Best way to protect yourself from Windows exploits is you

Posted: February 27, 2014 in Security
Tags: , , , , , , ,

Chuck Talking Tech / by Chuck Bienenfeld

February 27, 2014

Listening to the February 25th, 2014 Security Now podcast yielded some very interesting statistics about the level of your vulnerability when it comes to exploits against both the Windows operating system and Window’s Office and Internet Explorer based on your user profile.  We all know that when we setup a new computer we “should” create a standard user accounts for all system users and not use the administrator account for day to day activities.  Steve Gibson sites some amazing statistics from Avecto’s February 18, 2014 report to support this belief.

According to the analysis done by Avecto of last year’s Window’s “Patch Tuesday” vulnerabilities and reported February 18, 2014 in the “Removing admin rights mitigates 92% of critical Microsoft vulnerabilities” choosing the standard over administrator role can reduce the chances of a user’s system from being compromised by malware attacks.

Of the 147 vulnerabilities published by Microsoft in 2013 with a Critical rating:

  • 92% were concluded to be mitigated by removing administrator rights.
  • 96% of Critical vulnerabilities affecting Windows operating systems could be mitigated by removing admin rights.
  • 100% of all vulnerabilities affecting Internet Explorer could be mitigated by removing admin rights.
  • 91% of vulnerabilities affecting Microsoft Office could be mitigated by removing admin rights.
  • 100% of Critical Remote Code Execution vulnerabilities and 80% of Critical Information Disclosure vulnerabilities could be mitigated by removing admin rights.

The root of the problem is two-fold.  First, when we get a new computer and start the set up, the initial account is an administrator account.  If we are the only user on the system we don’t think again about the user role and keep using the administrator account.  Second, we may setup other users with the administrator role for ease of use.  It is less trouble later on to update, install software or perform maintenance if the user role is an administrator.

We should however take the extra time and follow the recommended best practices, and this is supported by this evidence, and after initially setting up the computer with using the administrator account, including User Account Control (UAC), then create yourself and all other users standard user role accounts.  Using the standard user role accounts still allows you to install software and make changes, but only after entering the administrator’s password.  This prevents malware from installing under your account role behind the scenes.

A good, but old article covering the how’s and why’s of setting up a standard account on a Window’s 7 system can be found on the Microsoft tech net site.  As far as setting up a standard user account on a Windows 8 system there is a good video on the Microsoft Windows website.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s