While non-Microsoft users have grown up understanding the simple concept of access controls and rights within our environments for many years, the single biggest factor for bug propagation on Windows platforms is still the use of administrative rights. The truth of the matter is that prior to Vista, there was little way for a regular user to get single instance privilege escalation ( ie. I just want to temporarily be administrator so I can do something ) beyond adding themselves to the administrator group. And this is what happens 6 times out of 10 according to a report by BeyondTrust.
Breaking it down per product, the figures become even more interesting. Microsoft reported 55 Office vulnerabilities in 2009, and all of them are mitigated by removing admin rights. Of the 33 Internet Explorer issues reported, 94% were thwarted by removing admin rights. For Internet Explorer 8, 100% would be. If we restrict the vulnerabilities to just Windows, we see that 53% can be mitigated by not running as admin.
The threat of the most severe type of vulnerability, the ones that would allow remote code execution, can be greatly educed by not running as admin: 87% of them are ineffective when you do not run as administrator. These figures show us exactly what we already knew: running as administrator is stupid, and asking for trouble. All the more reason for Microsoft to finally abolish that quaint custom of making the first user an administrator.
Consider the concept of ‘sudo’ on Unix which has been around since the dark ages, providing an extremely fine-grained control over not only privilege escalation but also what can be done with that escalation. It’s so advanced that you can allow a user to run one particular binary but not another. And it’s been taken to new heights over the last few years by the 2 main Linux desktop contenders, Gnome and KDE, which both have privilege escalation controls within the desktop as well.
Windows Vista and 7 have finally brought some sanity to that platform – only some though as their privilege escalation mechanism ( UAC – user access control ) is causing a lot of issues for users. It’s telling that searching Google for ‘windows privilege escalation’ only gives you results about security issues and not security controls. Note that BeyondTrust’s report applies to Windows 7 as well.