Do Not Use Admin Accounts

Anyone that has read this blog for more than a week should be aware of the importance of running as a “normal user” instead of as root (UNIX/Linux) or administrator (Windows).  It’s often hard to illustrate just how important this simple precaution is.  To aid in that illustration, a report by BeyondTrust looks at how many security bulletins issused by Microsoft are mitigated by simply not running as administrator.

Despite the advances made by Microsoft to secure Windows by default, the fact remains that the first account created on a new system always has administrator capabilities.  Most Windows users will take the first account available rather than think ahead and setup a less powerful account for everyday use, and will end up running as an administrator.  That is convenient, but incredibly insecure.

Microsoft published 190 security vulnerabilities last year, and 121 of them are thwarted by running without administrator rights.  That’s 64% mitigated by removing administrator rights!  Breaking it down per product, the figures become even more interesting. 

  • Microsoft reported 55 Office vulnerabilities in 2009, and all of them are mitigated by removing admin rights.
  • Of the 33 Internet Explorer issues reported, 94% were thwarted by removing admin rights.
  • For Internet Explorer 8, 100% would be thwarted by removing admin rights.
  • If we restrict the vulnerabilities to just Windows, we see that 53% can be mitigated by not running as admin.

The threat posed by the highest risk vulnerabilities, the ones that would allow arbitrary remote code execution, can be greatly reduced by not running day-to-day operations using an admin account:  87% of these attacks are ineffective when you simply do not run as administrator.  All the more reason for Microsoft to stop making the administrator account avaialble as the first user created.  Force the user to create a normal account after password protecting the admin account.