Can I get published if I say that rain is wet or snow is cold ?
I saw this article earlier today.
“The vast majority of all critical Microsoft vulnerabilities, some 92 per cent, could have been mitigated by removing the administrator rights of Windows users, a new report has revealed.”
Strike out the numbers and the product specifics “Most vulnerabilities can mitigated by removing administrator rights”. Stone the crows , we never knew that if you run everything as admin you were exposed to more risks… OK sarcasm aside, anyone who works with IT knew this, but did we realise the figure was as high as 92% ? And having written about UAC this morning, I feel the need to point out that being a local administrator and running a problematic program elevated if you need to (the Vista way) mitigates risk 11 times out of 12, and running everything elevated because of one program (the XP way) doesn’t.
Comments
Anonymous
February 08, 2009
I find very little that does not work correctly with xp as non admin lately. Been running as a non admin for probably 3 years and runas very carefully.. trAnonymous
February 16, 2009
Well said James... I'm still amazed at the number of people who find UAC an annoyance (incidentally, Mac and Linux platforms have their own versions of UAC too, but they seem to be time-based - i.e. authenticate once, then run anything you like elevated for x minutes - in my view far less secure than explicitly raising privileges for a single process UAC-style)