Thursday, March 24, 2016

The Easiest Way To Avoid Being Hacked

For decades we have been told by security professionals that the best way to stop from being hacked is to be careful when opening e-mail attachments, to install anti-virus software, and use a firewall. That has been the security mantra since the 1990s. If you’ll notice, we are not in the 1990s anymore. Hackers have had over 20 years to poke holes in those defenses, and have largely been successful. It is time for a new approach.

At a recent security conference, Avecto, a security product manufacturer, conducted an analysis of Microsoft Security Bulletins from 2015, focusing only on the security vulnerabilities labeled “Critical”. What they discovered is that 85% of the vulnerabilities exploited to hack a computer, can be mitigated by removing administrator privileges from the current user. In other words, if you use a "standard" user account as opposed to an "administrator" user account, malware could be stopped from being installed on your computer 85% of the time. What is the difference between "standard" and "administrator" user accounts? A "standard" user account cannot install software or make configuration changes to your computer. Only an "administrator" account can do that.

When you create your user account in Windows, you have a choice whether to create a "standard" or "administrator" user. You can also change the account type by going to Control Panel > User Accounts > Change Your Account Type. There has to be at least one “administrator” user on a computer. That means you will need to create two user accounts; one “standard” and one “administrator”. You use the “standard” one for your everyday activities and the “administrator” account just for making changes or installing software.

So, why don't most people use standard user accounts? The answer is convenience. They want the immediate gratification of installing software or making changes on the fly. Most users are not aware that Microsoft has already made it more convenient to user a standard user account. Since, Windows 7 you can now operate in your standard user account and install software by right clicking on the installation file and selecting from the menu "Run as Administrator". You will then be prompted to enter your administrator username and password. That means you can still stay logged in your standard user account, but invoke the administrator account when you need to without logging off and switching accounts.

Working in a standard user account is essential for keeping the hackers from invading your computer. Consider these other findings:

● Of the 251 vulnerabilities in 2015 with a Critical rating, 85% were concluded to be mitigated by removing administrator rights ● 86% of Critical vulnerabilities affecting Windows, can be mitigated by removing administrator rights ● 99.5% of all vulnerabilities in Internet Explorer, can be mitigated by removing administrator rights ● 82% of vulnerabilities affecting Microsoft Office, can be mitigated by removing administrator rights ● 85% of Remote Code Execution vulnerabilities, can be mitigated by removing administrator rights ● 82% Critical vulnerabilities affecting Windows 10, can be mitigated by removing administrator rights ● 63% of all Microsoft vulnerabilities reported in 2015, can be mitigated by removing administrator rights.