Removing admin rights stymies 92% of Microsoft's bugs

    Removing admin rights stymies 92% of Microsoft's bugs


    Posted: 04 Feb 2009
    Nine of out 10 critical bugs reported by Microsoft last year could have been made moot, or at least made less dangerous, if people ran Windows without administrative rights, a developer of enterprise rights management software claimed today.

    BeyondTrust Corp., which touts its Privilege Manager as a way for companies to lock down PCs, tallied the individual vulnerabilities that Microsoft disclosed in 2008, then examined each accompanying security bulletin. If the bulletin's "Mitigating Factors" section, the part that spells out how to lessen the risk of attack or eliminate it entirely, said that users with fewer rights "could be less impacted than users who operate with administrative rights," BeyondTrust counted the bug.


    more at Removing admin rights stymies 92% of Microsoft's bugs
    darkassain's Avatar Posted By: darkassain
    04 Feb 2009



  1. Posts : 575
    7600 x86
       #1

    hmm, it's only natural that sacrificing control and usability will reduce the chances of problems occurring.

    while you're at it, why not unplug your mouse, keyboard, and internet connection? that will increase the security of your system tremendously!
      My Computer


  2. Posts : 102
    XP/Vista/Windows 7 builld 7000
       #2

    well, my first reaction having read the reference is, yeah.......and.............????? to be honest, i have to worry about locking down clients systems, but i am equally as worried about the implications of having to deal with consequence (sometimes considerable and to a large part undocumented) of installing third party softwares that promise the land of wine and roses.

    the vendor is going to have to show me a whole lot more.
    Last edited by ittech; 04 Feb 2009 at 11:56. Reason: oh i wish i could spell
      My Computer


  3. Posts : 995
    XP/win7 x86 build 7127
       #3

    while i agree with both comments on this stated above... imo, there is a small point to this. Microsoft just doesnt make it user/family friendly as for setting up custom security for users. Also, for the dummy book type ppl, linksys as an example finally figured out to release a setup cd along with the router. so then security would be setup by the user at install (although it still comes down to the user actually putting in the cd and using it to atleast setup "some" security). But how long did it take linksys to do this? awhile i can tell you, as the old besfr41 and other router/switches came with just the box and the cords with a 4 page back/front brochure type manual that mom and pop couldnt understand and just prayed plugged and go. If anyone has called linksys tech support, you can all have a laugh with me right now .

    With XP, setting up custom controls/permissions for a limited user account was hell for your average home user. Everyone in the family or business was either setup with admin priv or was a frustrated-complaining-limited-user account that wasnt setup to even download adobe reader or a flash plug-in for that matter. If the mom/dad/admin(yikes) didnt know how or where to setup what was allowed and what wasnt. It had to be all preconfigured, remembered, and then verified working for the WHOLE computer, every user, by the admin. It even comes down the the basic thing of knowing how to put "my computer" or "IE" icon on the desktop without making a shortcut and placing it themselves on the desktop(example from my family and friends actually, lol).

    (this is based on minimal use/experience with vista bare in mind) Win7 has came along way as far as custom account setup "findability" and funtionality.... but it has a long way to go. A simpler walkthrough for dummies would be a grand idea. Ppl like my father will not go back to college to learn some "machine", programming the VCR he has finally mastered over the years, lol. Now he ?HAS? to "learn" a new OS? lol. Change is good for some ppl, not my father.

    To sum up,there really should be no reason to have exclusive admin privs to every single file/component on computer while using it. I like the prompt from use of admin pass. Just another obstacle for a malicious attack to get thru. The ones we know about are old already, new ones being thought up every day.

    oh yea, if you read this, lol, thanks... exhale
      My Computer


  4. Posts : 436
    Windows 7 Build 7048 x64
       #4

    That was honestly a very amusing analysis, though valid. I couldn't help but laugh.

    Having users use a standard account with no administrative rights does not only limit potential attacks to the system but from users as well It maybe suited to corporate environments deploying hundreds of computers to users and less headache to network administrators but we all know that having reduced privileges limits a lot of the functions that some users might need.

    As a tech guy, I'd rather not use the computer with me not being able to do what I want/need.

    Yes, you want it more secure, sacrifice functionality

    You cant really expect an OS to behave like a mobile phone that's almost fool proof though that would be a dream, ain't it?
      My Computer


  5. Posts : 748
    Vista and now 7 in 32 and 64 bit.
       #5

    I wonder if those "experts" get paid for coming up with that solution?
    Good thing so many Beta testers are using user/Admin or puer Admin mode, otherwise Microsoft would be short of bug reports.
      My Computer


  6. Posts : 2,899
    Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)
    Thread Starter
       #6

    actually you guys while there is some truth to this i believe there is a good comprise already there....
    drop my rights i example that has been there for some time...
    zdnet has covered it extensively here..

    Every Windows XP user should drop their rights | Defensive Computing - CNET News
    DropMyRights part 2: Installing and configuring | Defensive Computing - CNET News
    DropMyRights part 3: Living with it | Defensive Computing - CNET News

    while it says xp i have used it in windows sever and it just works...
    the only drawback is that SSL is not possible....
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 17:00.
Find Us