In Beware of Social Engineers, I wrote that I’ve recently had several clients that have contracted nasty malware that masquerades as security software and claims that the victim’s PC is infected. It then offers to clean up the infections – if you pay for the software. Of course, by that time the damage is done, there is no real infection (other than the malware itself), and the only thing that paying for the software will do is possibly remove it from the system.
In all of the cases I’ve seen, the users had up-to-date Internet Security software installed (one part of the Safe Computing Triad) and had they PCs set to automatically install critical system updates (another part of the Safe Computing Triad). So what were they missing? They were missing the other component of the Safe Computing Triad: the Principle of Least Privilege. The Principle of Least Privilege says that a user should have only the permissions and privileges that are necessary to do what they need to do. Unfortunately, most users – including those to which the first paragraph above refers – always use an account with administrator privileges, even when all they are doing is email, web surfing, or word processing.
The are several reasons for such pervasive use of administrator accounts. One of the primary reasons is that it’s the default for accounts created in Windows XP during the initial setup of a new computer. With Vista, Microsoft addressed this with User Account Control (UAC), which requires users to approve any change that could impact the security of the system. However, the frequency with which these requests for approval appeared, particularly with a new system where the user needed to install a lot of software and device drivers, trained most users to just blindly click “Allow” without really reading or thinking about what was being asked. In my limited experience, Windows 7 seems to have a better balance on this issue. Two recent articles on Tech Republic about Trusted Web Sites and Online Banking point out how dangerous this can be.
I’ve been beating this drum for a long time now – use an unprivileged account whenever possible. If you have children that use your PC, up through and including teenagers, create a separate account for them to use that does not have administrator privileges (even if they have their own PC, I’d advocate that the parent act as the system administrator and provide only an unprivileged account for their offspring). Use an account with administrator privileges only when necessary to install software or device drivers, or to change the system configuration such as power management, network connections, and so forth. There are some software packages – QuickBooks Pro comes to mind, and I’m sure there are others – that assume you’re going to be using an administrator account, and that won’t work properly if you’re not. I’d recommend creating a special, privileged account just for running those applications; just be very careful if you need to use email or a web browser from that account.
To recap, the Safe Computing Triad includes:
- install and keep up-to-date a capable Internet Security suite
- set your PC to automatically install critical patches
- use an unprivileged account for everyday computing tasks whenever possible
Is this inconvenient? Yes – it can be very inconvenient. Is it safer? Personally, I’m convinced that it is.
