90% of Windows 7 vulnerabilities eliminated by removing admin users
Printer-friendly version
Send to friendThe IT world has been saying it for years, and now Microsoft itself is chiming in on the topic. Removing admin rights from users will eliminate 90% of the critical and remote execution flaws found in Windows 7, including most spyware threats.
According to the report published by BeyondTrust , most Windows 7 flaws are found when normal users are operating as an admin or privileged user. By removing those extra permissions, and leaving just the administration account active, Windows 7 becomes an operating system nearly on par, security wise, with Mac OS X and Linux.
For IT teams around the world, this is a sour pill, but one they will happily swallow.
It means that users in the work place will have to accept that there will be things they can’t do on their work computers that they can do at home, like installing instant messaging clients or their favorite browsers.
For IT personnel, it means a serious decline in the number of viruses and spyware they have to clean up because someone decided they needed to install Yahoo Instant Messenger on their work desktop.
It’s been said for years, mostly by IT personnel, that allowing people to run as an admin user in the workplace is just a bad idea that leads to security risks for the company. Thanks to Microsoft coming to the table with this new information, it will be hard for business owners and managers to continue to argue the point.
It’s always been easier for the folks at the top to open Pandora’s box and tell IT teams to leave people as an admin user than to listen to the select few whine and complain about their lack of full privileges. And often the IT brain trust gets over ruled on that very topic.
But showing an employer that removing those permissions makes it 90% more likely they don’t lose critical data is an overwhelming sample of data.
Maybe the world is getting a little more secure. When you can’t infect 3 million computers with a single virus anymore, what’s the fun in spending months writing one? It’s just not the same when you only manage to screw up half a dozen machines instead.
That’s of course assuming the people listen.
- Don Judd's blog
- Login or register to post comments
where the employees had admin rights. We weren’t allowed to install anything, much less access many websites.