"Administrator": Use it or don't use it? Never? When?
Help Net Security:
(...) removing administrator rights will better protect companies [and individuals] against the exploitation of:
- 75% of Critical Windows 7 vulnerabilities reported by Microsoft to date;
- 100% of Microsoft Office vulnerabilities reported in 2010;
- 100% of Internet Explorer and 100% of IE 8 vulnerabilities reported in 2010; and
- 64% of all Microsoft vulnerabilities reported in 2010.
These numbers were the result of a study by BeyondTrust, a study that analyzed Microsoft reported vulnerabilities throughout 2010. This document is available online (though registration is required in order to transfer it).
A few comments:
- An important part of the malware that tries to exploit program and operating system vulnerabilities, a significant part, uses the privileges that users have been assigned to execute its
art, whatever that may be, and, most importantly, to try to perpetuate and propagate itself;
- When the privileges of vulnerability compromised users are high, e.g. when these privileges are of a local or global administrator, the impact of the exploitation will be the highest possible;
- The computer and domain administration accounts shouldn't be used for day-to-day operations; these should only be used, as a precaution, to execute equipment management tasks. As an example, to install programs and modify system configurations; and
- As a general rule, normal unprivileged accounts should be created and used. These account can be used regularly. The others, the privileged ones, should only be used whenever they are strictly required.
The statistics presented by this report easily support these ideas.
How about you? Are you using a privileged account now? Are you an administrator of the machine? Change it: create a different account...
(FYI: This note marks the beginning of simultaneous publication in Portuguese and English. Since 2006 I've been writing exclusively in Portuguese but I've decided recently that I should also write in English. Lets see how it goes... I start today with this note)