Sometimes in life you know something is a risk, but you don’t know how BIG a risk it is until somebody actually checks it out. There was a German scientist in Russia who repeated Ben Franklin’s kite-in-the-thunder-storm experiment but didn’t live to write up his results.
Los Angeles security firm BeyondTrust has released an analysis of Microsoft’s 75 security bulletins last year. They came to the startling conclusion that if users had operated their computers without administrative rights they would have eliminated 64 percent of their risk from Microsoft vulnerabilities!
That’s a NO COST way to eliminate 64 percent of risk!
The key section in their report:
“By examining all of the published Microsoft vulnerabilities in 2009 and all of the published Windows 7 vulnerabilities to date, this report quantifies the continued effectiveness of removing administrator rights at mitigating vulnerabilities in Microsoft software.
“Key findings from this report show that removing administrator rights will better protect companies against the exploitation of:
- 90% of Critical Windows 7 vulnerabilities reported to date
- 100% of Microsoft Office vulnerabilities reported in 2009
- 94% of Internet Explorer and 100% of IE 8 vulnerabilities reported in 2009
- 64% of all Microsoft vulnerabilities reported in 2009”
BeyondTrust apparently has made risk management through eliminating unnecessary privilege a successful business model. Their site is here: http://www.beyondtrust.com/
Setting up a non-admin account for normal use has been good advice for years. Maybe this report will help emphasize it to a lot of users who wouldn’t have thought it important enough to bother with.