14 DAY TRIAL // A security report published this week by British firm Avecto reveals that no less than 97 percent of the 240 vulnerabilities found (and fixed) by Microsoft in 2014 could be exploited with administrator rights, so the first suggestion that comes to everyone's mind is to switch to a standard user account to be fully protected.
While this isn't quite the best choice for many tech-savvy users out there, Avecto says that its statistics show that, in the case of Windows critical vulnerabilities, no less than 98 percent of them could be exploited with admin rights.
In other words, only 2 percent of them rely on a different exploit method, so the possibility of getting your computer hacked drops significantly in the case of a standard user account.
The percentage is even bigger as far as Internet Explorer is concerned, with 99.5 percent of the flaws said to require administrator privileges, whereas, for Microsoft Office, only 95 percent of them required special rights.
More than 250 remote code execution flaws
Statistics show that, in Microsoft's case, remote code execution flaws are the biggest concern for users, as they would allow cybercriminals to drop malicious files on users' computers and thus attempt to get full control. In this case, administrator rights would be needed, and Avecto says that more than 90 percent of them can be blocked by simply switching to a standard user account.
“These statistics serve as another reminder as to the importance of removing user admin rights in an enterprise setting. Analysts and respected industry bodies including SANS, The Council on Cyber Security and the Australian Department of Defense all list the controlled use of administrative privileges as a fundamental part of their security best practice guidelines,” Avecto said.
Locking down Windows and turning to a standard account would indeed be a good way to prevent successful exploits of security vulnerabilities, but Microsoft's OS still lacks a more advanced system that would allow users to provide an admin password for certain tasks.
For instance, on Linux, users are prompted to provide the root password whenever they attempt to install software or updates, whereas on Windows, standard users have to log out completely and switch to an account with administrator rights to perform the same tasks.
There are ways to do this without logging out, but they require additional tweaking, which beginners might find too hard to embrace, so Microsoft should have a look at this functionality too for Windows 10.
