The June 2009 issue of Consumer Reports (CR) had an article and ratings on "Security Software." I don't pay much attention to their recommendations because they are all suites and I prefer standalone solutions.

The August issue has a reader response that says, "I just read "Security Software" and in addition to sing software to protect a computer, a good practice is to create a nonadministrator user account for all programs that use the Web. When you browse a site that tries to install malware, the installation fails since your account does not have enough privilege. Any other malicious changes to your computer will also fail."

I looked on the CR forums, but didn't find anyone disputing this statement. If it were that simple, why do anything else? It doesn't sound right to me, but before I post the topic on CR, I would like to know if this is a step that should be included in an area such as, "why did I get infected in the first place."

I tried creating and using a "user account" but it was a drag and so just switched to "administrator" all the time. Now I wonder if I should rethink that and are the consequences of not using "user account" that dire?

A limited user-account can't stop malware, but it can at times, lessen the impact the infection otherwise would have had. If it were so easy to prevent malware from installing, I'd think most people would use it. There are also malware "out there" which can bypass this restriction. The limited user-account in XP is what UAC is to Vista, sort of.

http://www.microsoft.com/protect/computer/...seraccount.mspx

http://forums.whatthetech.com/Limited_User...nts_t88937.html

This type of "protection" has been recommended around these forums.

It is one of the most effective ways to prevent system changes to your computer without you deliberately allowing it. It can prevent "backdoor", or "driveby" attacks where bugs in the software you are using allow malicious code to execute without you knowing it.

It will not prevent a user from deliberately installing malware, which is the most common method of infection. It goes like this:

Malware: "May I infect your computer with a horrible malicious entity?"
User: "Yes, certainly, I really like this program"

or like this:

Windows: "Are you sure you want to download this file?"
User: "Yes"
Windows: "I am about to download this file, it could be bad, are you sure?"
User: "Yes"
Windows: "I have downloaded this file, do you want to run this file?"
User: "Yes"
Windows: "I am about to run this file, it could be bad, are you sure?"
User: "Yes"
Windows: "This file needs administrator privileges, do you want to grant that?"
User: "Yes"
Windows: "Are you absolutely sure you want to install this file that you downloaded?"
User: "Yes"
Windows: "Really? Are you sure?"
User: "Yes"
Windows: "OK"

Nothing protects a user from themselves.

Always password protect the administrative accounts on the computer. Software that is run as a limited user account can enumerate user accounts, find an administrative account, and elevate its own privileges if that account has a blank password.

Another thing to remember, is that a great deal of malware exist for stealing personal info. A limited user-account can still do online banking and such, which malware can intercept. Malware don't need to have administrative rights to be successful. So for keyloggers and other personal info stealing malware, it don't care if it infects HKLM or the current_user under HKEY.

Ken, thats called The Dopeler Effect: The tendency of stupid ideas to seem smarter when they come at you rapidly.

This post has been edited by Ztruker: Jul 4 2009, 02:44 PM

Thank you for elaborating on what I felt was probably the answer: in short, while it may help in some ways, the user may be the primary cause and the user account is not foolproof.

My husband is the other user on our computer and if he wants to install anything, he asks me to do it. I only remember that when XP Pro was installed it took several days to unravel the password/user problems and while there is a password on the account, I found it more convenient to just remain in the Admin account (I appreciated the grim humor from appleoddity).

After I read your responses, I found a very well written description from "Doug" in February 2008 Limited User Accounts. It's got me rethinking the topic and I've bookmarked it for reference.

Thanks for the help.

You are welcome.

And welcome here as well, forgot to greet properly in my first post

Anyways, glad you can use the info given and founded.


Cheers