To Make Windows 7 Safer: Remove Admin Rights

By Marcus Yam
published

Windows 7 is hard to hack if the user account doesn't have administrator rights.

Windows 7 is the safest and most secure desktop operating system from Microsoft yet, but it's still not impervious to attacks. But according to IT solutions firm BeyondTrust, 90-percent of critical Windows 7 vulnerabilities can be mitigated by the removal of administrator rights from Windows users

Key findings from this report show that removing administrator rights will better protect companies against the exploitation of:

  • 90-percent of critical Windows 7 vulnerabilities reported to date
  • 100-percent of Microsoft Office vulnerabilities reported in 2009
  • 94-percent of Internet Explorer and 100 percent of Internet Explorer 8 vulnerabilities reported in 2009
  • 64-percent of all Microsoft vulnerabilities reported in 2009

The findings aren't earth shattering by any imagination. Even Microsoft shares this best practice advice in the "Mitigating Factors" portion of Microsoft’s security bulletins: "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

While most readers of Tom's Hardware may prefer to operate in their Windows 7 environment with admin rights, those in charge of computers for a group or enterprise should without a doubt configure user accounts without administrative rights.

Read more about the report at Ars Technica.

Marcus Yam
Marcus Yam
Marcus Yam served as Tom's Hardware News Director during 2008-2014. He entered tech media in the late 90s and fondly remembers the days when an overclocked Celeron 300A and Voodoo2 SLI comprised a gaming rig with the ultimate street cred.
34 Comments Comment from the forums
  • saint19
    In other words, don't disable the UAC.
    Reply
  • XD_dued
    So instead of malware disabling the abilities of my computer, I should disable them?
    Reply
  • Rancifer7
    As long as the effected users aren't installing things, or editing certain types of files, its fine...
    Reply
  • jhansonxi
    Yet another recommendation from the blatantly obvious IT security practices department.
    Reply
  • digiex
    Even XP will be safer if the user have no admin right, the problem is most software require admin rights to run. M$ must have done something about this longtime ago advising software developer to create software which will run even with limited rights.
    Reply
  • wait i thought this was a no brainer...
    Reply
  • Regulas
    Trying to catch up with Linux, Ubuntu uses the sudo command to gain access. That's what it seems like to me.
    Reply
  • JohnnyLucky
    Nothing new. Friends of mine have restricted access on the pc's where they work. Its been that way for a long time.
    Reply
  • anamaniac
    saint19In other words, don't disable the UAC.Running with UAC on and admin turned off?
    No way in hell will that ever happen bud. I like to be able to use my OS.
    JohnnyLuckyNothing new. Friends of mine have restricted access on the pc's where they work. Its been that way for a long time.I'd bring my own PC to work. If they said no, I'd run their PC and my laptop side by side, doing all work on the laptop and just transferring whatever data I need...
    Reply
  • masterjaw
    This would be effective for companies especially with those employees that has limited knowledge on PCs. As for me, it would affect my productivity as it would be annoying and frustrating to not be able to control my PC in my own accord.
    Reply