Debate: Is advanced malware no longer a problem when administrator rights are removed?

Share this article:
In this month's debate, experts discuss if advanced malware is still a persistent challenge after administrator rights are removed.


PRO

Mark Austin, CEO, Avecto

One of the most effective steps that can be taken to mitigate malware threats is to implement a least-privilege approach. The most dangerous and persistent threats often look to bury themselves deep inside the OS, using rootkits and other kernel-level techniques. It can then cloak itself from security solutions, making detection and removal problematic. 

In order for malware to infect the kernel, it must run in a privileged context or gain access to a privileged account, such as a local administrator. If a user logs on with an administrator account, malware can then gain access to a privileged context with ease, whereas if admin rights are removed, then it becomes much more difficult. It's no surprise that most of Microsoft's critical vulnerabilities state that users who logon to systems with fewer privileges will be less impacted. 

Detection of advanced malware has become challenging, and the only way to defend against it is to take more proactive measures, such as removing admin rights, patching in a timely manner and controlling applications.

CON

George Tubin, senior security strategist, Trusteer

First, removing administrative rights does not constitute a complete lockdown; users will still be able to install software, drivers, ActiveX controls and more. Therefore, users will still be able to unintentionally install potentially malicious files.

Second, advanced malware does not require user interaction or administrative rights to compromise an endpoint. Drive-by downloads, which exploit browser and browser plug-in vulnerabilities, can infect the endpoint when the user simply views a compromised web page (with or without administrative rights). Trusteer recently uncovered a malicious advertising campaign that used a Java zero-day vulnerability to automate the exploitation of the Java virtual machine. Embedded into ads that were displayed on legitimate websites, the exploit was able to automatically infect users with unpatched browsers when visiting these sites (without the users ever clicking on the ad).

 Malware prevention technology is the only effective way to prevent advanced malware threats.



Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in Opinions

Beware of the malware walking dead

Beware of the malware walking dead

This Hallows Eve might be a good time to remind ourselves that zombies can be just as deadly, and I'm referring to recycled tools and techniques from years gone by.

Why the Home Depot attack shouldn't have happened

Why the Home Depot attack shouldn't have happened

Major retailers are falling prey to massive credit card information heists, despite spending millions on cyber security systems.

Next-generation malware: Think like the enemy and avoid the car alarm problem

Next-generation malware: Think like the enemy and avoid ...

When it comes to enterprise security, one rule remains constant - attacks will continue to increase in sophistication and attackers will seek to outmaneuver existing defenses.