Microsoft published 147 vulnerabilities in 2013 that were rated as Critical. Critical, however, is a relative term, and there is one simple thing anyone can do that would guard against almost every single Critical vulnerability according to a new report from Avecto: remove admin rights.
Removing Admin Rights to Protect Yourself from Malware Infection
“If malware infects a user with admin rights, it can cause incredible damage locally, as well as on a wider network. Additionally, employees with admin rights have access to install, modify and delete software and files as well as change system settings.”
Simply by working on your PC as a “Standard” user, rather than as an “Administrator”, you are protecting yourself from malware infection. Of course, if you need to do something that requires elevated permission (like installing a program, or changing a system setting), you can enter your admin password to do so.
Oftentimes, people create their initial PC user account with the default “Administrator” settings, and then continue to use that account. A better way to do this is to create a separate account, call it “Admin”, and assign administrator settings to it. Then change your original user account to “Standard” settings.
Local Admin Rights in Companies
Giving administrator rights to computer end users was once a common practice, but it has all but disappeared in corporate America. As companies embrace the least-privilege model of information security, most employees interact with corporate computer systems with user-level access in tightly controlled software environments.