...
To explain further: Operating under a normal user account without admin credentials blocks 94% of Microsoft vulnerabilities. Malware and vulnerabilities are so clever that even tech savvy users can click on them. Antivirus is important but many recent studies find it effective in stopping only 30% of infections due to the ever changing malware variants. Caution is always appropriate but there is almost no way to avoid infection entirely especially when websites can get infected and load malware on your PC without any user interaction at all. The organizations that REMC1 supports which adhere to the industry standard best practice known as “least privileged access” have nearly eliminated their infection rate. Infections will spread through network shares to all PCs as well as destroying the infected PC so this is an important item to consider. When you factor in ransomware the risks are losing all of an organization’s data requiring a complete full restore to be done on multiple network servers. This will cause the loss of all work for the whole organization performed since the last backup. Restoring all data and fixing network services would likely take multiple days causing further disruption.
Does any of the following fit anywhere?
With that said REMC1 must advise deep caution in installing anything. Most things are now online and in the cloud requiring no applications to be installed locally that are not already installed by default when the machines are deployed.
If admin is absolutely needed we would like to add you a separate admin account to your machine. We would wish you to use your normal account for regular daily tasks. If you needed administrative access we recommend logging out of your normal account, log into this special admin account and install/perform your admin operations. When you complete your admin tasks log out of the admin account and back into your normal account for safety. We feel this precaution will help maintaining your machine in a functional condition while you are away from the area since you will only have phone support (and we will not be able to re-image your machine if it were to be disabled by malware or viruses). This is also to help (but cannot prevent) the infection of critical university network resources, files and services since you will not be logged in as admin all the time but instead only when you need that level of access.
Citations: Antivirus isnt enough: https://www.tripwire.com/state-of-security/latest-security-news/70-of-malware-infections-go-undetected-by-antivirus-software-study-says/
PDF Format: View file name 70% of Malware Infections Go Undetected by AV Software.pdf height 250
...
Least Privilege (not using admin permissions) explained in detail: https://www.beyondtrust.com/blog/what-is-least-privilege/
PDF Format: View file name Least Privilege_ What it is and Why You Need it _ BeyondTrust.pdf height 250
Abandoned. Seems too technical and doesnt spell out and underline the risks clear enough. Members need to know "How this affects them" in every way so they feel it is important.
A Guide for Best Practices
...