1 1 00:00:00,769 --> 00:00:03,975 The objective of this section is to understand the very simple 2 2 00:00:04,067 --> 00:00:09,068 but extremely effective method of reducing default privileges. 3 3 00:00:09,746 --> 00:00:13,917 This will help contain malware or an attacker 4 4 00:00:13,995 --> 00:00:16,824 by reducing the privileges that they run under. 5 5 00:00:16,829 --> 00:00:21,287 Most attackers have the level of privilege of the logged in user 6 6 00:00:21,379 --> 00:00:26,085 or the privilege of the process running the application that was exploited. 7 7 00:00:26,180 --> 00:00:30,514 This means if you're logged in with an admin privilege, 8 8 00:00:30,603 --> 00:00:32,900 so effectively got on the operating system, 9 9 00:00:32,960 --> 00:00:36,435 the malware will have the same level of privileges 10 10 00:00:36,459 --> 00:00:38,674 if they exploit the system 11 11 00:00:38,932 --> 00:00:43,366 via you or a process that you're running or application that you're running. 12 12 00:00:43,444 --> 00:00:46,934 If you are logged in with restricted privileges, 13 13 00:00:47,044 --> 00:00:49,721 the malware is also restricted. 14 14 00:00:49,832 --> 00:00:53,323 Restricting privileges is a standard approach 15 15 00:00:53,363 --> 00:00:56,436 in Linux and UNIX type operating systems 16 16 00:00:56,516 --> 00:01:00,535 where the admin or root account is rarely used. 17 17 00:01:00,783 --> 00:01:05,041 To access those accounts, or to access root, 18 18 00:01:05,054 --> 00:01:08,162 you use su or sudo command 19 19 00:01:08,231 --> 00:01:10,832 and stay with the standard user most of the time. 20 20 00:01:10,844 --> 00:01:13,956 But this is not the case in Windows. 21 21 00:01:13,971 --> 00:01:17,228 Administrative privileges is the default. 22 22 00:01:17,348 --> 00:01:20,883 You simply need to change your account in Windows 23 23 00:01:20,994 --> 00:01:23,002 to be a standard user 24 24 00:01:23,046 --> 00:01:26,722 and use an admin account just for when you need it. 25 25 00:01:26,745 --> 00:01:31,213 This has surprisingly little administrative burden 26 26 00:01:31,354 --> 00:01:36,171 as you will be prompted for the admin privileges if and when you need them, 27 27 00:01:36,243 --> 00:01:39,739 which is mostly when you're installing applications. 28 28 00:01:41,067 --> 00:01:47,052 This is a nice, easy win to lock down any attacker or attack, 29 29 00:01:47,205 --> 00:01:49,092 you have to train yourself 30 30 00:01:49,152 --> 00:01:53,476 not to blindly enter the admin password when requested, 31 31 00:01:53,531 --> 00:01:57,024 and question the reason you're being prompted 32 32 00:01:57,082 --> 00:01:58,967 for the admin username and password, 33 33 00:01:59,027 --> 00:02:01,689 and make sure that it is actually genuine. 34 34 00:02:01,912 --> 00:02:04,792 If an attacker has reduced privileges, 35 35 00:02:04,808 --> 00:02:06,776 it forces the attacker 36 36 00:02:06,856 --> 00:02:09,749 to attempt to try to do privilege escalation techniques, 37 37 00:02:09,849 --> 00:02:14,321 which exploits aren't always available or possible 38 38 00:02:14,502 --> 00:02:18,556 or written into the malware that is doing the attack, 39 39 00:02:18,559 --> 00:02:21,939 so it effectively reduces the attack surface. 40 40 00:02:21,985 --> 00:02:25,593 According to Avetco's annual Microsoft vulnerability report, 41 41 00:02:25,672 --> 00:02:29,239 removing user admin privileges in Windows 42 42 00:02:29,335 --> 00:02:35,552 would result in 86% of all Windows threats being stopped, 43 43 00:02:35,701 --> 00:02:37,685 which is a shocking statistic. 44 44 00:02:37,917 --> 00:02:40,708 That shows you how important it is 45 45 00:02:40,908 --> 00:02:46,154 not to run as an administrator but run as a standard user in Windows. 46 46 00:02:46,186 --> 00:02:49,533 And in fact it's important in all operating systems, 47 47 00:02:49,790 --> 00:02:53,089 but most important in Windows.