|One Step Ahead
July 14, 2009, Volume 56, No. 01
Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.
Don’t Use Excessive Privileges
Computer privileges are like scissors; it’s not safe to “run” with them.
Windows and Mac computers assign users specific capabilities. On a Macintosh, they are called “privileges.” Windows calls them “rights.” The most privileged account, “Administrator,” has privileges to create new accounts, read or delete any file, modify the operating system and much more.
Few such privileges are needed for most day-to-day computer activities like reading e-mail, using a web browser, or creating documents or spreadsheets. All that is needed for most activities is the limited set of privileges that come with what Mac and Windows both call a “standard” account. Typically, Administrator privileges are only needed occasionally—to apply software updates, for example.
If, as a result of visiting a malicious website or opening an infected e-mail attachment, you were to unknowingly activate a computer virus on your computer, it would have all of the same privileges as the account you are running. If you are running as a standard user, without Administrator privileges, over 90% of malicious software will be unable to compromise your computer.
Of course, it is necessary from time to time, to use Administrator privileges. But by using those privileges only when needed, you dramatically increase your security.
Please check with your Local Support Provider if you’re not sure which account you are using.
To receive weekly OneStepAhead tips via email, send email to email@example.com with the following text in the body of the message: sub one-step-ahead <your name>.
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.