90 percent of Windows 7 flaws fixed by removing admin rights

[Shayla]

After tabulating all the vulnerabilities published in Microsoft's 2009 Security Bulletins, it turns out 90 percent of the vulnerabilities can be mitigated by configuring users to operate without administrator rights, according to a report by BeyondTrust. As for the published Windows 7 vulnerabilities through March 2010, 57 percent are no longer applicable after removing administrator rights. By comparison, Windows 2000 is at 53 percent, Windows XP is at 62 percent, Windows Server 2003 is at 55 percent, Windows Vista is at 54 percent, and Windows Server 2008 is at 53 percent. The two biggest exploited Microsoft applications also fare well: 100 percent of Microsoft Office flaws and 94 percent of Internet Explorer flaws (and 100 percent of IE8 flaws) no longer work.

This is good news for IT departments because it means they can significantly reduce the risk of a security breach by configuring the operating system for standard users rather than an administrator. Despite unpredictable and evolving attacks, companies can very easily protect themselves or at least reduce the effects of a newly discovered threat, as long as they're OK with their users not installing software or using many applications that require elevated privileges.

In total, 64 percent of all Microsoft vulnerabilities reported last year are mitigated by removing administrator rights. That number increases to 81 percent if you only consider security issues marked Critical, the highest rating Redmond gives out, and goes even higher to 87 percent if you look at just Remote Code Execution flaws. Microsoft published 74 Security Bulletins in 2009, spanning around 160 vulnerabilities (133 of those were for Microsoft operating systems). The report, linked below, has a list of all of them, which software they affect, and which ones are mitigated by removing admin rights.

90% of Critical Microsoft Windows 7 Vulnerabilities are Mitigated by Eliminating Admin Rights (pdf)

Source : ArsTechnica

[Growled Member]

I never run with administrator rights except to make a system wide change. It seems common sense to me not to do that.

[Stup0t]

So how much money did they get paid to come up with that foolish report..... How about you don't turn on your machine then 100% of the security holes are fixed.... Can I have ?500 for that please.

[hdood]

There's a prize for whoever can guess what happens the day no one will run anything as admin.

[XerXis]

There's a prize for whoever can guess what happens the day no one will run anything as admin.

half of the windows programs wouldn't work anymore because they are designed by morons? Luckily vista and 7 take care of that by using a virtual store, but nonetheless ;)

[The Regal Wind]

There's a prize for whoever can guess what happens the day no one will run anything as admin.

Pigs fly, birds sing, grass grows, the sun shines, and people skip around singing hallelujah while their computers slowly eat themselves alive from the inside because some moron gets so fed up with not being able to install or run any sort of program that the swirling torrent of pain, anger, and misery that is his mind comes full circle and he just snaps.

I know, I'm dramatic like that.

[hdood]

half of the windows programs wouldn't work anymore because they are designed by morons? Luckily vista and 7 take care of that by using a virtual store, but nonetheless ;)

More like all the malware will simply cease to require admin rights. They can do virtually all they want without it anyway. Back to square one. The idea that the user/admin separation has any real meaning on your average home computer from a security perspective is a misconception.

[rajputwarrior]

well obviously, it's why in OSX and root user is disabled... what damage can you do when theirs no admin account?

[Elliott]

well obviously, it's why in OSX and root user is disabled... what damage can you do when their no admin account?

Take what matters most to a user: their data. You only really need read-only access to get some valuable stuff.

[XerXis]

well obviously, it's why in OSX and root user is disabled... what damage can you do when their no admin account?

delete all their files? get the contents of all their files?

And those are just two examples :)

[rajputwarrior]

delete all their files? get the contents of all their files?

And those are just two examples :)

but how do you get access to those files is you are say on a guest act or a user act that has no rights whatsoever? especially in a *unix based system.

[+Nik Louch Subscriber²]

I have just setup a laptop for my wife's mum. She lives about 200 miles away, so I wanted to get it all setup and ready to roll, without me driving down to fix it all the time...

I've installed everything I need - OS, Office, apps, etc. It's all configured.

But I know that at her end, she will need to install her printer, etc...

If I make her user a standard user (as opposed to a local administrator), will she be able to install drivers, and whatever apps she NEEDS?

Obviously as an admin, I get the UAC prompt and that's that. What will she get?

[Elliott]

but how do you get access to those files is you are say on a guest act or a user act that has no rights whatsoever? especially in a *unix based system.

Erm, a user always has access to their own files. Malware usually runs with similar (or the same) privileges as the user.

