The Truth About User Privileges

Denying your users full system privileges is in style

Dark Reading logo in a gray background | Dark Reading

Has the time finally come for the least-privilege user -- you know, setting your Windows client machines to run without system administrator rights?

Leaving admin power on a user's desktop can invite trouble, especially with today's more targeted attacks. That trouble can come in the form of malware that gets on the machine, as well as trouble with users loading apps they shouldn't, security experts say.

Minimizing user rights on a machine is not a new concept, but it may become more of a standard practice with Microsoft's soon-to-be released Windows Vista user account protection, which lets "nonprivileged" users operate mundane tasks that once required admin privileges. (Windows XP, for instance, requires a user to have administrative rights to connect to an ad-hoc wireless network.)

Today, some Windows applications just won't run properly on a desktop without administrative rights. "It's a dirty little secret people sweep under the rug because they're not able to do much about the problem. A lot of applications and pieces of environments won't work if users aren't given admin rights," says Steve Kleynhans, vice president for Gartner's client platforms group. "If you can get applications to function with lower rights, in a lot of cases it hampers the user experience."

Many enterprises already configure their desktops with minimal user rights rather than the whole enchilada of admin rights. Thomas Ptacek, a researcher with Matasano Security, says these days, enterprises more often than not are setting their desktops at least privilege. "There is a definite trend towards least privilege in enterprises," he says. "Least privilege contains threats -- a zero-day exploit in your mail reader is less viscerally terrifying if it only gets you a normal user account."

Mark Loveless, security architect for Vernier Networks, says user privilege problems stem more from the applications themselves. "Most don't take advantage of the security features there in Windows. Not everything has to run with full system privileges all the time," Loveless says. "Part of the problem is application developers don't think they can code it where it doesn't require full system privileges."

Vista could help change all that. Aside from its user account control feature, apps will run better on the OS if they don't demand administrative privileges, experts say. "Microsoft is pushing a model where your code runs better if it doesn't demand administrative privileges," says Dan Kaminsky, director of penetration testing for IOActive. "If you want your stuff to work better, it [must] operate in this sandbox."

But Matasano's Ptacek says in the end, the least-privilege user setting doesn't matter. In addition to the scarcity of apps being written for it, least privilege doesn't necessarily stop malware. "Normal users have to be able to open new network connections to make benign applications work," he says. "A reliable exploit in a 'non-privileged' network service is still a mass-casualty threat."

And it's the Web app that guards payroll data, for instance, not the user's Windows admin account, he says. "Matasano writes advisories to vendors after finding flaws that let 'guest' users rewrite databases or add and delete new users," he says. "Who cares about [Windows desktop] system privileges?"

— Kelly Jackson Higgins, Senior Editor, Dark Reading

About the Author

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights