Lyrics & Knowledge Personal Pages Record Shop Auction Links Radio & Media Kids Membership Help
The Mudcat Cafesj



User Name Thread Name Subject Posted
JohnInKansas Tech: Infuriatingly persistent pop-up ads (19) RE: Tech: Infuriatingly persistent pop-up ads 20 Feb 14

A recent "news" item provides a simple argument about vulnerabilities that should be known well enough but is universally ignored.

One tweak can make your Windows PC virtually invulnerable

A study from Avecto found that almost all of the vulnerabilities reported by Microsoft in 2013 could be mitigated with one easy change

By Tony Bradley | PC World | 19 February 14

Microsoft published 147 vulnerabilities in 2013 that were rated as Critical. Critical, however, is a relative term, and there is one simple thing anyone can do that would guard against almost every single Critical vulnerability according to a new report from Avecto.

In its 2013 Microsoft Vulnerabilities Study, Avecto found that you could mitigate almost every single Critical vulnerability simply by removing administrator rights. The exact number was 92 percent, but that brings the number of serious threats from 147 down to around 12.

Avecto also determined this would circumvent 91 percent of the Critical flaws in Office, and 100 percent--as in every single Critical vulnerability--of those that impact Internet Explorer.
Taken in the larger context of all vulnerabilities published by Microsoft, as opposed to just the Critical ones, the efficacy of taking away administrator privileges drops to 60 percent. However, the ability to make more than half of the vulnerabilities essentially go away by just changing from administrator to standard user privileges is nothing to scoff at.

[END QUOTE - see the link for more]

The need to log off and log back in as Administrator fairly frequently has been something of an inconvenience for Windows users in all versions, but there are differences in "how inconvenient" this is that depend on what Windows version is used.

Many people have made it a practice of just "running as administrator" all the time, and/or have given "administrator authority" to the user account they use most frequently.

The article gives a somewhat superficial but still useful explanation of how this affects the recent versions of Windows.

In most cases, for Windows versions through and including WinXP, if a user has Admin powers, anyone who gets into the machine using that username, or while you are using that unsername, can do just about anything.

Beginning with Win7, and for Win8, even if the user has "Admin access" Windows will ask for permission to execute anything that needs an Administrator authority before any "Administrator function" is executed. This isn't a complete "fail safe" but is one of the things that does make these versions much less susceptible to malware attacks.

Ideally, Administrator authority should be available only when you log on as the Administrator, with a strong Administrator password. Ideally, no "standard user" should have that authority.

With Win7 or Win8, it is significantly less hazardous to give a regular user additional privileges, but with earlier versions even giving full read/write privileges to the regular users can significantly increase your malware exposure.

Nothing to panic about, but something to think about if you've been a bit sloppy with your security features.

John

Post to this Thread -

Back to the Main Forum Page

By clicking on the User Name, you will requery the forum for that user. You will see everything that he or she has posted with that Mudcat name.

By clicking on the Thread Name, you will be sent to the Forum on that thread as if you selected it from the main Mudcat Forum page.

By clicking on the Subject, you will also go to the thread as if you selected it from the original Forum page, but also go directly to that particular message.

By clicking on the Date (Posted), you will dig out every message posted that day.

Try it all, you will see.