Least privilege won’t solve every security problem, but it’s a significant step
February 13th, 2008 Posted/Linked by Shanmuga
"First and foremost, least privilege models prevent 90 percent or more of today’s malware. You can’t ignore that statistic. Malware writers may easily code around least privilege when they need to, but it does significantly cut down on software that can cause harm today. Second, least privilege mechanisms make it harder for malware to modify key system components. While malware may be able to still do harm — much harm — with user-mode programming alone, not being able to semi-permanently modify the operating system does provide protection you would not have otherwise.
This makes it more difficult for malware to hide from anti-malware software and forensic investigators. Malware with system access can install itself as a rootkit, more easily hide in memory, or perform myriad other obfuscation techniques that make it more difficult for the good guys.
Third, if your end-users don’t have administrative access to their machines, you can prevent them from installing unapproved software. Since the vast majority of today’s malware relies upon the end-user installing or clicking on something they shouldn’t, as well as having admin or root access, not having it will prevent attacks." - Content courtesy of Computer security: Why have least privilege? | InfoWorld | Column | 2008-02-08 | By Roger A. Grimes
If you enjoyed this post, make sure you subscribe to my RSS feed!
This entry was posted on Wednesday, February 13th, 2008 at 12:16 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
