LKN PC Tune-Ups
Computer Troubleshooting in the south Lake Norman area since 1998 Over 1000 PCs serviced in Huntersville, Cornelius and Davidson

A recently released report by BeyondTrust entitled “Reducing the Threat from Microsoft Vulnerabilities” indicates that that according to the company’s analysis of all the security bulletins Microsoft published in 2008, 92% of the critical vulnerabilities could have been mitigated by the principle of the least privilege.

Despite the fact that Microsoft’s products continue topping the “successfully exploited charts” in each and every web malware exploitation kit (go through sample infection rates), long gone are the days when Microsoft’s products are targeted exclusively. Nowadays, in order to better optimize a malware campaign, a web malware exploitation kit is targeting a diverse set of client-side software/browser plugins.

Here are some of the key points from the report :

• 92% of Critical Microsoft vulnerabilities are mitigated by configuring users to operate without administrator rights.
• Of the total published Microsoft vulnerabilities, 69% are mitigated by removing
  administrator rights.
• By removing administrator rights companies will be better protected against exploitation of 94% of Microsoft Office, 89% of Internet Explorer, and 53% of Microsoft Windows vulnerabilities.
• 87% of vulnerabilities categorized as Remote Code Execution vulnerabilities are mitigated by removing administrator rights.

Interestingly, starting from the basic fact that the client-side vulnerabilities exploited through the web exploitation kits have had their associated patches for months, sometimes years, end users appear to not only lack understanding of least privilege accounts, but also, still believe that patching their browser is where the self-auditing process both, starts and ends.

Moreover, the ongoing Conficker/Downadup malware campaign which has already passed the 10 million infected hosts milestone, is a very recent example of another phenomenon - the fact that millions of end users and possibly companies, are on purposely using pirated copies of Windows and are therefore using highly vulnerable, yet Internet connected, versions of it. The proof? Symantec’s geolocated graph of infected Conficker hosts speaks for itself, as the countries having the highest software piracy rate, are in fact the ones most heavily hit by the malware.

However, least privilege accounts can always be used by both, legitimate users and software pirates altogether, which when combined with a decent situational awareness in the sense of knowing the current attack tactics, is prone to decrease their chance of getting successfully compromised.
============end==============
Source: http://blogs.zdnet.com/security/?p=2517

Q. What's the difference between sharing a PC on an Administrator user account and a Limited user account? Any advantage to using one over the other? Windows XP lets each person sharing the same computer have his or her own user account with its own password and certain personalized settings. There are two main types of accounts you can set up: Administrator and Limited. Windows Vista can also handle multiple accounts, but calls the two types Administrator and Standard.

A. The Administrator account is the default type on a new computer, and it is the most powerful kind. When you are logged on as an Administrator, you can add new software and install hardware, set up the system preferences and run utility programs to repair or maintain Windows itself.

Someone logged on with a Limited account can't install new software or hardware, or make changes to the operating system that would affect other users. Setting up and using a Limited account does have its advantages. Without the power to install software, Limited accounts are typically safer from malicious software like viruses and spyware that try to secretly infiltrate the PC. Limited accounts can also be helpful when you are sharing a computer with less-experienced users who may inadvertently change system settings.

Administrator accounts aren't restricted. You do need to be logged into one to install new programs, security software and new hardware peripherals. You may be more at a risk for malicious software, though, which can install itself through an Administrator account.

To add new accounts to your computer when logged on as an Administrator, go to the Start menu to Control Panel and click on the User Account option.

Microsoft recommends using Limited accounts most of the time because they are less vulnerable. So do I.