Anyone familiar with desktop or server administration and anyone who works in IT knows, without argument, that if you simply remove administrator rights from users they will save themselves huge amounts of time supporting those users. But a new report from Beyond Trust actually breaks down the numbers for us.
The report looks at all published Microsoft vulnerabilities in 2009. According to Beyond Trust if you simply remove administrator rights from users, vulnerabilities would be mitigated as follows:
- 90% of critical Windows 7 vulnerabilities (9 of 10)
- 100% of Office vulnerabilities (55 of 55)
- 100% of Internet Explorer 8 vulnerabilities (10 of 10)
In my organization I often hear from technicians that users need administrator rights in order to install software or the technicians would have to constantly answer supports calls. Of coarse these are the same technicians that constantly complain about having to spend hours every day chasing down malware infections caused because the users have administrator rights.
Beyond Trust report PDF
Source: ars technica
John "Mike" Wright