According to the Orange Book (Trusted Computing Security Evaluation Criteria), the
Priciple of Least Privilege states that –
A subject must be given the minimum possible set of privileges that it requires to execute just the assigned task on an object and only for the minimum amount of time those privileges are required.
It is important for secure systems to comply by this principle. Typically in Windows XP systems, at least one user account is created at the time of installing the system, which is given administrative privileges on the system so that a user logging in with that account has got the maximum privileges to perform any task on the system like:
a) Installing device drivers
b) Installing software applications
c) Changing System Date/Time
d) Installing Printer drivers
e) Connecting to WEP enabled wireless networks
f) Saving files inside system folders like c:Windows or C:WindowsSystem32
g) Making registry changes
Although an administrative user account is not required to perform normal user activities like – creating and saving files inside user profile folders like ‘Desktop’ or ‘My Documents’ etc., using Internet explorer, Installing user mode applications etc., most of the home users and many corporate users continue to work with administrative accounts even when not required to.
Question : What is the harm in working as an Administrative user on my computer?
Answer: When you are logged in as an administrator on a Windows XP computer, most of the services and applications running in the background also run with administrative privileges. Since these services run in the background and have admin access to the system folders and registry they can do any change they desire to thes efolders/registry just like an administrator can.
Also, when you surf internet on Internet Explorer while logged in as an administrator, the Internet explorer application runs with administrative privileges itself. What this means is that during this time, if you surf any site that attempts to download and save a file in system folders like C:Windows, System 32 etc. it will be able to do that just like an administrator without even prompting for any permission from the user or informing him. This happens because the application saving the file inside the system folders is the "administrator" itself who does not require anyone else’s permission to make this change. Hence if this file is a virus, worm or any other infected file, it can make any desirable changes it wishes to make to the system. All this happens in the background about which the logged in admin user has no idea!!