I have been running my computers with my daily-driver account being a standard user, with a separate administrator account on my Windows and Mac OSX computers for a few years now.
This has not been without headache, as it requires a username and password when doing some actions on the computer. Sometimes the prompt came up with the most innocuous of actions, but usually it happens when installing software, applying updates, or making changes to system parameters.
Analysis by a company called Avecto has revealed that my efforts have not been in vain. They have reason to promote these findings to get your business to use their solutions, but anybody can take the fundamental approach of granting only the access that is needed without a costly solution. Their findings are specific to the Windows operating system, but the idea can, and should, be applied to all operating systems.
92% of Windows critical vulnerabilities were mitigated by removing administrator rights, and 60% of all Microsoft vulnerabilities were mitigated by removing administrator rights.
This breaks down to the following critical vulnerabilities being mitigated by removing administrator rights:
- Windows operating system: 96%
- Internet Explorer: 100%
- Microsoft Office: 91%
Their methodology took the Microsoft executive summaries and tabulated the number of critical vulnerabilities that Microsoft had identified as able to be mitigated with standard user rights against the total number of vulnerabilities published in 2013.
By mitigating between 60 and 100% of vulnerabilities, you can bet that I will continue to use a standard account as my “daily-driver” login on my personal computer for a long time to come.