Safe Web Browsing and E-mail for the Administrator
This is a useful article by Michael Howard, the biggest big-wig Security dude on the MSFT campus…
<quote who="Michael Howard" where="Browsing_the_Web_and_Reading_E-mail_Safely_as_an_Administrator">
Summary: Michael Howard discusses how you can run as an administrator and access Internet data safely by dropping unnecessary administrative privileges when using any tool to access the Internet.
--=+=--
I've said this many times, but I'll say it again, "Running with an administrative account is dangerous to the health of your computer and your data." So, whenever someone says they must operate their computers as administrators, I always try to persuade them it's not the correct thing to do from a security perspective. That said, every once in a while I meet someone who has a valid reason. For example, I use one of the computers in my office to install the latest daily build of Windows, and I need to be an administrator to install the OS. However, and this is a big point, I do not read e-mail, browse the Web, or access the Internet in any form when running as an administrator on that machine. And I do not do so because the Web is the source of most of the nasty attacks today.
What if someone does want to browse the Web? Or read e-mail? Or do Instant Messaging and so on, and for some reason must run in an administrative context? …
(more...)
</quote>
Note that while this is a very useful tool, it’s still much better to just run with Least-privileges. I strongly urge you to take a look at Aaron Margosis' “Non-Admin Blog” for tips and tricks on running as a non-admin in Windows.
