User Account Control is there for your own good – using least privilege is a good thing!

As Jesper wrote in his “Please don’t disable security features, at least while we’re testing them” post User Account Control makes it easier for regular (non-technical) people to operate their systems with the minimum of privilege.

I never log in interactively to my Windows Vista machine as an administrative level account – certain configuration tasks that require privilege result in me being prompted to authorize the activity by entering my admin credentials. It’s not hard. By using least privilege I have far less risk of my system being compromised by malicious software.

I’m aware of the counter argument that users will simply supply their credentials to any application that requests them – this is a concern. The Windows Vista credential prompting interface is sandboxed (on a virtual display) to reduce the risk of eavesdropping though clearly the risk remains that creative social engineering attacks will be used to convince users to do the wrong thing.

Comments (0)