A new analysis claims that over 90% of the Windows
BeyondTrust Corp. (BTC), a software
The report issued by BTC was prepared by assessing security vulnerability bulletins released by Microsoft in 2008, and identifying specific "mitigating factors" (those that could reduce or negate the risk of an attack) within the bulletin. If Microsoft reported that having fewer security privileges would negate or eliminate risk, BTC concluded that the vulnerability was admin-privilege related.
The result of the analysis of the 154 critical Microsoft vulnerabilities indicated that a full 92% could have been prevented if users were not logged into their systems with administrator status. BTC believes that restricting the number of users who can log in with these privileges will "close the window of opportunity" for attackers. This is particularly true for users of Internet Explorer and Microsoft Office. (Source: computerworld.com)
Microsoft has been relatively transparent in their revelation of security vulnerabilities, and has worked with organizations such as Cert.org to identify and address security concerns to the online community. (Source: cert.org)
While Microsoft is not denying the vulnerabilities present in its various Windows operating
I think Microsoft users should be told that using admin privilege accounts is a potential security risk. I found out that many of them don't want to use normal/limited account for their daily account.
Linux users always use ordinary account (non-root acount) to do tasks that do not require admin/root privileges. Ubuntu users for example used to sudo command to do admin tasks like installing packages, upgrade packages etc. Other Linux users are very familiar with su command to do the same tasks. Certain apps will warn you if you run them as admin (ie root). This way Linux users reduce the risks of being infected or attacked by viruses, worms and other types of malwares.