There are many reasons why it’s a good idea to run without admin rights, but for a recent webinar by Avecto, I narrowed it down to my top 5 reasons why it’s important to do so.
You can hear more about these on the on-demand webinar and see real examples of ethical hacking, where I show you some actual scenarios of vulnerabilities in the Windows OS.
When talking about security, I always talk about proactive and reactive measures. Both are needed, but the proactive measures are much more important. This includes things like software whitelisting, managing permissions and firewalls. These protection layers keep the computer clean and efficient.
Reactive measures like anti-malware and blacklisting are usually late to the party – but should be layered on top of proactive prevention, just in case something gets through. Here we’re talking about proactive measures – removal of admin rights (and the effective management of user rights using privilege management technology) to secure your business PCs – and the 5 big reasons why it can’t be avoided.
1) Keep malware off your computer
As your computer can’t differentiate between good and bad software, the only way to prevent the installation of malware is to prevent installations as a whole. So in this case, your standard everyday user shouldn’t be able to install software that affects the whole computer. Many people think that with UAC in Windows 7 and 8, there is no need to limit user admin rights. This is a myth and is far from the truth! In the on demand webinar, I demonstrate why.
I have recently seen code written by an 11 year old that configures the PC to run as a wireless access point, which can bypass UAC.
2) Keep the computer running smoothly
A limited user cannot write files or entries in places where admins can. Ultimately this means that by removing admin rights, your PCs are cleaner and more stable, with a longer lifespan. Usually people tell me that they reinstall their Windows OS every 6 months or every year to keep the machine running effectively. Without admin rights, there’s no need to do this. Less reinstallations means less help-desk impact, and less cost.
3) Keep the protection enforced
An admin user can turn off your protective measures. They can disable your firewall, antivirus, encryption, Group Policy and more. And if the admin is running malware, the malware can do the same.
Shockingly, all big zero-day attacks reported in the media from 2010-2013 required admin rights! Malware could never affect the computer in the first place without admin rights.
4) Keep computers compliant
Microsoft’s own Security Policy states that a user in the local admin group can manage the computer 100%. There is no way of controlling administrators with Group Policy. They can do what they want, full stop.
They can deny the system from reading policies – and if you deny the rules, you don’t have to obey them! Watch the webinar to see how it’s done. Removing admin rights and running with standard users removes this risk immediately.
5) Keep your network clean
Your network is only as secure as its weakest link. One computer on the domain running admin rights is a hole that compromises the entire network. I demonstrate how admins can inject bait into a PC using a security gap, run with the highest privileges and bypass UAC to gain access to the whole network.
My top tips for removing admin rights:
- There is always a trade off with removing admin rights. I talk about Security vs. Cost vs. Usability. You just need to decide the approach that’s right for you.
- Admin rights need to adjust to a software-based approach, not user-based.
- UAC is mandatory – you must run with UAC on. But app compatibility and user experience means you need a solution for customization.
- Build a proof of concept – stop the process of giving out admin rights, figure out why admins have needed admin rights, and remove current admin rights. There are tools on the market to help you do this.
