Wed 27 Jun 2012
The term “Least Privilege” refers to the ideal of limiting a system to the bare minimum of resources it needs to function. As it applies to using a computer for work, it can mean using your computer while running under a user account that does not have full-time (or any) super-user or Administrator rights.
This has many benefits, chiefly limiting a system’s exposure to accidental changes or malware attacks. For software developers it has the added benefit of ensuring your software will install and function properly in such an environment. But developers frequently need those elevated rights for installing utilities, configuring the system for use-case testing, and using 3rd party tools that aren’t access rights savvy. So while many developers are aware of this practice, they aren’t inclined to work that way themselves.
I imagine that some least-privilege-resistant developers react to their more secure peers in a way very similar to how some people react to a person that is or claims to be a vegetarian.
Reaction #1: Quiet Admiration
Sure sounds like a good idea, and is probably good for you, but I don’t think I’ve go the discipline to do it myself.
Reaction #2: Suspicion of Dedication to the Ideal
We’ve all encountered folks who claim to be “mostly” vegetarian, but do allow themselves some animal sources. Is she really running that MacBook Pro under a Standard User account? I’m pretty sure I saw a “sudo” command in that Terminal window…
Reaction #3: A Cry for Attention
Are those who are claiming to run under least privilege just trying to score “I’m better than you” points? They’re just doing it so they can blog about it and feel superior.
Reaction #4: “I’ll Convince You that You’re Wrong“
Some folks like to argue just to hear themselves talk. You know that guy gnawing on his 15th buffalo wing proclaiming that a vegetarian diet is incomplete and unhealthy? He’s the same one who’s certain that his un-patched Windows XP is just as safe as your system. And it runs faster, too.
Reaction #5: “It’s a Phase“
The shine will wear off this fad pretty soon. You’ll be eating barbecue ribs and running Admin accounts with weak passwords by year’s end.
Do you run under least privilege, or have you tried it and given up?