Thursday, February 5, 2009

Login with admin privilege can make matters worse

Many windows users don't know that they login with administrator privileges. When viruses or worms attack, they use the user's privileges and they can make a catastrophe.

A new analysis claims that over 90% of the Windows security vulnerabilities reported last year were made worse by users logged in with administrative privileges -- an issue Microsoft has been hotly debating recently.

BeyondTrust Corp. (BTC), a software development company specializing in enterprise rights management, has indicated that the act of giving users administrative rights may leave systems more open to risk.

The report issued by BTC was prepared by assessing security vulnerability bulletins released by Microsoft in 2008, and identifying specific "mitigating factors" (those that could reduce or negate the risk of an attack) within the bulletin. If Microsoft reported that having fewer security privileges would negate or eliminate risk, BTC concluded that the vulnerability was admin-privilege related.

The result of the analysis of the 154 critical Microsoft vulnerabilities indicated that a full 92% could have been prevented if users were not logged into their systems with administrator status. BTC believes that restricting the number of users who can log in with these privileges will "close the window of opportunity" for attackers. This is particularly true for users of Internet Explorer and Microsoft Office. (Source: computerworld.com)

Microsoft has been relatively transparent in their revelation of security vulnerabilities, and has worked with organizations such as Cert.org to identify and address security concerns to the online community. (Source: cert.org)

While Microsoft is not denying the vulnerabilities present in its various Windows operating systems, they have not been exactly forthright about how internal programming "holes" (such as increased vulnerability for users with admin privileges) may make users susceptible to threats or attacks.

I think Microsoft users should be told that using admin privilege accounts is a potential security risk. I found out that many of them don't want to use normal/limited account for their daily account.

Linux users always use ordinary account (non-root acount) to do tasks that do not require admin/root privileges. Ubuntu users for example used to sudo command to do admin tasks like installing packages, upgrade packages etc. Other Linux users are very familiar with su command to do the same tasks. Certain apps will warn you if you run them as admin (ie root). This way Linux users reduce the risks of being infected or attacked by viruses, worms and other types of malwares.

Source

No comments: