Security Market Segment LS
Monday, 02 March 2020 09:03

Windows users need admin rights to use system: sec pro

Tyler Moffitt: "We mention Windows so much because that is the operating system that is overwhelmingly infected." Tyler Moffitt: "We mention Windows so much because that is the operating system that is overwhelmingly infected." Supplied

Windows users should not be forced to create an ordinary user before they start to use the system because, "they need those admin rights to do anything with their computer, such as installing Chrome, games or a security solution", a security professional says.

Tyler Moffitt, security analyst at Webroot, was responding to questions posed by iTWire in connection with the company's releasing its 2020 Threat Report.

At least one security firm — Avecto — has pointed out that removing admin rights from the regular user would mitigate would mitigate 80% of the critical vulnerabilities found in Microsoft products in 2017.

But Moffitt does not agree with this. "This [insisting that a user account be created before the Windows system is used] probably will not work too well for the average home user as they need those admin rights to do anything with their computer, such as installing Chrome, games or a security solution," he said.

"In a business environment, the first person to touch the computer anyway would be the IT admins, who would then create an admin account where they install all software needed. Next, the IT admins would create a new account for the actual user of the computer and then hopefully they are reducing that account's privileges though GPO (Group Policy)."

Asked why the fact that ransomware was only aimed at Windows systems was not acknowledged by Microsoft and security firms, Moffitt had a different take.

"The problem here is not that Windows is the most bug-ridden operating system that allows attackers in to deliver malware like ransomware - ransomware has been made for Mac, Linux and other IoT devices," he said.

"The issue here is what operating system is the most commonly used - if you are a criminal and you are trying to hit the most amount of people, because the game is accuracy in numbers, then you would go after the pool of Windows users.

"Windows holds about 90% market share of all computers and Mac is about 9%, so it makes total financial sense for a criminal to focus on Windows. If Mac had 90% share of all computers, then you can bet that most of the malware would be for Mac.

"Windows 10 was a pseudo acknowledgement of this fact, because now users do not have the option to ignore updates. Updates are the only way that Windows can patch all the exploits that criminals leverage to infect machines. While it is not going to outright fix the issue, Windows 10 is doing a much better job than the previous Windows versions."

He said he had not noticed any additional language in the Windows End User Licence Agreement to guard against claims for ransomware attacks. "I have not seen any - pretty much, you are on your own using the Windows operating system. It is up to the end user not to click on things they should not, according to Microsoft."

The Threat Report issued by Webroot was different from many others from other companies in the same space in that it did not hesitate to mention Windows as one of the biggest attack platforms.

Moffitt said this was justified. "We mention Windows so much because that is the operating system that is overwhelmingly infected. It's therefore useful to delve into the insights around Windows infections - what types of Windows machines are infected more, i.e. Windows 7 machines are 150% more likely to be infected than Windows 10 machines.

"Because of that, we can give insight into why certain regions get infected more - because they use older, out of date operating systems."

He said the figures in the Webroot report were based on more that 95 million sensors that fed data into the company's database.

Some findings of the report:

  • Phishing URLs encountered grew by 640% in 2019.
    • 1 in 4 malicious URLs is hosted on an otherwise non-malicious domain.
    • 8.9 million URLs were found hosting a cryptojacking script.
    • The top sites impersonated by phishing sites or cybercriminals are Facebook, Microsoft, Apple, Google, PayPal and DropBox.
    • The top five kinds of websites impersonated by phishing sites are crypto exchanges (55%), gaming (50%), web email (40%), financial institutions (40%) and payment services (32%).
  • Malware targeting Windows 7 increased by 125%.
    • 93.6% of malware seen was unique to a single PC – the highest rate ever observed.
    • 85% of threats hide in one of four locations: %temp%, %appdata%, %cache%, and %windir%, with more than half of threats (54.4%) on business PCs hiding in %temp% folders. This risk can be easily mitigated by setting a Windows policy to disallow programs from running from the temp directory.
    • IP addresses associated with Windows exploits grew by 360%, with the majority of exploits targeting out-of-date operating systems.
  • Consumer PCs remain nearly twice as likely to get infected as business PCs.
    • The data reveals that regions most likely to be infected also have the highest rates of using older operating systems.
    • Of the infected consumer devices, more than 35 percent were infected more than three times, and nearly 10% percent encountered six or more infections.
    • The continued insecurity of consumer PCs underscore the risk companies face in allowing employees to connect to business networks from their personal devices.
  • Trojans and malware accounted for 91.8% of Android threats.

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments