Many of today’s sophisticated hacking attacks begin by targeting end-users’ computers. One of the simplest—and perhaps most effective—ways to bolster end-user and network security could be to limit local computer administrative rights, according to a few studies.
Dropping administrative privileges, which allow computer users to install and run programs, could significantly reduce risks from the vast majority of Microsoft Windows vulnerabilities. That’s according to a study from security vendor BeyondTrust. The company, which examined the last 15 months of Microsoft Security Bulletins, found that eliminating end-users’ administrative rights could significantly curtail 90 percent of the exploits of “critical” security flaws found in Windows 7, which was introduced late last year. It could also significantly mitigate 100 percent of the vulnerabilities found in Microsoft Office in 2009 as well as 94 percent of those found last year in the Internet Explorer browser.
Ending employee’s administrative rights “eliminate[s] what is otherwise the Achilles’ heel of the desktop—end-users with…power that can be exploited by malware,” according to the report. Beyond- Trust sells software programs that help IT managers eliminate end-user administrative rights while still allowing users sufficient access to needed programs.
(To finish reading "Curbing User Rights to Bolster Security" from this month's Security Management, click here.)
♦ Photo by archie4oz/Flickr