The Principle of Least Privilege (POLP) is an effective measure against many computer viruses and spywares. POLP states that a running program should be given the bare minimum level of access rights sufficient for it to complete its job, In particular, administrator's privilege (or all access rights) should be withheld from programs such as email applications and Internet browsers, since a virus activated with administrator's privilege in these applications is in a position to cause serious damage to an infected host through actions such as installing and deleting applications and files. In contrast, a virus activated with only limited privilege and access rights has far less access to the resources of the infected host, and thus represents a lesser danger to the infected host.
In one attempt to overcome this problem, operating systems may allow users to simultaneously employ several active accounts, such as a low privilege user's account, and a high privilege administrator's account. For example, when a user wishes to perform tasks carrying a high risk of virus infection—such as downloading software or accessing email—the user may carry out these actions using an account having a restricted, or low level of privilege. Thus, if an infection occurs, the virus will be activated with a minimum level of privilege and the ill effects of the virus may be successfully contained.
In contrast, when a user wishes to perform other tasks that carry with them a low level of virus infection risk, and that require a higher level of privilege—such as system maintenance, creation of new user accounts, or the installation of new software—the user may log out of the low-privilege account and log into a high-privilege account.
When used correctly, this scheme of multiple accounts having varying levels of privilege is effective in containing the ill-effects of virus infestation resulting from high risk activities such as internet browsing, email viewing and the downloading of software from various network sources. However, room for improvement still exists.
For example, in practice many users find the requirement of logging in and out of various accounts to be cumbersome, and defer instead to an easier but more dangerous approach of using a single account with administrator's privilege for all of their daily tasks. As a result, such a user may effectively defeat the purpose of having multiple accounts, leaving the user's computer ripe for viral attack.