IT technicians and support providers have long advised that users remove any applications they don’t need and never install any without good reason.
Historically the reasoning was that it was to improve performance and reduce the impact of buggy software and conflicts.
While the historic reasoning is still valid, stripping applications and keeping operating systems as “vanilla” as possible now has more implications for security. More software installed means more vulnerabilities, more update daemons running in the background and more noise in terms of logs and alerts. Unfortunately articulating this is always a little tricky and so we tend to use the examples of LOLBINs – also know as Living Off the Land BINaries. LOLBINs refer to programs and utility executables that are commonly installed with systems and either required for the system to function or commonly left installed. Examples can be anything from GUI applications like Paint, Calculator, Sticky Keys to command like tools like curl, wget, etc. Where possible attackers will use these programs as part of an attack because:
They are commonly preinstalled
They are trusted by the operating system and often run with elevated privileges
They are trusted – and so ignored – by endpoint protection software (like antivirus software)
What to do?
Ideally your organisation should define a clear specification for your workstations and servers that lists what it needs to operate and arrange for everything else to be removed. This can be done by your support team or provider in the form of a “golden build” that is a template for each machine or as a script that runs and removes what isn’t needed.
This same advice very much applies to mobile devices such as tablets and mobile phones – OS utilities and applications from appstores are repeatedly found to have security vulerabilitiies so remove what you don’t need.
