Most Windows security flaws mitigated by 'removing admin rights'

RV_ · February 5, 2016

A new report out after a year of study finds that almost nine-out-of-ten vulnerabilities targeting Windows last year could have been prevented by removing accounts with administrative rights!

Excerpt:

"Most security vulnerabilities affecting Windows last year could've been mitigated in most cases by removing access to administrator rights, according to a report.

The report, released on Thursday by security firm Avecto (http://learn.avecto.com/2015-microsoft-vulnerabilities-report ) said a total of 85 percent of critical flaws affecting the operating system could've been stopped at the gate, and prevented from spreading deep into system files.

The report said that removing admin rights could've mitigated more than 99 percent of flaws affecting Internet Explorer, which had a critical-rated flaw almost every month; and mitigated 82 percent of all vulnerabilities affecting Office.

The company analyzed the entire batch of vulnerabilities in Microsoft's monthly security patch update, dubbed Patch Tuesday, to see which flaws would be less impacted whose logged-in accounts "are configured to have fewer user rights on the system."

Out of the entire batch of vulnerabilities reported, 63 percent would be mitigated or unexploitable if admin rights were removed."

The whole article with related links is here: http://www.zdnet.com/article/most-windows-flaws-mitigated-by-removing-admin-rights-says-report/?tag=nl.e539&s_cid=e539&ttag=e539&ftag=TRE17cfd61

Simple solution? Make another user account without admin privileges and use it whenever online. Most folks can figure out a good way to switch back and forth. If you aren't sure just Google creating a User account for your Version of Windows.

wildmandmc · February 6, 2016

either that or protect the user acct/admin acct better. Maybe provide code that would alert user if admin acct is in process of being altered.

Dutch_12078 · February 6, 2016

Hmmmm, seems to me the Unix/Linux folks have been advocating, and in some cases forcing, limited admin use for years... :rolleyes:

TheDuke · February 6, 2016

Windows has had the same methods as Linux to restrict hackers from their computers for many years. But MS cannot force users to use them. And they cannot force users to do updates (except maybe now).

Probably Linux OS creators can force things as their user base is a lot more sophisticated than the majority of Windows users and are willing to accept that.

Is there a Linux user with a Windows user base that has turned on those controls?, and what has been the Result?

I wouldn't be surprised if they turned them off as soon as you left.

Dutch_12078 · February 6, 2016

Windows has had the same methods as Linux to restrict hackers from their computers for many years. But MS cannot force users to use them. And they cannot force users to do updates (except maybe now).

Probably Linux OS creators can force things as their user base is a lot more sophisticated than the majority of Windows users and are willing to accept that.

Is there a Linux user with a Windows user base that has turned on those controls?, and what has been the Result?

I wouldn't be surprised if they turned them off as soon as you left.

Some Linux kernel based OS creators have made setting up an admin account for root access difficult for the average user, albeit not usually impossible. More commonly, it's the users themselves that realize they seldom need full admin access to effectively use the OS to get the job done. Ubuntu is one example of that, as is Android.

In my working days, I maintained about 200 Windows desktops in three countries where the users had no admin privileges and no means of getting them short of hacking the system, a firing offense.

TheDuke · February 7, 2016

I should have differentiated between a work environment and single home users. But then again you make my point about forcing users to use the built in tools regarding security.