Why Does Microsoft Help Hackers?

I’ve been dealing with my father’s PC, installing a fresh copy of Windows and everything else because he got himself hacked…

SHERTACK Tech Scam - A Warning For Others
Well, I had a fun afternoon yesterday! I received a phone call from a family member informing me something was up with my father’s PC. I connected to find remote access to his PC, all his antivirus, anti-malware programs removed…. then to boot, he was on the phone with the scammers! I started by getting him to hang up on them, but they’re persistent and called back numerous times thereafter.

and the more I set things up, the more I realized how badly Microsoft does security!  How they literally set their users up to fail from the start.

Now, this isn’t the first time I clean up a PC after being infected/hacked/… and typically there is a common thread; software was installed, normally without the user be aware (yes, even with UAC enabled).

So the question becomes, well how did it get installed?  And this is the heart of the issue, it got installed because, by default, the user account that is setup when you initialize Windows has full Administrative rights!

Hence, the minute your PC is compromised in any fashion, the hackers, malicious program(s), … have administrative privileges to go do anything they wish.

Why in God’s name would you assign administrative privileges to the default account?  It’s plain NUTS.

Don’t misunderstand me, I totally agree with the needs to have an Administrative account on every machine, but it should NEVER be the default account.

So, yes, Microsoft helps hackers with their horrible security decisions!

The default setup, out of the box, anyone who connects via the default user account will have full administrative rights because those are the privileges attributed to the default account.
If you invite someone into your home, do you give them the keys so they can do as they please?  NO!

What have I done then to try and improve things?

Sadly, since I could not figure out a way to switch online accounts to be a Standard User, I ended up creating a new local Administrator account and then switched the default account (my father’s) to a local account and set it as a Standard User.  By doing this, it should reduce malicious software/hackers abilities to mess around should he get compromised again.

So by taking a couple little extra steps during your Windows setup process:

  • Create a separate Administrator account
  • Change the default account to be a Standard User type

you can try to mitigate the reach malicious actors have on any system.

Of course, this is standard practice in corporate environments!  Companies don’t give all their users Administrative accounts.

Oh I hear people telling me I’m exaggerating and it can be changed… Perhaps, but do you think the average user is aware of this or even knows how to change the account permissions!!!  No, they don’t.  If Microsoft truly was concerned with security, protecting people, this would have been changed LONG AGO!

It makes me think of the ‘Do as I say, not as I do’.

If you help family or friends with their computers, seriously consider implementing the above mentioned changed, it might just save you a world of pain and possibly stop hackers and malicious software programs from having free reign on the system.  Just one more thing we can do to try and protect ourselves.