Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Removing admin rights stymies 92% of Microsoft's bugs

04 Feb 2009   #1

Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)
Removing admin rights stymies 92% of Microsoft's bugs

Nine of out 10 critical bugs reported by Microsoft last year could have been made moot, or at least made less dangerous, if people ran Windows without administrative rights, a developer of enterprise rights management software claimed today.

BeyondTrust Corp., which touts its Privilege Manager as a way for companies to lock down PCs, tallied the individual vulnerabilities that Microsoft disclosed in 2008, then examined each accompanying security bulletin. If the bulletin's "Mitigating Factors" section, the part that spells out how to lessen the risk of attack or eliminate it entirely, said that users with fewer rights "could be less impacted than users who operate with administrative rights," BeyondTrust counted the bug.

more at Removing admin rights stymies 92% of Microsoft's bugs

My System SpecsSystem Spec

04 Feb 2009   #2

7600 x86

hmm, it's only natural that sacrificing control and usability will reduce the chances of problems occurring.

while you're at it, why not unplug your mouse, keyboard, and internet connection? that will increase the security of your system tremendously!
My System SpecsSystem Spec
04 Feb 2009   #3

XP/Vista/Windows 7 builld 7000

well, my first reaction having read the reference is, yeah.......and.............????? to be honest, i have to worry about locking down clients systems, but i am equally as worried about the implications of having to deal with consequence (sometimes considerable and to a large part undocumented) of installing third party softwares that promise the land of wine and roses.

the vendor is going to have to show me a whole lot more.
My System SpecsSystem Spec

04 Feb 2009   #4

XP/win7 x86 build 7127

while i agree with both comments on this stated above... imo, there is a small point to this. Microsoft just doesnt make it user/family friendly as for setting up custom security for users. Also, for the dummy book type ppl, linksys as an example finally figured out to release a setup cd along with the router. so then security would be setup by the user at install (although it still comes down to the user actually putting in the cd and using it to atleast setup "some" security). But how long did it take linksys to do this? awhile i can tell you, as the old besfr41 and other router/switches came with just the box and the cords with a 4 page back/front brochure type manual that mom and pop couldnt understand and just prayed plugged and go. If anyone has called linksys tech support, you can all have a laugh with me right now .

With XP, setting up custom controls/permissions for a limited user account was hell for your average home user. Everyone in the family or business was either setup with admin priv or was a frustrated-complaining-limited-user account that wasnt setup to even download adobe reader or a flash plug-in for that matter. If the mom/dad/admin(yikes) didnt know how or where to setup what was allowed and what wasnt. It had to be all preconfigured, remembered, and then verified working for the WHOLE computer, every user, by the admin. It even comes down the the basic thing of knowing how to put "my computer" or "IE" icon on the desktop without making a shortcut and placing it themselves on the desktop(example from my family and friends actually, lol).

(this is based on minimal use/experience with vista bare in mind) Win7 has came along way as far as custom account setup "findability" and funtionality.... but it has a long way to go. A simpler walkthrough for dummies would be a grand idea. Ppl like my father will not go back to college to learn some "machine", programming the VCR he has finally mastered over the years, lol. Now he ?HAS? to "learn" a new OS? lol. Change is good for some ppl, not my father.

To sum up,there really should be no reason to have exclusive admin privs to every single file/component on computer while using it. I like the prompt from use of admin pass. Just another obstacle for a malicious attack to get thru. The ones we know about are old already, new ones being thought up every day.

oh yea, if you read this, lol, thanks... exhale
My System SpecsSystem Spec
04 Feb 2009   #5

Windows 7 Build 7048 x64

That was honestly a very amusing analysis, though valid. I couldn't help but laugh.

Having users use a standard account with no administrative rights does not only limit potential attacks to the system but from users as well It maybe suited to corporate environments deploying hundreds of computers to users and less headache to network administrators but we all know that having reduced privileges limits a lot of the functions that some users might need.

As a tech guy, I'd rather not use the computer with me not being able to do what I want/need.

Yes, you want it more secure, sacrifice functionality

You cant really expect an OS to behave like a mobile phone that's almost fool proof though that would be a dream, ain't it?
My System SpecsSystem Spec
04 Feb 2009   #6
Microsoft MVP

Vista and now 7 in 32 and 64 bit.

I wonder if those "experts" get paid for coming up with that solution?
Good thing so many Beta testers are using user/Admin or puer Admin mode, otherwise Microsoft would be short of bug reports.
My System SpecsSystem Spec
04 Feb 2009   #7

Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)

actually you guys while there is some truth to this i believe there is a good comprise already there....
drop my rights i example that has been there for some time...
zdnet has covered it extensively here..

Every Windows XP user should drop their rights | Defensive Computing - CNET News
DropMyRights part 2: Installing and configuring | Defensive Computing - CNET News
DropMyRights part 3: Living with it | Defensive Computing - CNET News

while it says xp i have used it in windows sever and it just works...
the only drawback is that SSL is not possible....
My System SpecsSystem Spec

 Removing admin rights stymies 92% of Microsoft's bugs

Thread Tools

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 19:08.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App