Friday, April 2, 2010

Restrict administrator rights to prevent exploits

Principe of Least Privilege and the use of least privilege account in a system can prevent majority of malware and other threats. As a key defense-in-depth strategy, one of the best practice control that must be implemented in corporate desktops is to restrict what user can do on the system, specifically restricting administrative privileges. I wrote about this while discussing the Clampi virus.


You are not yet convinced? Do you need some stats to prove this point and convince the IT management? Then read on,

Removing administrator rights will better protect companies  against the exploitation of:  

  • 90% of Critical Windows 7 vulnerabilities reported to date 
  • 100% of Microsoft Office vulnerabilities reported in 2009 
  • 94% of Internet Explorer and 100% of IE 8 vulnerabilities reported in 2009 
  • 64% of all Microsoft vulnerabilities reported in 2009







These are some of the key findings from a report published by Beyondtrust. The full report is available here.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)