Just like on your smartphone, one of the easiest ways for your PC to end up with a nasty malware infection is by installing new apps but Microsoft is working on a new solution to shore up one of the main ways malicious software can take over your PC.
Hackers often make their malicious apps stronger by requesting access to unnecessary permissions that give them greater control over your devices. On Android, this is done by abusing the operating system’s accessibility services while in Windows 11, the same thing can be achieved by tricking unsuspecting users into granting administrator privileges for a particular app or a program.
In fact, according to Microsoft's latest Digital Defense Report, token theft incidents which abuse user privileges in this way have risen to almost 40,000 per day. With someone’s authentication tokens in hand, an unauthorized attacker can impersonate them online and gain access to any sites or services — like their email or even their online banking account — that they were previously logged into.
Many things like adjusting the time-zone, making registry changes, installing new apps and more on one of the best Windows laptops often require admin privileges. The problem though, is that if your device is infected with malware, hackers then have direct access to all of these same capabilities and can leverage them to silently make changes to your PC in the background in order to steal your data and your credentials.
Unfortunately, some software requires administrator privileges in order to work properly and there’s a very fine line between standard user permissions and administrator ones. This is where Microsoft’s new administrator protection feature comes into play and it could be a real game changer for Windows security.
Administrator protection
Currently in preview, administrator protection is a new security solution from Microsoft that gives you the best of both worlds when it comes to standard and administrator privileges.
Windows users have all of the safeguards that come with standard user permissions by default but when they need to, they can easily make system changes or install new apps on their PCs.
With administrator protection enabled, when a system change requires admin privileges, they are prompted to securely authorize this change using Windows Hello which is a security feature designed to allow users to sign in to their devices using facial recognition, a fingerprint or a PIN.
To give an app or the system itself administrator rights, Windows creates a temporary isolated admin token. Once the task at hand is complete, this token is then immediately destroyed which ensures that these admin privileges aren’t persistent and thus can’t be misused by hackers.
In addition to ensuring that users and not malware are in control of system resources in Windows, administrator protection will also disrupt the attack chains used by hackers in their cyberattacks. This is because they will no longer have automatic, direct access to the operating system’s kernel or to other critical system security without Windows Hello authorization.
One way to think about this is as a sort of beefed up multi-factor authentication (MFA) but for making changes to your PC. In the same way that you need to provide a fingerprint or a code to access your online accounts protected by MFA, with administrator protection, you need to provide a facial scan, fingerprint scan or your Windows PIN to change settings or to give certain apps admin privileges.
How to stay safe from Windows malware
Once administrator protection officially launches, you’re definitely going to want to enable it but there are other steps you can take to keep your Windows PC safe from malware.
For starters, you want to ensure that Microsoft Defender is enabled as this built-in security software can help protect your PC from malware and other viruses. For extra protection though, you may also want to consider running one of the best antivirus software solutions alongside it as many contain extra features like a VPN or password manager to help keep you even safer online.
From there, just like on your phone, you want to be careful when downloading and installing new apps. Sticking with trusted app stores like the Microsoft Store is always a good idea but when you do need to download software that isn’t available there, you want to make sure that you are actually on a developer’s site and not a lookalike. You see, one of the ways hackers trick people into downloading and installing malicious apps is by using fake ads in search engines.
People often click on the first link they see in search results but at least on Google, the first few results are actually sponsored ads. In the same way that you or I could buy an ad online, hackers can as well and this has become a very common way for them to distribute malware online.
The most important thing you can do though is to keep your PC updated regularly. On the second Tuesday of every month, Microsoft rolls out a number of bug fixes and security patches as part of its monthly Patch Tuesday initiative. While updating your PC so often can feel annoying at times, it’s an essential part of practicing good cyber hygiene. The same goes for your smartphone and all of your other connected devices as hackers love to prey on users running outdated software.
We’ll likely hear more about administrator protection once the feature is ready to roll out officially but I’ll be following its development closely in the meantime as it could completely change how hackers go after Windows PCs in their attacks.