Protect Your Computer by Using a Safer, "Least Privilege" Account for Day to Day Use

When Windows is installed, it creates an account name for you to use when you login. Typically, that account is created with "administrative" privileges. Those privileges allow you, and any program you may run, full access to your entire computer. While that may sound good, it represents unnecessary risk. Very few people need full access to their computer for day to day use. Having such access while doing things like browsing the web or reading e-mail means if you, or someone using your computer, accidentally clicks something malicious, it will have full access to your computer, your data, and online accounts used from your computer. It will have access to everything you type including passwords, credit card numbers, and documents. It will also have the capability to turn off your anti-virus software, security updates, firewalls, and other security software. Finally, it can hide itself so you can't see what its doing.

Most people don't need to do the kinds of things on a daily basis that most malicious programs do to perform their damage. So risk can be greatly reduced with relatively little adverse impact if a lower privilege account is used day to day. Doing so follows some of the oldest and most basic security principles in the book - the principles of least privilege and default deny. In this case, using the least privilege necessary for for day to day use and denying privileges by default. This will keep malicious programs that may be run due to operator mistake or product defect from doing extensive damage to the computer.

This practice is particularly recommended for shared or unattended computers and those used by children. Home computers are much less protected than campus computers.

Most computer operators will have little or no problems using this type of account once it is set up. And if problems are experienced, they can always use the riskier account temporarily to accomplish infrequent activities.

MacIntosh computers, a form of unix computer, have been shipping for some time so that the unix root account isn't easily available. However, the default account ( administrator ) does carry more privileges than typically necessary for day to day use. Most other unix and linux systems don't have tiered privilege accounts and encourage the creation and use of non-root accounts during their installation process. Windows computers, the most often targeted and most common, set up a fully privileged account by default leaving them the most vulnerable.

• Windows Instructions ( Before converting your Windows computer, it is very important that you set it up according to StartSafe recommendations. One of the StartSafe steps will have you set up your computer for automated security updates and installations. This is necessary because only administrative accounts get notified of new updates. )
  • Step by step instructions for Windows XP can be found on the JMU Computing Support site ( procedure for Windows Vista is similar except that the account is called 'standard' instead of 'limited' )
  • Instructions for Windows 2000 can be found on the University of Texax web site
  • Windows 95/98/ME don't support effective accounts and have none of the security features of the more modern Windows versions. More importantly, Microsoft will no longer provide security updates for these products after June 11, 2006 leaving them vulnerable to future defect exploits )
• MacIntosh Instructions
  • Step by step instructions can be found on the JMU Computing Support site
• Unix/Linux Instructions
  • Don't use the root account for day to day activities

Some minor difficulties may be encountered:

• Software and hardware installations often require extra privileges (as do most virus installations!). These can easily be handled by logging out of the day to day account and logging back in as the administrator account. Really, how often do you install software and hardware? For most people, the cost of the infrequent inconvenience is well worth the benefit of extra protection in day to day use.
• Manually installing Windows Updates will need to be performed using an Administrator account but if automatic updates are turned on as recommended by StartSafe , this won't be an issue.
• A few software packages, not many, won't run under an account with limited privileges. This can usually be handled by using the Windows RUNAS utilitity. You basically tell Windows to run that one troublesome program with administrator privileges while your more risky programs (e.g. web, email, and IM clients) continue to run under the safer account. This can be done by right-clicking a program icon and selecting "run as" or modifying a program icon so it prompts each time it starts.
• Do not use a Windows Power User account as it provides little or no protection. You may as well be using the administrator account.
• If Windows control panels, administrative tools, printer installations, or date/time changes need to be accessed, the most straightforward way is to logout of the daily account and login temporarily using the Administrator account. However, a quick way of accomplishing many of those tasks exists. Right-click the Internet Explorer icon and select run-as using the Administrator account. Then, from the Internet Explorer menu, select File->Desktop->Explore and open 'My Computer'.  You can then accomplish many system administrative tasks by using the control panels. You can also use this trick to install necessary ActiveX controls from trusted web sites. Whatever you do, though, don't use such an Internet Explorer instance for day to day web browsing. When you're done performing your system tasks, close out the browser completely and start fresh without using 'run-as'.
• JMU owned computers should not have their configurations changed without consultation with your local desktop management and support folks.

Two web sites with more information about this common sense, low risk configuration are:

• Aaron Margosis (Microsoft consultant) non-admin blog table of contents
• Microsoft moderated web community (WIKI) on using non-administrator accounts
• Microsoft knowledgebase article listing applications requiring special handling