90% of critical Windows vulnerabilities mitigated by eliminating administrator rights
According to a recent study, as much as 90% of all Windows 7 vulnerabilities can be mitigated by forcing users to operate their computers with Standard User privileges, rather than Administrator privileges. This is something I have been harping about for several years. The following are some of their findings after an extensive study.
From a news release published by BeyondTrust, on March 29, 2010, BeyondTrust's Analysis of 15 months of Microsoft Security Bulletins finds the vast majority of vulnerabilities can be diminished by configuring end users as Standard Users. They found that the removal of administrator rights from Windows users is a mitigating factor for 90% of Critical Windows 7 Vulnerabilities.
Key findings from this report show that removing administrator rights will better protect companies against the exploitation of:
- 90% of critical Windows 7 vulnerabilities reported to date
- 100% of Microsoft Office vulnerabilities reported in 2009
- 94% of Internet Explorer and 100% of Internet Explorer 8 vulnerabilities reported in 2009
- 64% of all Microsoft vulnerabilities reported in 2009
"Enterprises continue to face imminent danger from zero-day attacks as new vulnerabilities are exploited before patches can ever be developed and deployed," said Steve Kelley, EVP of corporate development. "Our findings reflect the critical role that restricting administrator rights, plays in protecting against these types of threats. As companies migrate to Windows 7 they need to be aware that despite enhanced security features on the new operating systems, better controls for administrative rights are still needed to provide adequate protection."
My note: The same results can be had with the Windows 2000, XP Pro and Vista operating systems. See my 2009 article titled Running a PC with reduced user privileges stops 92% of malware
For information about how to manage user account privileges, please read my web page titled Windows 2000, XP, Vista & 7 User Account Privileges Explained. Although it was originally written when Windows 2000 and XP were the mainstream OSes, updated information for Windows Vista and Windows 7 computers has been added. Besides, some of you are probably reading this on an XP computer and this information can protect that PC from malware attacks that would otherwise be successful.
That said, no Windows computer is truly safe without some form of anti-virus, anti-spyware and anti-malware protection installed and kept up to date. If you are looking for an all in one solution for complete malware protection please look into Trend Micro Internet Security. A single license allows you to install it on up to 5 computers for as long as the subscription is paid up.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.