According to a report released by Beyond Trust, an astounding 90% of all vulnerabilities in Windows 7 can be reduced by eliminating administrator rights.
Some of the key findings from this report show that removing administrator rights will better protect companies. Simply put the exploitation of :
100% of Microsoft Office vulnerabilities as reported in 2009
94% of Internet Explorer and 100% of Internet Explorer 8 vulnerabilities as reported in 2009
90% of critical Windows 7 vulnerabilities as reported to date
64% of all Microsoft vulnerabilities as reported in 2009
Does Microsoft know about the vulnerability?
Almost a decade ago Microsoft was aware of the issues involving administrator rights and said this much: ”Unauthorized or unknowledgeable people who have administrator privileges can maliciously or accidentally damage your organization if they copy or delete confidential data, spread viruses, or disable your network. It is vitally important to properly manage the users and groups that have administrative control over the servers and domain controllers in your network.”
Solution Privilege Manager
Beyond Trust has offered a solution called Privilege Manager, which allow users to run processes that normally require elevated privileges without needing admin rights. Their operational philosophy comes from the principle of least privilege, well known in the defense industry. In a least privilege environment, users only will have those privileges necessary to perform their duties, i.e. only when they need them. (The need to know/need to use protocol.) Every time a user is granted privileges that go beyond that and beyond what is required for a specific task, the system is put at risk. The program controls those privileges. Here is what the program offers:
Implementing Least Privilege with BeyondTrust Privilege Manager:
Enables end users without administrative privileges to run all applications
Allows restricted users to self install approved applications and ActiveX controls
Centralizes control – network admins make security decisions, end users do not
Whether or not Microsoft uses the principle of least privilege, at least there is a workable solution available.
Source
Some of the key findings from this report show that removing administrator rights will better protect companies. Simply put the exploitation of :
100% of Microsoft Office vulnerabilities as reported in 2009
94% of Internet Explorer and 100% of Internet Explorer 8 vulnerabilities as reported in 2009
90% of critical Windows 7 vulnerabilities as reported to date
64% of all Microsoft vulnerabilities as reported in 2009
Does Microsoft know about the vulnerability?
Almost a decade ago Microsoft was aware of the issues involving administrator rights and said this much: ”Unauthorized or unknowledgeable people who have administrator privileges can maliciously or accidentally damage your organization if they copy or delete confidential data, spread viruses, or disable your network. It is vitally important to properly manage the users and groups that have administrative control over the servers and domain controllers in your network.”
Solution Privilege Manager
Beyond Trust has offered a solution called Privilege Manager, which allow users to run processes that normally require elevated privileges without needing admin rights. Their operational philosophy comes from the principle of least privilege, well known in the defense industry. In a least privilege environment, users only will have those privileges necessary to perform their duties, i.e. only when they need them. (The need to know/need to use protocol.) Every time a user is granted privileges that go beyond that and beyond what is required for a specific task, the system is put at risk. The program controls those privileges. Here is what the program offers:
Implementing Least Privilege with BeyondTrust Privilege Manager:
Enables end users without administrative privileges to run all applications
Allows restricted users to self install approved applications and ActiveX controls
Centralizes control – network admins make security decisions, end users do not
Whether or not Microsoft uses the principle of least privilege, at least there is a workable solution available.
Source
