Things I'd do if I ever have time

Wish list

Please help a man further his career by donating expensive hardware. Cash works too.



Limiting Yourself In Windows

Published: 09/13/2009

Everywhere you go, everywhere you turn, someone is always talking about how their computer is infected with a virus / trojan / worm / malicious-code-of-the-week. You hardly ever hear about this from OS X, Linux, and BSD users. Is Windows such a sensitive, fragile operating system platform that it's that prone to easy infection?

No matter how fast the hardware or latest-and-greatest your software stack is, configuration plays a major role in the general functioning and stability of your machine. The modern computer is an amazingly-complex system of moving parts, all working simultaneously with many degrees of inter-dependence upon each other. Service applications running in the background (which are essentially regular programs hooked into Windows' Service Manager so they can start without a user launching them), OS subsystems such as the disk and security management components, networking protocols, drivers, anti-virus and software update checkers, user-initiated applications such as browsers, chat clients, office and document readers, the hardware itself, dependent library files used by applications, and on and on...

Needless to say, any modern operating system is a highly intertwined maze of operations all (hopefully) working in harmony while sharing the same physical resources such as memory and disk.

If you want to dramatically reduce your chances of being infected and your machine being used as a mindless zombie bot to attack other machines without your consent, read on...


The basics of least-privilege

   More Information


The LSA, user accounts, security tokens, and you

   More Information


Windows Vista and 7 - the upgrades no one talks about

   More Information


Create your first restricted account

   More Information


Testing your limits

   More Information


Until Windows Vista was released, Microsoft never emphasized the importance of least-privilege. Users defaulted to accounts with administrative privileges out of the box, software companies made the assumption that users would run in that security context, and now in some cases Windows has become unusable without high privileges for certain applications due to these reasons.

Least-privilege isn't just about limiting yourself. It's about working smarter.




Go back to the main articles list.