Guest accounts are a little different because they don't have any permanent files. A guest account's whole user directory gets eradicated on logout.

[XerXis]

but how do you get access to those files is you are say on a guest act or a user act that has no rights whatsoever? especially in a *unix based system.

because as a user you have access to your own files, hence all the malware running as that user also has access to the same files of course.

let's say you have a document on your pc that contains some private banking details, what would you fear most, malware attacking your system files and making your system unusable or malware sending those banking details to some hacker.

I have just setup a laptop for my wife's mum. She lives about 200 miles away, so I wanted to get it all setup and ready to roll, without me driving down to fix it all the time...

I've installed everything I need - OS, Office, apps, etc. It's all configured.

But I know that at her end, she will need to install her printer, etc...

If I make her user a standard user (as opposed to a local administrator), will she be able to install drivers, and whatever apps she NEEDS?

Obviously as an admin, I get the UAC prompt and that's that. What will she get?

a prompt that asks her for admin credentials

[Shaun N.]

I have just setup a laptop for my wife's mum. She lives about 200 miles away, so I wanted to get it all setup and ready to roll, without me driving down to fix it all the time...

I've installed everything I need - OS, Office, apps, etc. It's all configured.

But I know that at her end, she will need to install her printer, etc...

If I make her user a standard user (as opposed to a local administrator), will she be able to install drivers, and whatever apps she NEEDS?

Obviously as an admin, I get the UAC prompt and that's that. What will she get?

logmein.com. just preinstall her wireless network and you can do it all yourself :D

[Elliott]

a prompt that asks her for admin credentials

Nah-uh. Not as a standard user. UAC will prompt for admin credentials, which her user wouldn't have.

[XerXis]

Nah-uh. Not as a standard user. UAC will prompt for admin credentials, which her user wouldn't have.

erm yeah, so what did I say?

[+Nik Louch Subscriber²]

logmein.com. just preinstall her wireless network and you can do it all yourself

Already put TeamViewer on it :)

a prompt that asks her for admin credentials

So I can create a hidden admin user purely to provide a set of credentials to her, which she could then use to elevate and install?

[XerXis]

Already put TeamViewer on it :)

So I can create a hidden admin user purely to provide a set of credentials to her, which she could then use to elevate and install?

yes

[Elliott]

So I can create a hidden admin user purely to provide a set of credentials to her, which she could then use to elevate and install?

Yep, but UAC will prompt any time it needs elevation even if her user was an admin. Typing in credentials only requires a little more thought than clicking a button. Having an admin user that she's not logged in as vs. having an admin user that she is logged in as is really no different.

[hdood]

but how do you get access to those files is you are say on a guest act or a user act that has no rights whatsoever? especially in a *unix based system.

In what real world scenario do you have a user with no rights? You don't. There's no real difference between a Unix-like system and Windows there. Your user has access to all your files and data, can run programs, can make the programs automatically launch on startup, has access to the network, and so on. The only thing having admin/root rights gives you is the ability to infect other users on the system (which usually don't exist) and make it easier to hide deep in the system. These are bonuses rather than essentials, and there is a certain chance of obtaining them by tricking the user at some later point.

Obviously as an admin, I get the UAC prompt and that's that. What will she get?

She will get a different UAC prompt, one that asks for the username and password of someone with administrator rights. This is a dangerous prompt that you should avoid using.

[+Nik Louch Subscriber²]

Yep, but UAC will prompt any time it needs elevation anything. Having an admin user that she's not logged in as vs. having an admin user that she is logged in as is really no different.

Which is exactly how OSX does it? That works just dandy for me :)

[Shaun N.]

You could use Sudo for windows to elevate her privileges but you might not want this also

[XerXis]

Yep, but UAC will prompt any time it needs elevation even if her user was an admin. Typing in credentials is only requires a little more thought than clicking a button. Having an admin user that she's not logged in as vs. having an admin user that she is logged in as is really no different.

there is a psychological difference between typing a password or clicking a button.

[Elliott]

Which is exactly how OSX does it? That works just dandy for me :)

Works like that even if she is an admin. :p Which means you don't need to change anything unless you just want that extra step for typing in credentials.

there is a psychological difference between typing a password or clicking a button.

You could also make a case that malware could emulate the look of this window and get her admin credentials (albeit probably without the driver disabling/screen dimming). Either way, giving something administrative privileges really doesn't mean anything. Any range of malware can run and do harm without them.