Would it help to defend against malware if I use a less privileged Windows 7 account for my day-to-day work?
Asked
Active
Viewed 191 times
1
-
1Absolutely. This is the best practice. – schroeder Nov 14 '15 at 20:59
-
1Yes it would help but you still need an AV, a firewall and an anti-malware – Ulkoma Nov 15 '15 at 01:09
-
1Right, some autosandboxing, HIPS and other things should always be used even for normal accounts as there are exploits which can give the attacker higher privileges. – Daniel Ruf Nov 15 '15 at 08:03
-
autosandboxing, how? what "other things" would you recommend? – David Bryant Nov 17 '15 at 21:49
-
1Either that, or the built in [UAC](https://en.wikipedia.org/wiki/User_Account_Control) that accomplishes the same thing. – SilverlightFox Nov 18 '15 at 16:50
3 Answers
3
As everybody else is saying, yes, it would. In theory, malware in an unprivileged account can do tons of damage. See this XKCD, which is as relevant to malware as it is to logging out. However, in practice, a lot of Windows malware is written with the assumption that the user is Administrator (either because the user foolishly runs as Admin all the time, or because the malware is something like a Trojan that is installed by an installer which the user will grant Admin to). Software (including malware) that expects to be running as Admin and isn't will usually fail. This "in practice" state may be changing, though; as fewer and fewer users continue the bad habit from the XP days of running with full privileges, malware authors are wising up to the new ecosystem.
One thing which has not been mentioned by the other answers and comments is the risk of local elevation of privilege (EoP) exploits. Again, most malware (not counting state-sponsored stuff against specific targets, like Stuxnet and FLAME) doesn't try to exploit local EoP unless it's expecting to start out sandboxed, because most malware just targets the large and easy target of people who run as Admin. However, it may become more important as malware authors start going for the huge number of non-admin accounts.
So far, people have mentioned (in addition to running less privileged) the need for anti-virus, anti-malware (which is different from AV somehow, in @Ulkoma's definitions), firewall, and backups. Of those, backups - real ones, that aren't permanently connected to the PC - are the most valuable, but the best bang for your buck will come from always staying up to date. True 0-days (bugs being exploited in the wild before the vendor addresses them) are actually pretty rare. On the other hand, every time MS releases a security update, lots of malware authors immediately grab it, look at the changes it makes vs. the old version, and reverse-engineer the code to find the security vulnerability it patches. The majority of the Really Bad exploits that have hit Windows went after vulnerabilities which had been patched weeks or months earlier; people simply hadn't updated when they should have done so.
CBHacking
- 40,303
- 3
- 74
- 98
1
Note that on an unprivileged account, a malware will still be able to read, modify (encrypt), delete, and leak your personal files. You still need backups, antivirus and firewall software. But it will be hard for it to alter anything outside of your standard user account, and removing it should be as simple as creating a new user account.
Hey
- 1,905
- 1
- 16
- 23
0
Yes
Using a low-privilege account will help a lot in the case a malware strikes you, as the malware evil actions will be limited, too. It won't be able to compromise other user accounts, install system drives, delete shadow copies before ciphering your files or many other hard-to-clean things.
This also means that if the worse happens, you are better prepared to clean it up, as most of the computer is still trustable (assuming there are no escalation privileges, no user-owned files are run by the admin, etc.).
Ángel
- 17,578
- 3
- 25
- 60