 |
 |
 |
Applying the Principle of Least Privilege to Windows Vista
Wednesday, October 11th, 2006
“Every program and every user of the system should operate using the least set of privileges 
necessary to complete the job.” This is the principle of least privilege as stated by Saltzer and Schroeder in their seminal paper The Protection of Information in Computer Systems published in 1974. The advice still holds true today. By restricting what privileges users and software have, you can help make the system more secure.
This was one of the guiding security principles behind the development of Windows Vista. Why is it important to run with fewer privileges? Let’s look at the privilege of user accounts as an example. If you are running your PC with a full administrator account, any program you run and any malware that is able to exploit that program are also running with full administrator privileges. Those privileges are sufficient to open firewall ports, create additional administrator accounts, and even install a rootkit to hide the malware’s presence. However, if the code is trying to exploit software running with limited privileges, the malware may find itself unable to execute its planned attack and can be easily removed because it wasn’t able to create deep hooks into the system.
Let’s examine four areas where this principle was applied to Windows Vista: user accounts, Web browsing, services, and drivers. Applying the Principle of Least Privilege to Windows Vista — TechNet Column - Security Management - October 2006
Popular Posts
Please read our Disclaimer
