One tweak can make your Windows PC virtually invulnerableFebruary 20, 2014 – 5:12 PM
Microsoft published 147 vulnerabilities in 2013 that were rated as Critical. Critical, however, is a relative term, and there is one simple thing anyone can do that would guard against almost every single Critical vulnerability according to a new report from Avecto.
In its 2013 Microsoft Vulnerabilities Study, Avecto found that you could mitigate almost every single Critical vulnerability simply by removing administrator rights. The exact number was 92 percent, but that brings the number of serious threats from 147 down to around 12.
Avecto also determined this would circumvent 91 percent of the Critical flaws in Office, and 100 percent–as in every single Critical vulnerability–of those that impact Internet Explorer.
Taken in the larger context of all vulnerabilities published by Microsoft, as opposed to just the Critical ones, the efficacy of taking away administrator privileges drops to 60 percent. However, the ability to make more than half of the vulnerabilities essentially go away by just changing from administrator to standard user privileges is nothing to scoff at.
There is another piece of this puzzle that the Avecto report doesn’t really address: Windows XP. Starting with Windows Vista, Microsoft introduced the concept of User Account Control (UAC), which enforces the concept of running with least privilege and requests authorization before elevating privileges for tasks that require Administrator rights.
The other aspect of Windows XP that skews the data is that Windows XP is simply more vulnerable. Generally, a flaw that exists for various versions of Windows is only Important or even Moderate on Windows 7 or Windows 8, but is Critical when exploited on Windows XP because it lacks many of the advanced security controls in the more modern versions of the operating system.