A new report from security experts at Avecto highlights hundreds of critical vulnerabilities discovered in Microsoft Windows just in the year 2016. Any of them could allow a hacker to take full control of an unpatched PC. But one simple trick can create a roadblock to neutralize more than 94% of these threats. It's "Standard" Operating Procedure Here's the short answer: All you have to do is log into Windows as a “standard” user, with limited privileges to add and remove components, change system settings, and so on. If you can’t make drastic changes to the system, neither can any malware that may find its way past your defenses. More than 94% of the critical vulnerabilities tallied in the Avecto report require administrator privileges to exploit them. One hundred percent of critical vulnerabilities in Internet Explorer and Edge, the new Windows 10 browser, can only be exploited by malware with administrator privileges. Obviously, you should be using a standard user account except in circumstances when higher privileges are necessary. But if you’re a typical home user, you probably have administrator privileges and all the vulnerabilities that come with that powerful status. When Windows is installed, the first user account created is an administrator account. Most home users just use it routinely, and don’t bother to create standard user accounts. Windows 10 has been touted as the most secure version ever. But Avecto found that Windows 10 contained the most critical vulnerabilities of any version examined. A whopping 395 critical Windows 10 vulnerabilities were discovered during 2016. Ninety-three percent of these vulnerabilities are neutralized by using a standard user account. So technically, Microsoft’s “most secure version ever” claim may be true, but not by much. Every system needs an administrator account occasionally. But you should create and routinely use standard user accounts that have lower privileges. Here is how to create a standard account in Windows 7: Click Start, and in the search box enter “user account.” Among the search results, you will see “Create standard user account.” Click on that item. On the next screen, give the account a name and make sure “standard account” is selected. Click on “Create account” and you’re done - almost. Every user account should require a password to log into it. After you create an account, it will be displayed on a page with all the other accounts on that machine. Double-click on the new user account’s icon and select “create password” in the list of actions on the left. Type the password into the next form page, confirm it by typing again, and click on the “Create password” button. Now you’re done. Creating new user accounts is more complicated in Windows 10. Microsoft desperately wants you to create a Microsoft account so it can track you all over the Web. Finding the option to create a new standard user account on a PC without creating a matching Microsoft account is a challenge. But let’s do it: Enter “Settings” in the search box to open that app. Click on Accounts. Click on “Family & Other People.” Click on “Add someone else to this PC.” Click on “I don’t have this person’s sign-in information.” Click on “Add a user without a Microsoft account.” Finally, you can create a standard account by naming it and giving it a password. Whew! Occasionally, a standard user may need administrator privileges to run an app. If you get an error message saying administrator privileges are required, right-click on the app’s shortcut and select “run as administrator” from the drop-down menu. As I mentioned up front, using a standard account mitigates 93-94% of critical vulnerabilities. But that doesn’t mean you can dispense with anti-malware protection, download software from sketchy sites, and click every link that appears in your inbox.