A new report has confirmed what security experts have suspected for a long time: Users who have not removed administrative rights from their Windows users accounts are at risk of getting critical malware attacks.
Ninety-two percent of all security vulnerabilities reported as severe by Microsoft could have been avoided if user accounts didn’t have Admin Rights. That’s according to Avecto, an enterprise-security company based in Manchester, England.
Avecto further said that users who failed to disable their windows admin rights increased their vulnerability of getting attacks in Internet Explorer by 100 percent, in Windows Operating system, they increased the vulnerability to attacks by 96 percent, while in Microsoft Office, they increases the vulnerability to attacks by 91 percent.
That may seem too complicated for a regular user but it’s not. In Windows machines, there are two types of accounts; the Administrator accounts and Standard accounts. The Administrator accounts can be used to alter system-wide settings, and install, alter, or remove software. The standard accounts cannot do any of those tasks and therefore mitigate critical attacks.
Those safety rules are not universal in Windows machines; Google Chrome allows standard users to make changes that are limited to their own accounts. Some malware are take advantage of that feature to “escalate those privileges” and gain administrative rights. It will then launch attacks from a standard account.
Almost all kinds of malware rated as critical by Windows, which execute their code remotely without legitimate approval from the user, are only able to act because the users fail to use standard accounts.
Therefore, you must avoid using the Administrator account for your everyday tasks such as Microsoft Office tasks, emailing, surfing, and Photoshopping. Windows 7, 8, and 10 allows standards users to input passwords and do administrative tasks.
Using who use standard account limit anything nasty to the Standard account, not the rest of the machine when attackers use the web browser and email attachments. Users who use the Administrator account risks everything in the machine when they get nasty attacks from the web browser and email attachments.
Most enterprise and home machines have been setup to use the Administrator account as the primary account. Once the machines get infected, the malware is able to do damage locally as well as the rest of the network. Any machine within the network an active administrator account gets the attack in equal measure. It’s therefore vital that as a primary user, you avoid using administrator accounts for everyday tasks to safeguard your machines.
If you don’t create a separate administrator for administrative tasks only and a Standard account for everyday computer use, you will be making your home machine highly vulnerable to attacks.
To secure your machine, create an admin account then use it to downgrade your primary account and those of other users to standard accounts. You should also give standard accounts strong passwords. It’s the only way you will avoid most of the serious attacks on your Windows machine.