It’s an unfortunate fact that since Microsoft really introduced the concept of User Accounts in Windows 95, the default user level has been that of ‘Administrator’.
While this is nice and convenient for the user, (and as the saying goes “Convenience is the enemy of security”) it also throws up a bunch of potential security problems.
- In a multi-user environment anyone with ‘Admin rights’ can see everything that any other use does, and has access to everyone elses documents, with the obvious resulting problems with privacy and confidentiality.
- Those with Admin rights can change fundamental settings on the computer such as Date and time, and can have full access to the computers registry, they are also able to disable and re-enable security software.
- Having Admin rights also means that a user is allowed to add and remove hardware devices such as printers, webcams, and other devices such as memory sticks that can be a potential security hazard (see our article here for instructions on how to disable USB memory devices)
- But eclipsing all these potential pitfalls is that running as an Administrator will leave you vulnerable to far more Malware infections than if you were running as a standard user
This is because by running as a Standard user, the ability to install programs and alter the PC’s registry is highly restricted, two things that any malware needs to do to ensure that it is both installed correctly, and hidden from the user so that it can get on with its dastardly work.
In an Avecto report published in February 2014 analysing the 147 security patches released by Microsoft in 2013, the following statistics are mentioned.
- 92% were blocked by removing administrator rights.
- 96% of critical vulnerabilities affecting the Windows operating system, were mitigated by removing admin rights.
- 100% of the vulnerabilities affecting IE were mitigated by removing admin rights.
- 91% of vulnerabilities affecting Microsoft Office would be blocked by removing admin rights
- 100%, all of the critical remote code execution vulnerabilities, were mitigated by removing admin rights
- 80% of critical information disclosure vulnerabilities mitigated by removing admin rights.
If that’s not compelling advice to make sure you only run your system as a limited user we don’t know what is!