{"id":1101,"date":"2015-04-02T19:49:55","date_gmt":"2015-04-02T19:49:55","guid":{"rendered":"http:\/\/blogs.secure-bits.com\/?p=1101"},"modified":"2015-04-07T11:32:28","modified_gmt":"2015-04-07T11:32:28","slug":"why-you-should-read-reports","status":"publish","type":"post","link":"https:\/\/blogs.secure-bits.com\/?p=1101","title":{"rendered":"Why you should read reports&#8230;"},"content":{"rendered":"<p>Microsoft vulnerability report for 2014 is available from <a title=\"Microsoft critical security vulnerabilities 2014\" href=\"http:\/\/learn.avecto.com\/ms-vulnerabilities-report-14#download-defendpoint-form\" target=\"_blank\">Aveco<\/a>. The report evaluation centered on critical vulnerabilities, 240 of them in 2014.\u00a0Subjectively selected statistics from the referenced report:<\/p>\n<ul>\n<li><span style=\"color: #000000;\">\u00a0Of the 240 vulnerabilities in 2014 with a Critical rating, <span style=\"color: #b50909;\"><strong>97%<\/strong> <span style=\"color: #000000;\">were concluded to be<\/span> <strong>mitigated by removing administrator rights<\/strong><\/span><\/span><\/li>\n<\/ul>\n<ul>\n<li><span style=\"color: #000000;\"><span style=\"color: #b50909;\"><strong>98%<\/strong><\/span> of Critical vulnerabilities affecting Windows OS could be <strong><span style=\"color: #b50909;\">mitigated<\/span> <span style=\"color: #b50909;\">by removing admin rights<\/span><\/strong><\/span><\/li>\n<\/ul>\n<ul>\n<li><span style=\"color: #000000;\"><span style=\"color: #b50909;\"><strong>99.5%<\/strong><\/span> of all vulnerabilities in Internet Explorer could be <strong><span style=\"color: #b50909;\">mitigated<\/span> <span style=\"color: #b50909;\">by removing admin rights<\/span><\/strong><\/span><\/li>\n<\/ul>\n<ul>\n<li><span style=\"color: #b50909;\">80% of<\/span> <span style=\"color: #b50909; text-decoration: underline;\"><strong>all<\/strong><\/span> Microsoft Vulnerabilities reported by us in 2014 could be <strong><span style=\"color: #b50909;\">mitigated by removing admin rights<\/span> <\/strong>vs 60% in 2013<\/li>\n<\/ul>\n<p>That&#8217;s right, just by removing admin rights for your user account, you&#8217;d be immune to 232.8 while remaining vulnerable to 7.2 critical vulnerabilities in 2014. The statistics for 2014 vs. 2013 is impressive, Microsoft Security is moving in to the right direction. 20% increase for security just for removing admin rights is a great improvement.<\/p>\n<p>This blog had been emphasizing the importance of removing the admin rights for your daily user account\u00a0in this <a title=\"Why you should be concerned about malware\" href=\"http:\/\/blogs.secure-bits.com\/?p=833\" target=\"_blank\">pervious blog<\/a>. The short version is that any programs, scripts, etc., that gets on your system will be executed under local administrator access rights. Weather you know this or not, it does not matter for the malware, it\u00a0just wants to take a hold of your system on the easy way.<\/p>\n<p>Microsoft does not make it easy for the end users not to have admin rights for your user account. Quiet the opposite, the Windows installation\u00a0routine assigns local administrator access to the first account created during the setup.\u00a0Instead of asking the end user\u00a0for creating two accounts, one\u00a0user account for daily use and the other for local administrator access if and when necessary.<\/p>\n<p>Microsoft is missing an opportunity to provide end user training during the Windows installation routine. Instead of all of the &#8220;mumbo-jumbo&#8221; about the necessity of using your Microsoft account for creating your user ID, Microsoft should provide briefing about the importance of the two different accounts and their overall impact for the system security.<\/p>\n<p>If you feel compelled to change your user account type, <a title=\"Change Windows account type\" href=\"http:\/\/blogs.secure-bits.com\/?p=936\">this blog<\/a>\u00a0provides instruction for\u00a0removing the admin right for your daily user account. After reading the referenced report, there&#8217;s really no reason for not changing the account type&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft vulnerability report for 2014 is available from Aveco. The report evaluation centered on critical vulnerabilities, 240 of them in 2014.\u00a0Subjectively selected statistics from the referenced report: \u00a0Of the 240 vulnerabilities in 2014 with a Critical rating, 97% were concluded &hellip; <a href=\"https:\/\/blogs.secure-bits.com\/?p=1101\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[25,34,24,32],"tags":[],"_links":{"self":[{"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=\/wp\/v2\/posts\/1101"}],"collection":[{"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1101"}],"version-history":[{"count":7,"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=\/wp\/v2\/posts\/1101\/revisions"}],"predecessor-version":[{"id":1108,"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=\/wp\/v2\/posts\/1101\/revisions\/1108"}],"wp:attachment":[{"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1101"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1101"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1101"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}