In 2020, hundreds of thousands of new malware samples are discovered every day. There is absolutely no way to fight against this with traditional reactive measures. We need to move from reactive to proactive endpoint security!
If we look at the data from the Microsoft Vulnerability Report 2020, we can see that our environments are trending toward higher vulnerability, with more complexity, and more exposures. In 2020, more than 850 vulnerabilities were found in Microsoft products. Our OS is full of vulnerabilities – even the newest and most secure Windows 10 that is used on 70.98% of Windows computers as of March 2020.
For those who still run Windows 7, (21.21% of the computers as of March 2020), the problem is, of course, even more severe as Microsoft won’t patch these vulnerabilities. Even I need to run Windows 7 in a clothing factory (currently making face masks because of the COVID-19 outbreak) that I operate. My principle is simple: computers that don’t need network/internet access don’t get it, and, even more important, every Windows 7 has the principle of least privilege (PoLP) and allow listing in place. As I can’t trust Microsoft to fix the vulnerabilities, I need to take care of them myself. This entails blocking entry points, blocking apps that abuse them, and blocking the privileges that the apps could abuse. A multi-layered approach is a must.
There are a couple different pathways by which malware can get into your machine. The malware either penetrates an open port in your firewall, or you call it in. In 95% of the cases, it’s the latter one. How do you call in a malware? This is mostly done via a browser or your email. When the malware gets in, we still need to somehow activate it. It could be activated by your browser or email app, but, in many cases, it’s activated by an external app or a plugin. All of these pieces have to be protected.
The great news about the latest, annual Microsoft Vulnerabilities Report is that most of the vulnerabilities can be blocked with the oldest protection in the book – getting rid of admin rights. Removing admin rights blocks most of the attacks against your operating system, your browser, and your Office apps. Eliminating admin rights is an easy way to make sure no harm happens to your computer – which also means it keeps running better, longer, and faster.
I always try to remind people that the principle of least privilege is not just about security, but about productivity as well. I have multiple customers who have decreased the number of tickets to their service desk by a whopping 75% by getting rid of end-user admin rights.
In some cases, getting rid of admin rights isn’t enough. In these cases, we can make security jump from the level of being able to block approximately 80% of malware to the level of being able to stop roughly 99.99% of malware. This is achievable by adding allow listing to the picture. A single rule of saying we only allow apps that are signed by a trusted Certification Authority may limit 99.99% of malware daily. Layering on allow listing further dials down threats, and is effective against phishing exploits. It’s all part of a sound endpoint privilege management approach.
For a deeper dive into how to dial down your vulnerability exposure, check out my on-demand webinar: How to Vanquish Critical IT Vulnerabilities!
Sami Laiho, Windows OS & Security Expert, Senior Technical Fellow
Sami Laiho is one of the world’s leading professionals in the Windows OS and Security. Sami has been working with and teaching OS troubleshooting, management, and security since 1996.
In 2019 Sami was chosen by TiVi-magazine as one of the top 100 influencers in IT in Finland. He is the 11th most followed person in his field in Finland.
At Ignite 2018, Sami’s “Behind the Scenes: How to build a conference winning session” and “Sami Laiho: 45 Life Hacks of Windows OS in 45 minutes” sessions were ranked as #1 and #2 out of 1708 sessions!! This was the first time in the history of the conference that anyone has been able to do this.
Before that, at Ignite 2017, the world’s biggest Microsoft event, Sami was evaluated as the Best External Speaker! Also, Sami’s sessions were evaluated as the Best session in TechEd North America, Europe and Australia in 2014, and Nordic Infrastructure Conference in 2016, 2017 and 2019.