A new report suggests that Windows admins and users could mitigate 94% of all critical vulnerabilities automatically by running non-admin accounts.
It is common sense that using standard user accounts on Windows, opposed to accounts with elevated privileges, is a good security practice.
The main reason behind this practice is simple: if a user cannot perform certain operations due to limited rights, so can't malware that attacks the system.
The recently released Microsoft Vulnerabilities Report 2016 by Avecto highlights how much of an impact the switch from admin to non-admin accounts could make on Windows systems
According to the report, 36% of all Windows vulnerabilities that Microsoft released patches for in 2016 were rated with the highest severity rating of critical. A whooping 94% of those would be mitigated by removing admin rights and running Windows with standard user accounts.
The figure is even better for Microsoft Edge and Internet Explorer vulnerabilities. Avecto reports that all, that means 100%, of Internet Explorer or Edge vulnerabilities are mitigated in a non-admin user scenario.
For Microsoft's newest operating system Windows 10, it would mean that 93% of all reported vulnerabilities would be mitigated by removing admin rights.
Avecto notes that Windows 10, dubbed the most secure operating system ever by Microsoft, had the largest total number of reported vulnerabilities of all supported versions of Windows. Windows 10 was affected by 395 different vulnerabilities, compared to 265 for Windows 8.1 for instance.
A simple change, switching a user account from administrator to standard, or creating a second user account with standard rights and using it predominantly, has a huge impact on computer security.
While the mileage differs from year to year, last year saw a mitigation percentage of "just" 85% for instance, it is clear that standard user accounts will mitigate a large percentage of attacks.
You can switch any user account from administrator or standard in Windows, provided that you have access to an admin account.
I suggest you keep the admin account, and create a secondary user account that runs with standard privileges. You may also want to change the rights for any other user on the system from administrator to standard, if you have not done so already.
You can manage accounts in the following way:
Rule of thumb is that all user accounts that are used actively, e.g. by different family members or yourself, are standard accounts. You should keep an admin account around that you can use to make changes to the operating system that standard accounts cannot though.
You can download the 2016 report from the Avecto website. Note that you are asked to fill out a form before you can download the report.
Now You: Do you run a regular or administrative account on Windows?
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.