Unprivileged accounts for routine computer use

A simple measure that can greatly mitigate some common security threats is to follow the principle of least privilege with the account you use for routine, day-to-day use on your computer. Use an account that has no higher permissions than those needed for browsing the web, reading email, and using other common applications. Avoid routine use of any account that has Administrator or root-level permissions.

Background:

Many current security threats to computers involve malicious websites or email attachments that cause a program to execute under the privileges of the currently logged-in user. Common examples of such malicious programs include keystroke-logging software that records all input (including passwords and other private data) and sends it to a master controller; backdoor remote-control software that allows an unauthorized third party to completely control your computer; and "botnet" programs that add your computer to a vast "army" of similarly-compromised computers, all following orders from their controller. Botnet-infected computers can be used for a variety of malicious purposes, including attacking online resources anywhere in the world, sending out massive quantities of spam, or mining the data on the hard drive of the infected computer to search for anything that might be of resale value to the botnet controller.

With an unprivileged account, if something goes wrong and a malicious program does execute with the permissions of the current user, the program will not be able to successfully carry out its most damaging actions, such as concealing itself from antivirus software and modifying core operating system components. This makes ts presence much more likely to be detected, and also prevents it from carrying out its mission. Using an account with limited privileges is not a computer security panacea, but it is a simple measure that has a big payoff in terms of improved security.

Windows Users:

Make sure your regular user account for Windows is not a member of the Administrator group. Unfortunately, for historical reasons many Windows users do use an account that has Administrator privileges, even though it is rare that these permissions are actually required for day-to-day use. Depending on the computer's configuration, running Windows Update and installing new software are the two most likely operations that would require Administrator privileges. For these tasks, either use a special account created for that purpose, or ask your system administrator to temporarily grant your account sufficient permissions, revoking them again after the task is complete.

To see if your account currently is a member of the Administrator group, simply right-click on the Start button. If you see items titled "Open All Users" and "Explore All Users", your account has Administrator privileges. If these items don't appear, your account is already a regular user account.

If your computer is managed by a system administrator or centrally by IMSS and you would like to have your Administrator privileges removed, please contact your system administrator to have your account's permissions changed. Please DO NOT make changes to the accounts on your computer without consulting its system administrator.

If you manage your own computer, first create a new account for use when you require Administrator privileges. Be certain that you have set a strong password for this account, and that you remember the password. Create the account by doing the following:

  • Right-click My Computer
  • Choose Manage
  • In Computer Management, expand
  • Local Users and Groups
  • Open Users
  • From the menu bar, choose Action, New User...
  • Create the new account. Be sure to set a strong password.
  • Click Create
  • Click Close
  • Under Local Users and Groups
  • Open Groups
  • Open the Administrators group
  • choose Add
  • enter your newly-created admin account's username and click Check Names
  • Click OK.
  • Exit Computer Management.

 

Now you can remove Admin privileges from your own account. Log in with your newly-created administrator account and do the following:

 

  • Right-click My Computer
  • Choose Manage
  • In Computer Management, expand
  • Local Users and Groups
  • Open Groups
  • Open the Administrators group
  • Remove your regular account from this group
  • click Apply
  • click OK

 

Now, make sure your account is a member of the Users group:

 

  • Open the Users group
  • choose Add
  • enter your regular account username and click Check Names
  • Click OK.

Exit Computer Management.

More information: Aaron Margosis' Non-Admin Blog on MSDN

Macintosh:

Although Macintosh users whose accounts have Administrator privileges must be tricked into entering their passwords, it is safer to reserve the Administrator account for operations that require it, and use an account that is not in the Administrator group for day-to-day operations.

  • Go to System Preferences
  • From the View menu, select Users & Groups (Mac OS X 10.7 or later) or Accounts (Mac OS X 10.6 or earlier).
  • If it's locked, click the padlock in the bottom left corner of the window, and then authenticate as an administrator.
  • Under the list of user accounts, click + (the plus sign).
  • Select 'Standard' as the account type, and fill out the rest of the form.