Running with Reduced Privileges
"I do not read e-mail, browse the Web, or access the Internet in any form when running as an administrator on that machine. And I do not do so because the Web is the source of most of the nasty attacks today." --Michael Howard, Microsoft Security Engineering
After fighting it for years, Microsoft reluctantly decided that's the best policy for ordinary users too. Windows Vista was designed from the ground up so that the user does not need to run as an administrator for things to work well.
Meanwhile, what can you do now? Personally, I follow a policy very similar to Michael's, specifically, Option 4 below. Option 1 is probably the easiest to implement, but it's a little less convenient in day-to-day use, and doesn't work in all cases. No matter which option you use, you'll be *much* more secure online than without it.What are Windows accounts?
Windows XP allows you to create two kinds of accounts -- Administrator and Limited. Limited accounts cannot install programs and hardware, make system-wide changes, or access and read all files. Only Administrator accounts can. Most viruses, worms and spyware are blocked when you are running in a Limited / Standard User account. Vista uses Administrator and Standard User (reduced rights) user accounts, and the Standard User account is much easier to live with. [more from Microsoft]
Great! Why not just run under a Limited / Standard User Account all the time? Well, Limited / Standard User Accounts do not work well in practice for many users. It could have been otherwise. Other operating systems work well that way.
However, as is often the case with Windows, there are several other ways to "skin the cat." Below, you will find four options, any one of which will lend your computer much of the improved security that Windows Vista will have.
Option 1: Switch accounts when necessary
Setting up Option 1: Create a new Administrator account, and then change your existing account type to Limited / Standard User. That way, all your documents, preferences, etc., remain intact. [more from Microsoft]
Option 1 doesn't work well for some users. For example, some programs need to be installed under the same account that they are run under, and a few programs will not run at all under Limited / Standard User privileges.
Option 2: Change the type of your main account when necessary
Setting up for Option 2: Create another Administrator account as in Option 1. Then use that new one to switch your day-to-day account from "Limited / Standard User" to "Administrator" (and back) when you need to. It is slightly more trouble this way, but it will work for most finicky programs that fail under Option 1. Option 2 offers the same improvement in security that Option 1 does.
Option 3: Use the "Run As" option to get Administrator privileges when needed
Setting up Option 3: Create a Limited / Standard User account for day-to-day use. Then you'll need to create special "Run As" shortcuts for the programs you want to run with Administrator privileges. This option works well for all but a few programs, so there is a good chance it will work for you. You'll get slightly less protection from Option 3, but I think it is more convenient to use.
Option 4: Drop your internet-facing programs to "limited" privileges to operate in a significantly more secure mode
It is possible to run your internet-facing programs -- browser, email program, media players, etc. -- with reduced privileges. This option is the obverse of Option 3. It is easy to use, but it does take a little more to set it up. Option 4 does not reduce all software rights, but it still serves as a good bullet-proof vest. :-)
The "Drop My Rights" page gives detailed instructions for a couple of ways to set up Option 4.
Option 5: Online Armor Personal Firewall
Online Armor Personal Firewall can be used to lower program rights. It's the primary tool I use to run internet-facing programs with reduced priviliges.
Source material
- Running as a Standard User under Vista (see the Managing Vista topic)
- Running as Non Admin [more]
- DropMyRights
- The easiest way to run as non-admin
- Useful tools
- • attack vectors
- deception the #1 threat
- phishing #1 deception
- poisoned websites
- poisoned email
- email attachments
- downloads
- spam (scams and phishing)
- hackers and worms
- popup warnings
- • malicious content
- spyware
- viruses and worms
- trojans
- • backup is security job one
- • develop your "web smarts"
- don't get hooked
- guard against spyware
- be careful with email
- fear attachments
- surf safely
- • tighten security settings
- windows
- browsers
- email clients
- • defense tools and software
- firewalls
- hardware firewalls
- anti-virus
- anti-spyware/-malware
- all-purpose security suites
- • patch and upgrade software
- • bonus: double your security
- • test your protection
- • protect your privacy
- • WiFi security