We heard about this here before, but disabling or dropping admin rights in Windows will repair 53% of all the security holes that have been found up last year in the Windows OS, this according to a “Least Privilege” solution’s vendor. According to a survey done by Beyond Trust using accounts with lesser rights produce more secure systems. Dropping admin rights will repair 53% of all Windows holes, 89% of all those in Internet Explorer and 94% of all vulnerabilities found in Microsoft Office. Microsoft itself often advises for serious vulnerabilities to use less rights.
As a long time user of DropMyRights (DMR) with XP Pro, it gives that extra level of protection should your other defences fail to detect a new exploit. Since DMR doesn’t work with Vista this was another point in my reasons not to use Vista.
Even though Vista has lowered rights and UAC, but we still see lots of malware getting into Vista systems, considering it was meant to be much more secure than XP.
I have to say I’m surprised at the number of infections on Vista, so UAC must have been disabled (pain in the rear for many and the likely reason people disable it), but they would still be running on admin accounts instead of Limited User accounts. I though even with an admin account Vista ran on reduced rights and you would be forced to enter the admin password for some functions that required elevated permissions. I guess if UAC is disabled you wouldn’t get that challenge for a password.
Online Armor firewall has a feature called “run safer” that does work in Vista. Allows you to be logged in as an admin, run any program with limited user rights. http://www.tallemu.com/webhelp3/KF-RunSafer.html .
Haven’t tested it on Vista.
Will do so as soon as I get a chance and let you know David.
Most people however aren’t using Vista and should therefore be securing
their system by utilizing the “Drop your Rights” feature.
