1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How To Easily Eliminate 94% of Windows Vulnerabilities

Discussion in 'BlackHat Lounge' started by The Scarlet Pimp, Mar 3, 2017.

  1. The Scarlet Pimp

    The Scarlet Pimp Senior Member

    Joined:
    Apr 2, 2008
    Messages:
    877
    Likes Received:
    3,311
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    A new report from security experts at Avecto highlights hundreds of critical vulnerabilities discovered in Microsoft Windows just in the year 2016. Any of them could allow a hacker to take full control of an unpatched PC. But one simple trick can create a roadblock to neutralize more than 94% of these threats.

    It's "Standard" Operating Procedure

    Here's the short answer: All you have to do is log into Windows as a “standard” user, with limited privileges to add and remove components, change system settings, and so on. If you can’t make drastic changes to the system, neither can any malware that may find its way past your defenses.

    More than 94% of the critical vulnerabilities tallied in the Avecto report require administrator privileges to exploit them. One hundred percent of critical vulnerabilities in Internet Explorer and Edge, the new Windows 10 browser, can only be exploited by malware with administrator privileges.

    Obviously, you should be using a standard user account except in circumstances when higher privileges are necessary.

    But if you’re a typical home user, you probably have administrator privileges and all the vulnerabilities that come with that powerful status. When Windows is installed, the first user account created is an administrator account. Most home users just use it routinely, and don’t bother to create standard user accounts.

    Windows 10 has been touted as the most secure version ever. But Avecto found that Windows 10 contained the most critical vulnerabilities of any version examined.

    A whopping 395 critical Windows 10 vulnerabilities were discovered during 2016. Ninety-three percent of these vulnerabilities are neutralized by using a standard user account. So technically, Microsoft’s “most secure version ever” claim may be true, but not by much.

    Every system needs an administrator account occasionally. But you should create and routinely use standard user accounts that have lower privileges. Here is how to create a standard account in Windows 7:

    Click Start, and in the search box enter “user account.” Among the search results, you will see “Create standard user account.” Click on that item. On the next screen, give the account a name and make sure “standard account” is selected. Click on “Create account” and you’re done - almost.

    Every user account should require a password to log into it. After you create an account, it will be displayed on a page with all the other accounts on that machine. Double-click on the new user account’s icon and select “create password” in the list of actions on the left. Type the password into the next form page, confirm it by typing again, and click on the “Create password” button. Now you’re done.

    Creating new user accounts is more complicated in Windows 10. Microsoft desperately wants you to create a Microsoft account so it can track you all over the Web. Finding the option to create a new standard user account on a PC without creating a matching Microsoft account is a challenge. But let’s do it:

    Enter “Settings” in the search box to open that app. Click on Accounts. Click on “Family & Other People.” Click on “Add someone else to this PC.” Click on “I don’t have this person’s sign-in information.” Click on “Add a user without a Microsoft account.” Finally, you can create a standard account by naming it and giving it a password. Whew!

    Occasionally, a standard user may need administrator privileges to run an app. If you get an error message saying administrator privileges are required, right-click on the app’s shortcut and select “run as administrator” from the drop-down menu.

    As I mentioned up front, using a standard account mitigates 93-94% of critical vulnerabilities. But that doesn’t mean you can dispense with anti-malware protection, download software from sketchy sites, and click every link that appears in your inbox.
     
  2. Sherbert Hoover

    Sherbert Hoover Jr. Executive VIP Jr. VIP

    Joined:
    Dec 26, 2010
    Messages:
    1,093
    Likes Received:
    9,172
    Occupation:
    ORM - Content - SEO - PBN
    Location:
    Anywhere but the UK
  3. amoon

    amoon Jr. VIP Jr. VIP

    Joined:
    May 16, 2015
    Messages:
    1,671
    Likes Received:
    933
    Gender:
    Male
    Occupation:
    IM - BHW
    Location:
    Map–Territory

    apple fanboy detected...:D:D
     
  4. osberht

    osberht Registered Member

    Joined:
    Apr 27, 2016
    Messages:
    78
    Likes Received:
    11
    I agree with the method. Most malicious program need administrative privilage to effectively infect the system. Doesn't matter what OS you're using, either windows, linux, bsd or mac, it will get infected with root/admin privilage.
    One way to view system security in correct perspective is to see it in terms of security layers. This is another addition to security layer that you have on the system. Firewall, kernel hardening, strong password, all of these are the layers of walls that can protect the system from malicious user.
    Anyway, this is my extend on security based on what I read.
     
  5. Capo Dei Capi

    Capo Dei Capi BANNED BANNED

    Joined:
    Oct 23, 2014
    Messages:
    754
    Likes Received:
    1,734
    But then you will have the vulnerabilities of MacOS plus an outdated computer.
     
  6. Sherbert Hoover

    Sherbert Hoover Jr. Executive VIP Jr. VIP

    Joined:
    Dec 26, 2010
    Messages:
    1,093
    Likes Received:
    9,172
    Occupation:
    ORM - Content - SEO - PBN
    Location:
    Anywhere but the UK