Users' Admin Logins Make Most Windows Malware Worse

nandemoari writes "A new analysis claims that over 90% of the Windows security vulnerabilities reported last year were made worse by users logged in with administrative privileges — an issue Microsoft has been hotly debating recently. According to BeyondTrust Corp., the result of the analysis of the 154 critical Microsoft vulnerabilities indicated that a full 92% could have been prevented if users were not logged into their systems with administrator status. BTC believes that restricting the number of users who can log in with these privileges will 'close the window of opportunity' for attackers. This is particularly true for users of Internet Explorer and Microsoft Office."

Re:It's going to take a moment...

[sholsinger]

Unlike a lot of Linux distros, things in OSX just work because the drivers you need are there and they have been tested with the hardware you purchase from Apple. 'Nuff said.

I _really_ *want* to be able to use Linux on my desktop. Seriously, though, why does sound support break on recent releases of the kernel? Why did my nvidia driver become completely unusable in 2.6.27? I did have everything working... which took nearly a week. My time is worth money to me and my family. Maybe my money and time is better spent purchasing a Mac where all that stuff has been done for me. As opposed to wasting hours on IRC and forums attempting to patch a broken ALSA module. I still have the benefit of *nix compatibility and the command line. So I'd be right at home.

And of course, I could finally have full support for my iPhone.

It seems to me that the Linux kernel could use a bit more QA. Perhaps just some QA at all would be helpful.

Re:The Problem lies elsewhere

[drinkypoo]

You have not the faintest idea what you are talking about. If I install a Linux application that has dependencies they get installed for me, they get installed for me and I see it. But if I install a Windows application that has dependencies that aren't on my system, the shared libraries get dumped into the place where they go. If you install a managed application package on any mainstream Linux distribution it gets installed into / like the rest of the operating system, which is probably a gigantic mistake. And if you extend OSX the system files are tampered with, not just what's in your profile. The only real inherent problem with Windows is that you can only load one DLL with a given name at a time. Microsoft's response is that they fixed this in COM and it's even more fixed with fully managed code, but since most Windows programs are still good old Win32 apps this doesn't help most people. Windows NT as a platform is less odious than most people think. It's when you start to get to the actual user interface (beginning with winlogon and moving on up) that it falls flat. The registry is a great idea. Microsoft just completely failed to utilize it intelligently. Some sort of caching mechanism would have been a good start, you can watch progams retrieve the same data from the registry again and again with regmon.