Security Basics mailing list archives
Re: admin privileges and trojans
From: "Colin Copley" <colin.75 () btinternet com>
Date: Thu, 30 Nov 2006 17:26:13 -0000
"W W" wrote:
I'm trying to put together some information for the higher ups to show them the threat level by allowing users to have admin privileges on their systems. Would it be safe to say that a lot of trojans/viruses could not be installed on a system where users did not have admin privileges? Are there any good studies or analysis out there? I've looked around a bit, and I have found some minor articles. I wanted to see what your thoughts were.
Hi I think the principle of least privilege is standard security practice. Googling security + least privilege will show up plenty of articles, but in-depth analysis is pretty unnecessary. The lower the admin rights of the user's & applications, the lower the admin rights of many worms, viruses & exploits. Unfortunately Windows doesn't really support the principles of least privilege that well, MS are addressing this in Vista, perhaps that'll be enough to make the bigwigs take note. Otherwise, u can look through the SANS analysis of exploits / worms etc, they usually list the precautions that could have mitigated the damage, least priviledge probably being a common one, and compile your own list. Or get some worm / virus analysis from AV vendors sites, compile a list where least priviledge networks would have been less at risk than your own. Anything that wants to create / delete accounts, kill processes, install ftp servers etc is screwed if the user (or exploited application) can't, unless it escalates it's priviledges first. Regards Colin
Current thread:
- RE: admin privileges and trojans Lall, Navneet Singh (Dec 01)
- <Possible follow-ups>
- Re: admin privileges and trojans Colin Copley (Dec 01)