One of the best ways to reduce malware infections and resulting IT support tickets is to minimize the number of changes a user can make to their PC. When we talk to customers about how they do this, we’re amazed at how many IT people think that by removing Administrator privileges from a PC will prevent users from installing unwanted software and also protect them from zero-day threats.
I came across a blog post by Gartner Fellow, Neil MacDonald that reinforces what we’ve been saying all along. As Neil states:
“Software that writes to the user’s data directory, and that doesn’t write to protected portions of the registry, can install correctly as a standard user, and an increasing number of enterprise software vendors are doing exactly this (e.g., Google Chrome and Mozilla Firefox).
If the good guys can do this, so can the bad guys. Indeed, malware writers can use the same techniques to install software targeted at stealing end-user-accessible data and personal information, even when users don’t have administrator rights.
If you really want to control what applications a user is allowed to install and execute, you will need to do more than just run them as standard users. For example, Application Control (aka whitelisting) is one approach that I frequently discuss with clients.”
We fully approve of Neil’s recommendation and encourage our readers to learn more about application whitelisting and how companies like RTP Federal Credit Union are using this approach to protect themselves against malware.