Commenting on the BSI (Bundesamt für Sicherheit in der Informationstechnik), the German government's office for information security, publishing guidelines on how computer users can keep their machines secure, Avecto says that the agency has indeed recognized that the effective management of user rights is a very important part of building a secure desktop.
According to Paul Kenyon, chief operating officer with the Windows privilege management specialist, in order to get the message across, the BSI allowed two different Windows 7-based computer systems to be attacked, and documented the results. The test system that followed the BSI guidelines did not suffer an infection, but the second, less secure system, suffered security flaws and infections to the machine.
"What is worth noting here is that the agency seems to favour the better protected desktop as the one that was up to date with its security patches, but our take-out is that the better protected desktop was running as a standard user, whilst the desktop that was compromised was running under admin rights," he said.
"This reinforces our long-standing advice to IT security professionals that careful control of privileged account management is central to the security strategy of any organisation, as least privilege translates to least risk when it comes to the security profile of a given system or group of systems," he said.
Kenyon went on to say that Windows users should also keep their systems up to date, as well as reducing the levels of risk still further by avoiding the use of Java wherever possible, and user different Web browser software for specific applications where possible.
More than anything, Kenyon says, the results of this German security agency test confirms that defending an IT system now requires multiple layers of security, as well as a firm handle on which features of the machine - the level of privileged access to high-level administration features - the user account gains access to.
The bad old days of using a single IT security application across all computers and using a `set it and forget it' strategy are now giving way to a more refined approach centering on patch management, use of multiple security applications and an effective Windows privilege management approach, he adds.
"Effective Windows security in the Year 2012 is a lot more complex than many IT users realise. The tests carried out by the BSI are an excellent confirmation of this, but IT security managers should not ignore the key issue of Windows privilege management," he said.
"It only takes the failure of a single element of a security strategy to allow malware in and, as this BSI test shows, the results can be quite devastating. Security requires a holistic approach, and our observations are that IT security professionals clearly need to factor in Windows privilege account management alongside their other defence strategies," he added.