Restricting administrator privileges
User accounts have fewer privileges than administrator accounts. User accounts deny malware escalated permissions. Admin privileges should only be enabled on devices when absolutely necessary.
Why is it important?
Malware installed using an “Administrator” account can have escalated privileges.It will be able to cause more damage to data and devices.
Using an “User” account as default can help prevent damage to systems should an infection occur.
Priority Tier
Behaviours in SebDB are ranked by their impact on risk. Tier 1 behaviours have the biggest impact, Tier 4 behaviours the least.
Risk Mitigated
Malware Infection
Malware infections occur when malicious software makes its way on to a device or network.
Data Theft
Data theft is the intentional stealing of data.
Further reading
https://www.maketecheasier.com/why-you-shouldnt-use-admin-account/ https://www.howtogeek.com/124950/htg-explains-why-you-shouldnt-log-into-your-linux-system-as-root/ https://www.ncsc.gov.uk/collection/10-steps-to-cyber-security?curPage=/collection/10-steps-to-cyber-security/the-10-steps/managing-user-privileges https://www.ncsc.govt.nz/assets/NCSC-Documents/NCSC-Restricting-Admin-Priviledges-Explained.pdf