After tabulating all the vulnerabilities published in Microsoft's 2009
Security Bulletins, it turns out 90 percent of the vulnerabilities can
be mitigated by configuring users to operate without administrator
rights, according to a report by BeyondTrust. As for the published
Windows 7 vulnerabilities through March 2010, 57 percent are no longer
applicable after removing administrator rights. By comparison, Windows
2000 is at 53 percent, Windows XP is at 62 percent, Windows Server 2003
is at 55 percent, Windows Vista is at 54 percent, and Windows Server
2008 is at 53 percent. The two biggest exploited Microsoft applications
also fare well: 100 percent of Microsoft Office flaws and 94 percent of
Internet Explorer flaws (and 100 percent of IE8 flaws) no longer work.
This is good news for IT departments because it means they can
significantly reduce the risk of a security breach by configuring the
operating system for standard users rather than an administrator.
Despite unpredictable and evolving attacks, companies can very easily
protect themselves or at least reduce the effects of a newly discovered
threat, as long as they're OK with their users not installing software
or using many applications that require elevated privileges.