Applying the Principle of Least Privilege to User Accounts on Windows XP

Here’s an excellent document I’ve added to my list of articles to give to clients:

Applying the Principle of Least Privilege to User Accounts on Windows XP
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/luawinxp.mspx

“Recent advances in networking technology such as permanent connectivity to the Internet have brought enormous opportunities to organizations of all sizes. Unfortunately, a connection between a computer and any network, especially the Internet, increases the level of risk from malicious software and external attackers, and as old risks are managed, new ones are discovered or created.

Sophos, an Internet security company, found that the number of malicious programs detected rose from 45,879 in November of 1999 to 114,082 in November of 2005, an increase of at least 10 percent every year for the last six years. In November of 2005, Sophos discovered more than 1,900 new examples of malicious software, such as viruses, Trojan horses, and spyware programs. Other antivirus vendors report similar increases in the numbers and types of malicious software.

A significant factor that increases the risks from malicious software is the tendency to give users administrative rights on their client computers. When a user or administrator logs on with administrative rights, any programs that they run, such as browsers, e-mail clients, and instant messaging programs, also have administrative rights. If these programs activate malicious software, that malicious software can install itself, manipulate services such as antivirus programs, and even hide from the operating system. Users can run malicious software unintentionally and unknowingly, for example, by visiting a compromised Web site or by clicking a link in an e-mail message.

Malicious software poses numerous threats to organizations, from intercepting a user’s logon credentials with a keystroke logger to achieving complete control over a computer or an entire network by using a rootkit. Malicious software can cause Web sites to become inaccessible, destroy or corrupt data, and reformat hard disks. Effects can include additional costs such as to disinfect computers, restore files, re-enter or re-create lost data. Virus attacks can also cause project teams to miss deadlines, leading to breach of contract or loss of customer confidence. Organizations that are subject to regulatory compliance can be prosecuted and fined.”