Removing User Admin Rights Mitigates 94% of All Critical Microsoft Vulnerabilities

[Cromulent]

Very simplistic view of it - in the realworld if you are even remotely a power user an admin account is still pretty much needed on Windows unless you are a sucker for punishment none the less still a lot of older software that doesn't work properly with a standard account. On Linux though, some exceptions aside, no reason to run admin every day.

I haven't needed an admin account for anything I do on Windows and I do quite a lot of programming which requires compiling and running some weird programs at times. Never had a problem. If you have some weird software that absolutely requires admin permissions then it is the fault of the software not Windows. Windows works perfectly without an admin account. Blame rubbish software developers who have no idea how to write secure programs.

 

[adolf hamster]

is this from the same school of thought of putting adblock on people's pc's so they're not tempted to click the "ur m3gah3rz haz bin st0l3d cl!ck 2 fix" ads that pop up when they're torrenting game of thrones?

 

[Craig321]

just thought i would post this here:
https://www.bleepingcomputer.com/ne...nt-of-all-critical-microsoft-vulnerabilities/

many users say they must HAVE admin, in this day and age its not true. just some findings to prove the standard user effectiveness

Is this not what UAC is doing anyway, blocking admin rights without your consent?

So surely if you have some idea of what you're doing and don't just blindly click yes on UAC prompts, then you don't need to run on a standard account?

Or does running on a standard account improve security even further?

 

[smogsy]

Is this not what UAC is doing anyway, blocking admin rights without your consent?

So surely if you have some idea of what you're doing and don't just blindly click yes on UAC prompts, then you don't need to run on a standard account?

Or does running on a standard account improve security even further?

UAC is only a tiny drop in the ocean

UAC does the following: (also depends on which level it is on, their are 4 in Windows 8/10)

here are many changes which require administrative privileges and, depending on how UAC is configured, they can cause an UAC prompt to show up and ask for permission. These are the following:

• Running an application as administrator
• Changes to system-wide settings or to files in the Windows or Program Files folders
• Installing and uninstalling drivers & applications
• Installing ActiveX controls
• Changing settings to the Windows Firewall
• Changing UAC settings
• Configuring Windows Update
• Adding or removing user accounts
• Changing a user’s account type
• Configuring Parental Controls or Family Safety
• Running Task Scheduler
• Restoring backed-up system files
• Viewing or changing another user’s folders and files
• Changing the system date and time

If your running an admin account & have UAC ON, most the following will not even prompt you for UAC prompt. because you already have the neccsary rights to do so. & their built into windows.
With a standard account UAC will always prompt if it requires Admin Access.

• Changes to system-wide settings or to files in the Windows or Program Files folders
  
• Installing ActiveX controls
  
• Configuring Windows Update
• Changing a user’s account type
• Configuring Parental Controls or Family Safety
• Changing the system date and time

So Running Standard account is vastly more secure.

 

[Craig321]

Thanks

 

[Energize]

What are you doing which requires regular writing to the root folder? Can't you just write to another folder?

It's not just the root folder, it's programs files as well, I do application development which requires that program files are modified on a regular basis.

 

[smogsy]

Energize, what type?
i do application development and don't require admin privileges for almost any of the following:
i do
C/C#/C++,
Python
PHP/HTML/CSS/
power-shell