Re: admin privileges and trojans

["Colin Copley" <colin.75 () btinternet com>]

"W W" wrote:
> I'm trying to put together some information for the higher ups to show
> them the threat level by allowing users to have admin privileges on
> their systems.  Would it be safe to say that a lot of trojans/viruses
> could not be installed on a system where users did not have admin
> privileges?  Are there any good studies or analysis out there?  I've
> looked around a bit, and I have found some minor articles.  I wanted
> to see what your thoughts were.

Hi

I think the principle of least privilege is standard security practice.
Googling security + least privilege will show up plenty of articles, but
in-depth analysis is pretty unnecessary.  The lower the admin rights of the
user's & applications, the lower the admin rights of many worms, viruses &
exploits.  Unfortunately Windows doesn't really support the principles of
least privilege that well, MS are addressing this in Vista, perhaps that'll
be enough to make the bigwigs take note. Otherwise, u can look through the
SANS analysis of exploits / worms etc, they usually list the precautions
that could have mitigated the damage, least priviledge probably being a
common one, and compile your own list.  Or get some worm / virus analysis
from AV vendors sites, compile a list where least priviledge networks would
have been less at risk than your own.  Anything that wants to create /
delete accounts, kill processes, install ftp servers etc is screwed if the
user (or exploited application) can't, unless it escalates it's priviledges
first.

Regards
Colin