Go figure: 90 percent of Windows 7 flaws fixed by removing admin rights
Mikey 9 comments
Though it won't come as a surprise to those who have some knowledge of basic computer security, a study by Beyond Trust has confirmed (PDF) that simply removing admin privileges from users on Windows based PC's will fix around 90% of known flaws.
Your office IT guy already knows this and although some people find it annoying, he is justified in locking down your computer tighter than a Nun's corset.
"In total, 64 percent of all Microsoft vulnerabilities reported last year are mitigated by removing administrator rights. That number increases to 81 percent if you only consider security issues marked Critical, the highest rating Redmond gives out, and goes even higher to 87 percent if you look at just Remote Code Execution flaws. Microsoft published 74 Security Bulletins in 2009, spanning around 160 vulnerabilities (133 of those were for Microsoft operating systems)."
People in the know also know that an overwhelming majority of infections are caused by inexperienced users who simply click 'yes' and 'ok' to every prompt, which is one reason why MS introduced the UAC system and why your IT guy won't let you install that horrid browser toolbar.
Further reading at Ars Technica.
Gina
Friday 2nd April 2010 | 09:59 PM...in response to this comment by Rodney. Hey Rodney,
Sorry - I don't follow what you're saying, can you expand what you mean?
Gina
Friday 2nd April 2010 | 10:14 PMMikey,
It sounds like there are a lot of problems that would creep in anyway due to users not knowing when to click yes and ok to something, even with admin priv's removed.
Trent Greguhn
Saturday 3rd April 2010 | 03:51 AMAll you have to do is take the user out of user error.
TVBIZ(BOB)
Saturday 3rd April 2010 | 06:25 PMThe GUI was created to make it easier for people who could not comprehend command lines to navigate and execute specific instructions. I cannot see how it could be made more simpler than what MS has now. Users simply have to get around to reading the instructions shown and if they do not understand - ask someone who does or read the help files.
As for the security issues I am finding that MS has to devote more time to fixing these things then to developing and redefining the GUI. Let's be honest here - 3/4 of the problems found would not affect the general user in a drastic way.
MS was bashed over the head for not taking care of these issues earlier in years gone by and now gets bashed over the head for taking too much care.
Security issues along with viruses are really becoming a boring pain in the neck. Not because they are there but because of the programs you have to have running to help clean them up.
It would be great if the clever dicks who create these problems would just wake up and be really clever - or is it us who needs to wake up to the fact that all the companies are in it together to just make money.
I remember back in the early days when I was happily running a PC with command strings, no such things as viruses or hacks. Then the first virus scanner came out. All hell broke loose and every company and its dogs got on the bandwagon. The funny thing is they were teaching computer science students how to create these little nasties. Bling - hay there's a possible market here and the future is history.
MS hire Russian programmers to find security faults in their software - most of these people are the ones who write the viruses and brake into systems in the first place.
It's a funny world isn't it!
...in response to this comment by Trent Greguhn. PEBKAC
Rodney
Saturday 3rd April 2010 | 09:06 PM...in response to this comment by Gina. Hi Gina,
Active Directory is the Microsoft corporate system for administering lots of computers at once. It allows you to define all kinds of policies for what people and groups of people can and cannot do. When you run a large corporate network, it's simply brilliant. It provides all the security and authentication layers, as well as many other features, of a network.
For example, it will allow you to say all users in a troublesome area can no longer install programs, or even change their own desktop background, etc, etc, while more trustworthy users are less restricted.
Gina
Saturday 3rd April 2010 | 11:09 PM...in response to this comment by TVBIZ(BOB). Bob wrote:
"It would be great if the clever dicks who create these problems would just wake up and be really clever - or is it us who needs to wake up to the fact that all the companies are in it together to just make money.
I remember back in the early days when I was happily running a PC with command strings, no such things as viruses or hacks. Then the first virus scanner came out. All hell broke loose and every company and its dogs got on the bandwagon. The funny thing is they were teaching computer science students how to create these little nasties. Bling - hay there's a possible market here and the future is history.
MS hire Russian programmers to find security faults in their software - most of these people are the ones who write the viruses and brake into systems in the first place. "
(Comment: as if that isn't just ASKING for trouble. Bob, I am so happy you posted your comment. I didn't have any proof of what you are saying here, and because of that I thought I was probably being a little paranoid for even thinking this was going on. So, thank you for posting your reply. I'm going to log in now to give you kudos! - Gina)
Gina
Saturday 3rd April 2010 | 11:11 PM...in response to this comment by Rodney. I see. Thanks.
Rodney
Friday 2nd April 2010 | 01:06 PMThis is why I love Active Directory. Nothing like blocking hundreds of users from doing anything other than what they're supposed to be doing - without having to leave your seat! :-)