at all under Limited privileges. If Option 1 works for you, you're in luck. You will have greatly improved your security online.
Option 2: Change account type when necessary
Setting up Option 2: Create another Administrator account as in Option 1. Then use that new one to change your day-to-day account from "Limited" to "Administrator" (and back) when you need to. It is slightly more trouble this way, but it will work for most finicky programs that fail under Option 1. Option 2 offers the same improvement in security that Option 1 does.
Option 3: Use the "Run As" option to get Administrator privileges when needed
Setting up Option 3: Create a Limited account for day-to-day use. Then you'll need to create special "Run As" shortcuts for the programs you want to run with Administrator privileges. This option works well for all but a few programs, so there is a good chance it will work for you. You'll get slightly less protection from Option 3, but I think it is more convenient to use.
Option 4: Drop your internet-facing programs to "limited" privileges to operate in a significantly more secure mode
The "Drop My Rights" page gives detailed instructions for setting up Option 4.
It is possible to run your internet-facing programs -- browser, email program, media players, etc. -- with reduced privileges. This option is the obverse of Option 3. It is easy to use, but it does take a little more to set it up. I have some finicky programs running on my computer, which makes this option the only one that works for me. Option 4 does not give as much coverage, but it still makes a good bullet-proof vest. :-)
Option 5: Online Armor Personal Firewall
Online Armor Personal Firewall can be used to lower program rights. It's the primary tool I use to run internet-facing programs with reduced priviliges.
Source material
- • attack vectors
- deception the #1 threat
- phishing #1 deception
- poisoned websites
- poisoned email
- email attachments
- downloads
- spam (scams and phishing)
- hackers and worms
- popup warnings
- • malicious content
- spyware
- viruses and worms
- trojans
- • backup is security job one
- • develop your "web smarts"
- don't get hooked
- guard against spyware
- be careful with email
- fear attachments
- surf safely
- • tighten security settings
- windows
- browsers
- email clients
- • defense tools and software
- firewalls
- hardware firewalls
- anti-virus
- anti-spyware/-malware
- all-purpose security suites
- • patch and upgrade software
- • bonus: double your security
- • test your protection
- • protect your privacy
- • WiFi security