Microsoft vulnerability report for 2014 is available from Aveco. The report evaluation centered on critical vulnerabilities, 240 of them in 2014. Subjectively selected statistics from the referenced report:
- Of the 240 vulnerabilities in 2014 with a Critical rating, 97% were concluded to be mitigated by removing administrator rights
- 98% of Critical vulnerabilities affecting Windows OS could be mitigated by removing admin rights
- 99.5% of all vulnerabilities in Internet Explorer could be mitigated by removing admin rights
- 80% of all Microsoft Vulnerabilities reported by us in 2014 could be mitigated by removing admin rights vs 60% in 2013
That’s right, just by removing admin rights for your user account, you’d be immune to 232.8 while remaining vulnerable to 7.2 critical vulnerabilities in 2014. The statistics for 2014 vs. 2013 is impressive, Microsoft Security is moving in to the right direction. 20% increase for security just for removing admin rights is a great improvement.
This blog had been emphasizing the importance of removing the admin rights for your daily user account in this pervious blog. The short version is that any programs, scripts, etc., that gets on your system will be executed under local administrator access rights. Weather you know this or not, it does not matter for the malware, it just wants to take a hold of your system on the easy way.
Microsoft does not make it easy for the end users not to have admin rights for your user account. Quiet the opposite, the Windows installation routine assigns local administrator access to the first account created during the setup. Instead of asking the end user for creating two accounts, one user account for daily use and the other for local administrator access if and when necessary.
Microsoft is missing an opportunity to provide end user training during the Windows installation routine. Instead of all of the “mumbo-jumbo” about the necessity of using your Microsoft account for creating your user ID, Microsoft should provide briefing about the importance of the two different accounts and their overall impact for the system security.
If you feel compelled to change your user account type, this blog provides instruction for removing the admin right for your daily user account. After reading the referenced report, there’s really no reason for not changing the account type…