Please direct questions and comments about this guide to [email protected] Introduction Risks Associated with Administrative Privileges Definition of the Principle of Least Privilege Definition of the LUA Approach Benefits of the LUA Approach Risk, Security, Usability, and Cost Tradeoffs Implementing the LUA Approach Future Developments Summary Resources Acknowledgments Recent advances in networking technology such as permanent connectivity to the Internet have brought enormous opportunities to organizations of all sizes.
Unfortunately, a connection between a computer and any network, especially the Internet, increases the level of risk from malicious software and external attackers, and as old risks are managed, new ones are discovered or created.
Other antivirus vendors report similar increases in the numbers and types of malicious software.
A significant factor that increases the risks from malicious software is the tendency to give users administrative rights on their client computers.
When a user or administrator logs on with administrative rights, any programs that they run, such as browsers, e-mail clients, and instant messaging programs, also have administrative rights.
If these programs activate malicious software, that malicious software can install itself, manipulate services such as antivirus programs, and even hide from the operating system.
Users can run malicious software unintentionally and unknowingly, for example, by visiting a compromised Web site or by clicking a link in an e-mail message.
Malicious software poses numerous threats to organizations, from intercepting a user's logon credentials with a keystroke logger to achieving complete control over a computer or an entire network by using a rootkit.Malicious software can cause Web sites to become inaccessible, destroy or corrupt data, and reformat hard disks.Effects can include additional costs such as to disinfect computers, restore files, re-enter or re-create lost data.Virus attacks can also cause project teams to miss deadlines, leading to breach of contract or loss of customer confidence.Organizations that are subject to regulatory compliance can be prosecuted and fined.Note For more information about rootkits, see the rootkit definition on Wikipedia at