Chalk one up for the “It’s so obvious when you think about it,” files. Removing administrator rights from Windows user accounts can block–or at least, slow down–most critical malware infections, according to a new report from Avecto.
Of the 147 vulnerabilities published by Microsoft in 2013 with a “critical” rating, meaning that attackers would be able to execute code without making the user do anything, Avecto founded that 92 percent of them could have been mitigated simply by removing administrator rights. Nearly 96 percent of critical vulnerabilities affecting Windows operating systems, 91 percent of Microsoft Office bugs, and 100 percent of Internet Explorer flaws could have been stopped this way.
Security professionals have long suspected that restricting user accounts so that only actual administrators have administrator privileges would go a long way towards improving security, and this report provides the number to back up that gut instinct.
Avecto analyzed 333 vulnerabilities reported in Microsoft’s Security Bulletins in 2013, and identified that 60 percent could have been mitigated by removing administrator rights. Essentially, if the sentence “Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights” appeared in the bulletin for that vulnerability, Avecto flagged it for the report.
Considering that most malware take on the privileges of the current user, if the user cannot add, alter, or remove software, or change system-wide settings, then that restricts what the malware can do on a vulnerable machine. Pretty much anything that gets downloaded through the Web browser, or opened as an email attachment will be limited in the kind of damage it can cause if the user has only standard access and not administrator access. Next time IT wants to just give users administrative privileges so that they can install their own software, these statistics would be a compelling argument against it.
“If malware infects a user with admin rights, it can cause incredible damage locally, as well as on a wider network,” Avecto said.
Fahmida Y. Rashid is an accomplished security journalist and technologist. She is a regular contributor for several publications including iPCMag.com where she is a networking and security analyst. She also was a senior writer at eWeek where she covered security, core Internet infrastructure and open source. As well, she was a senior technical editor at CRN Test Center reviewing open source, storage, and networking products.