2013 Microsoft Vulnerabilities Study: Mitigating Risk by Removing User Privileges

http://blog.avecto.com/2014/02/the-...e-over-90-critical-microsoft-vulnerabilities/

Paper can also be found with Google.

 

What about using Administrator user account with User Account Control maxed? Would that offer similar protection?

hqsec

 

Great question . See https://www.wilderssecurity.com/showthread.php?t=292685 (see post #10 if you don't want to read the whole thread).

For those wondering about UAC at Win 7 default level, see http://blog.chron.com/techblog/2009/01/updated-windows-7s-uac-is-now-insecure-by-design/.

Whether there is any malware that uses the weaknesses in UAC at max level is a question I'd love to know the answer to.

To answer your question, I believe that in practice UAC at max level offers protection similar to a standard account, but there are some ways that UAC at max level is theoretically weaker than a standard account.

 

OK, access to some locations might be problematic. Using my system under SUA gives me identical UAC prompts as using it under admin with UAC. For now I prefer the second option, as I don't have to enter my credentials. It would be nice if they would test those exploits against Admin+UAC setup also.

hqsec

 

Doing over-the-shoulder elevations from a standard account has some theoretical issues as well. Again, I don't know if any malware takes advantage of it. The theoretically safest way to do things is to switch to your admin account (UAC at max level) only when doing admin things, and use a standard account for everyday use. In practice though, UAC at max level might be safe enough for everyday use.

 

Removing user privileges has always been one of the foundations of computer security. This should be news to nobody. I've been using a LUA since the days of Windows NT 4 for anything that doesn't require administrator priveleges. It might be why I've been able to run Xp with automatic updates shut off for years with no issues. In post Xp systems, it's best to use UAC in combination with a LUA with a strong password if you really take your security seriously. UAC at maximum in an administrator account would be OK for most malware if you're vigilant about what you say yes to but it is very bad if your system gets hacked into and someone else is logged into the account--either though network or direct physical access. If it is a limited account, the hacker can only take what data is accessible to that account. If it has administrator privileges, the hacker can load the machine with whatever he wants and take whatever he wants.

 

On previous threat, you've also posted a link to this article: http://www.infoworld.com/d/security-central/security-design-why-uac-will-not-work-445?page=0,0.

If they start to massively create malware that installs and runs under SUA, non of this will help. But it still might help against vulnerabilities?

hqsec

 

The small office where I work has been working toward this. It became easier to accomplish as it just became part of the process of moving from XP to Win 7. A very good thing!!

 

That's already true, I believe. "Mitigation" doesn't necessarily mean that nothing bad can happen. Malware can do plenty of bad things without admin privileges. Malware without admin privileges might not be able to be active when using a different user account, which may or may not be important to you. Malware without admin privileges might be easier to notice and remove than malware with admin privileges.