Use a Less Privileged Account

The Principle of Least Privilege

The principle of least privilege (PoLP; also known as the principle of least authority) is an important concept in computer security, promoting minimal user profile privileges on computers, based on users' job necessities. It can also be applied to processes on the computer; each system component or process should have the least authority necessary to perform its duties. This helps reduce the "attack surface" of the computer by eliminating unnecessary privileges that can result in network exploits and computer compromises. You can apply this principle to the computers you work on by normally operating without administrative rights. 

On a Computer, what are Administrators and Administrative Rights

About your device's administrator account
On a computer, an administrator account or group has complete access to make system changes on that computer. You should use the administrator account only when it's required for certain tasks, such as modifying other user accounts on the device, installing software, and changing network settings.

You need to know the administrator password on your computer to make such changes.

Windows

The account named "Administrator" has all possible rights, as does everyone in the Administrator local security group, while other users have some minor administrative rights (e.g., they can modify anything in their home directories). A computer must have at least one administrator account.

Note: At Makerere University, DICTS recommends that you normally refrain from running your Windows computer as an administrator. For more, see What is the principle of least privilege as written above?

To use administrative rights:

You will be prompted for an administrator account name and password when needed; this feature is called User Access Control, and it is enabled by default. DICTS recommends you leave it enabled. If you do disable it, you can re-enable it by following instructions from Microsoft's TechNet.

If a particular software program on your computer requires you to be logged in as an administrator, right-click it from the Start screen or menu, and select Run as administrator.

Unix, Linux, BSD, Solaris, and Mac OS  X
Unix computers and Unix-based operating systems typically have one unrestricted account, normally called "root" or the "superuser". The root user has full access to all files and directories on a Unix system, and many low-level tasks must run as root. In addition to the root user, some Unix implementations have a group of administrative users, sometimes called the "wheel" group. Administrator accounts do not have full access to the operating system, but can escalate their status to root to perform certain tasks.

Because the root user has such unrestricted access, administrators typically do not log into it or operate as root continuously. Instead, they assume root-level access using the sudo command. At a command prompt, permitted users can enter sudo and their password, and then execute the command they normally don't have access to. Alternatively, if administrators need to operate for a period of time with root privileges, at a command prompt they can enter sudo -s and their password, and then function as root within the terminal window for as long as they need to.

Normal users on a Unix system do not have access to sudo and cannot perform system-related tasks. However, they still have the ability to install some software and customize their environment. Each user has a home directory in which to save documents, install programs, and maintain personal preferences.