Removing 'admin' mitigates most Windows flaws

Businesses should consider making employees log in as standard users, BeyondTrust has advised.

The vast majority of all critical Microsoft vulnerabilities, some 92 per cent, could have been mitigated by removing the administrator rights of Windows users, a new report has revealed.

The researchers BeyondTrust said that the results demonstrated that if companies configured users as 'standard', they could better protect themselves against malware and zero-day threats.

According to the findings, removing administrator rights could have protected against 2008 vulnerabilities reported in Microsoft Office (94 per cent), Internet Explorer (89 per cent), and Microsoft Windows itself (53 per cent).

Microsoft already has best practice advice on this issue in its security bulletins, which says users whose accounts were configured to have fewer user rights on the system would be less affected than those who had administrative rights.

This issue has cropped up recently with the alleged ‘flaw’ in the Windows 7 Beta, where blogger Long Zheng said that its User Access Control (UAC) could be completely disabled without user interaction, increasing the risk of malware.

In a disclaimer, he said: “The user must be in the 'Administrative' user group, and not in the 'Standard' user group, where they will be prompted for an administrative password.”