Time to drop unnecessary admin privileges

Risk of malware infection could be severely reduced if companies weren't as generous with granting administrative privileges, says study

A new study shows that CSOs could dramatically lower the risk of malware infection by becoming a lot stingier with the number of company employees given administrator accounts on computers.

The study released Tuesday by enterprise security vendor Avecto indicates that it's time for CSOs to evaluate the use of admin privileges and restrict their use only when required for certain tasks.

"The principle of least privilege dictates that IT users should be granted just enough rights to allow them to effectively perform their role," Andrew Avanessian, vice president of Professional Services at Avecto, told CSOonline.

In general, an administrator account lets a computer user modify other accounts, install and delete software and files and change network settings. A hacker who successfully installs malware on a computer typically gets the same admin rights as the user.

The Avecto study shows that by simply restricting users of desktops and laptops to standard accounts when nothing more is needed can significantly reduce the risk of malware infection. Hackers who gain access to a standard account would have to find a way to escalate the privilege.

"Deploying standard user desktops as part of a proactive defense-in-depth strategy, including application control and regular patching of the OS and vulnerable applications, helps to significantly reduce the threat of modern security threats," Avanessian said. "With least privilege, organizations of any size can strike the perfect balance of security and empowerment, without compromise."

The study took a look at the software vulnerabilities Microsoft reported in 2013 and found that more than nine in 10 rated as "critical" could have been mitigated by removing administrator rights. That number held true with such vulnerabilities found in Windows, Internet Explorer and Office.

Microsoft published a total of 333 vulnerabilities affecting PCs in 2013 with 147 critical. Removing admin rights would have mitigated 60 percent of the total number of vulnerabilities, according to Avecto.

For Windows Server, a total of 252 vulnerabilities were reported with 136 critical. Fully, 96 percent of the latter could have been mitigated by removing admin rights.

Most home computer users and many users of business computers have unnecessary admin privileges, experts say. Limiting user access on Windows XP was difficult, so seldom used. However, features added to Vista, 7 and 8 make restricting access more practical.

Even when a person is the sole user of a computer, he should use the system as a standard accountholder, switching to administrator privileges only when necessary to perform a particular task. The latter account should also be protected with a strong password.

Avecto, which has built a business around Windows privilege management, is providing the study at no charge, but requires people to give their name, email and business and company phone numbers.

Join the CSO newsletter!

Error: Please check your email address.

Tags MicrosoftsecurityAvectoIT management

More about Andrew Corporation (Australia)Microsoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place