Sciweavers

SOUPS
2010
ACM

Do windows users follow the principle of least privilege?: investigating user account control practices

14 years 4 months ago
Do windows users follow the principle of least privilege?: investigating user account control practices
The principle of least privilege requires that users and their programs be granted the most restrictive set of privileges possible to perform required tasks in order to limit the damages caused by security incidents. Low-privileged user accounts (LUA) and user account control (UAC) in Windows Vista and Windows 7 are two practical implementations of this principle. To be successful, however, users must apply due diligence, use appropriate accounts, and respond correctly to UAC prompts. With a user study and contextual interviews, we investigated the motives, understanding, behaviour, and challenges users face when working with user accounts and the UAC. Our results show that 69% of participants did not apply the UAC approach correctly. All 45 participants used an administrator user account, and 91% were not aware of the benefits of low-privilege user accounts or the risks of high-privilege ones. Their knowledge and experience were limited to the restricted rights of low-privilege acco...
Sara Motiee, Kirstie Hawkey, Konstantin Beznosov
Added 16 Aug 2010
Updated 16 Aug 2010
Type Conference
Year 2010
Where SOUPS
Authors Sara Motiee, Kirstie Hawkey, Konstantin Beznosov
Comments (0)