Why You Should Avoid Using Your Local Admin Account

The battle for identifying malicious software in a timely fashion is becoming a losing battle for the anti-virus/malware software vendors. New threats attack you through your web browser (in the form of compromised websites, even from reputable websites which may be inadvertently displaying an advertisement from a virus-infected site), your email and from files that you download.

As the anti-malware software vendors work overtime to catalog these new threats and program their products to recognize them, the sheer volume and frequency of new variants of malware makes it difficult for timely blocking of these threats. Based on attacks we’ve seen on our systems, it can sometimes be days before the anti-malware vendor provides a signature that identifies the threat. This is not much solace for the people hit during the leading edge of the attack.

The situation is also exacerbated by increasing use of Zero-Day attacks, which attempt to exploit flaws discovered in software and operating systems that have yet to be provided a patch by the vendor. While we wait for the vendor to provide the patch, the system remains vulnerable.

All these factors have contributed to a situation, predominently experienced by Windows users, where you may be exposed to an attack despite following traditional “safe computing” practices.

If you experience an attack while logged in as a regular user, the damage or modifications are usually isolated to your user account. This can often be identified and selectively removed without significant disruption.

If you experience an attack while logged in as an administrative user, the attack is able to compromise the integrity of the entire computer, putting extremely resiliant counter measures against the removal of the malware. These are no longer any ways to selectively remove much of the new crop of malware. Your system will need to be reloaded from scratch promptly. This means you will lose any local data stored on the workstation (if you haven’t personally backed it up) and you will have to re-install any locally installed Tier 2 software.

Tier 2 users are now required to have a separate administrative account to be used on a limited basis when elevated rights are needed. This account should not be used for general use. Your regular MCECS account should be used for most day-to-day activities. This reduces your Tier 2 workstation’s vulnerability to a comprehensive attack.

Tier 3 users are encouraged to use a similar regimen to avoid being compromised. Create a less privileged user account for regular use of your desktop or laptop. Use the administrator account sparingly – only for software installs or other configuration management tasks.