Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Top Stories > Trusteer’s Senior Security Strategist, George Tubin on endpoint security

Trusteer’s Senior Security Strategist, George Tubin on endpoint security

Published by Gbaf News

Posted on March 25, 2013

3 min read

Last updated: January 22, 2026

Asian trading market scene depicting LNG price decline during Lunar New Year - Global Banking & Finance Review — An image illustrating the Asian trading market, highlighting the decline in liquefied natural gas (LNG) prices influenced by reduced trading activity during the Lunar New Year. This visual connects to the article's discussion on price fluctuations and market dynamics.

What is the single most important way to improve endpoint security? According to Gartner’s Neil MacDonald, organizations should remove administrator rights from all users. Administrative rights on enterprise endpoints provide users with complete control over the device. These rights allow users to install software, change the Windows registry settings, change a wide variety of configuration files, and generally do whatever they want on the device.

Why are administrative rights a problem? Mainly because users might change the endpoint configuration or install unauthorized software. If unauthorized software installed by the user is benign, at most it would become a nuisance. But if unauthorized software is malicious, and installed under administrative rights, its impact can be devastating. In addition, since many Windows vulnerabilities that enable code execution do so in the context of the logged-in user, exploits might be able to execute without any restrictions on the endpoint. Therefore, we certainly agree that limiting administrator privileges for corporate end-users improves the organization’s security posture, but it’s not a panacea. Also, in today’s environments that support BYOC policies and ‘Consumerization of IT’, removing administrator rights is often unfeasible.

Removing administrator rights from the user does not prevent advanced malware infections. In his blog, Neil MacDonald says that removing these rights isn’t a “lockdown”; users will still be able to install software, drivers, ActiveX controls and more. This means that users will still be able to install potentially malicious files. Moreover, today’s advanced malware does not require user interaction or administrative rights to compromise an endpoint. Drive-by downloads, which exploit browser vulnerabilities and browser plug-in vulnerabilities, can infect the endpoint when the user simply views a compromised web-page (with or without administrative rights). This was the case in a recent Malvertising campaign recorded by Trusteer’s research team (see: Malvertising Campaigns Get a Boost from Unpatched Java Zero-Day Exploits). The attack utilizes a Java zero-day vulnerability (CVE-2013-0422) to automate the exploitation of the Java virtual machine. Embedded into ads that are displayed on legitimate websites, the exploit is able to automatically infect users with unpatched browsers when visiting these sites (without the users ever clicking on the ad).

Note that advanced malware can infect an endpoint when running under the context of either ‘administrative’ or ‘standard’ user rights, and in both cases, the malware can survive a reboot.

Drive-by downloads are a top attack method and they are growing in popularity with attackers¹. Today, drive-by downloads that are completely independent of user interaction pose a significant threat to enterprises because they are so hard to prevent. Attackers are taking advantage of the fact that many enterprises fall behind on patching endpoint vulnerabilities and are also exploiting zero-day vulnerabilities for which a patch is not available. We agree with MacDonald’s recommendation to use Application Control/Whitelisting to “lockdown” environments. Furthermore, we recommend that enterprises implement an Exploit Prevention Security Layer that uses an Application Control/Whitelisting technology to effectively protect vulnerable endpoint applications.