This is for Windows XP users (maybe 2000, not sure). What account do you use for everyday activities? Also post a brief reason.

On my computers, I run as an admin. In that manner, i can be sure that teh application will install and that it will function fully when run.

and as teh sole user of my computers (well one of 'em anyways), having just one account makes more sense and it leaves Windows nice n tidy.

Admin account only. Limited account is useless for a skilled user & complicated for a newbie.

-{ Quote: "Admin account only. Limited account is useless for a skilled user & complicated for a newbie." }-
Agreed.

Hi,
vote = admin

I usually make 2 accounts, 1 which is admin and goes by my name and the other I name 'Limited' for obvious reasons.

Admin acc.
However I prefer a sandbox with it like GesWall, Defensewall etc.

Tried Limited for some time. It worked, but not all programs like it :) So eventually went back to Administrator mainly.

Hello,
Windows does not work well with Limited. I use Admin account in Windows. Saves the hassle of broken and semi-broken software runs. Limited can be ok for newbs.
Mrk

As far I noticed, security experts usually advice to use a limited account, but I prefer an administrator account.
It's risky, but I'm still working on my security setup and I don't fool around on the internet, YET.

I use a limited account and use "run as" when necessary. :)

Admin :thumb:

Admin for me. I am aware of the security implications but I don't think XP is very good with user accounts at all. I set up my sister's computer with limited user accounts complications with some software installs. This definitely put me off even thinking of a limited user for myself.
Different approach in Vista but for XP on 3 computers I am Admin.

-{ Quote: "Admin :thumb:" }-

Likewise. Admin

Only one computer and one user here so it makes sense to just use Admin.

Admin with only a hardware and sofware FW. Full-time AV scanner in OFF position. Still waiting for a PC bugs.

Surprising... with all the security experts out there and IT professionals recommending we run as limited accounts only...

And here at Wilders, where all they gather... all run as admin.

:T

Admin account only, so i am the only person using my Laptop.

Admin for me also.

-{ Quote: "Surprising... with all the security experts out there and IT professionals recommending we run as limited accounts only...

And here at Wilders, where all they gather... all run as admin.

:T" }-
maybe Vista will change this. tho somehow i think id still want to be admin under Vista.

-{ Quote: "Surprising... ~~~ ... all run as admin." }- I'm a little suprised too. :-\

It's very difficult to catch a PC bug if you use the gray matter between your ears. Would you want to put on training wheels if you already know how to ride a bike?

A limited account is the right answer for a click-happy noobs.

Admin account only, I am the only person using my computer. You really can't fix problems with a program or OS on a limited account.

Greetings All,

I'm surprised that so many are running as an Administrator, I personally run as a Limited User and us "Run As" as and when it's needed. It doesn't cause me any issues and Eset NOD32 AntiVirus System along with Webroot Spy Sweeper don't encounter any issues running with said priviledges. I know it's said by many Security Specialists that you shouldn't run as an Administrator, and in all honesty, regardless of the view that this type of Account is for those of little Internet knowledge, I still believe it's a strong attack mitigator in the sense that if a Trojan Horse or a Worm penetrates your outer defense such as a Software Firewall or a Hardware Firewall Router, the "damage" it causes your system is severely reduced. I have two Accounts on my system, my current Profile, and the Administrator Account along with ASP.NET and the appropriate IIS-related Accounts.

This method's affects were shown in good stead when I had an encounter with a Trojan Horse exploiting the Windows MetaFile issues patched 6 months ago by Microsoft, my system is up-to-date, I was using my day-to-day Limited User Account and am running Eset NOD32 AntiVirus System along side Webroot Spy Sweeper. I was searching for MySQL Hosting and followed a legitimate looking hyperlink. Lest to say Internet Explorer bore the brunt of the attacker, meanwhile my AntiVirus Client quarantined the infected files instantly with Spy Sweeper bring up said rear blocking communication with the Server. I think they're a brilliantly complimented pair. Either way, my system wasn't affected and it could have been far worse. I'm considering installing Windows Vista BETA 2 and if anything, I'll be using the same method.

Regards,

Scott Sutton

The primary goal is to use common sense so that your PC is not susceptible to such attacks. My 2nd line of defense is to have available several good image files of the OS to restore in case of an infection.

Since my OS partition is under 900MB, I can create or restore the image file in under 40 seconds.

To me, running with a restricted account is like driving with one eye closed. I will gladly give a little in PC security to gain a lot in PC useability.

Only user, so Admin. here.

This is true. Limited accounts are too... stripped if you will, and there is no easy way to install programs or get half of what I use to work in a limited account.

Admin is the evil. But less bothersome.

I use Admin, and I have my kids set as limited. I deleted that other one, called tech. I forgot the whole name of it, but I deleted it ;D But now I wonder what that one was for? ???

'I usually make 2 accounts, 1 which is admin and goes by my name and the other I name 'Limited' for obvious reasons.'

I voted Admin above but

...I like to run browsers and email limited, 'Run as' Limited in admins account works or try another app, Process Explorers 'Run as Limited User...' will do the trick.
You can also automate the process so not to have to right click : r/c shortcut, select properties, click on short-cut tab and then Advanced - select run with different credentials then click ok. :)

Mr. and Mrs. Mercurie, ADMIN., all the little chicks LIMITED. ;D

Always Administrator... ;)

ADMIN :thumb: , windows doesn't have a good enough normal user setting yet like *nix.

Alphalutra1

An account with local admin privvies. I always give the Administrator account a password also..IMO many people perform the mistake of leaving it blank..and there is some malware that can install itself assuming that.

Also...how many people here have worked on networks (domains)..where the person who set it up still leaves the local Administrator account <blank> :-X :thumbd:

As usual, the Administrator! :lurking: Because running with Limited accounts is called messed-up security and MS made the LUA system in XP way too bungled up.
You run as an admin, with various security restrictions and proper and layered security programs in place.

You should never run as an admin, unless you really need to for installations or changing security settings. Your HIPS settings can be changed, hacked, AV turned off, etc., and you could screw something up when you're not paying attention to what you're doing. It's just really careless to do that.
Newbies...::)

I do it....but YOU SHOULDN'T DO THAT! ;D

good way to set an example :thumb: :thumb: ;D ;)

38 admin vs 2 limited users. yup we need vista.

I read, that eg. IE will run, even in admin account, with limited rights in Vista.
I asked beta tester and he confirmed me, that I will be able to disable it, cool.

Only Admin account . I cannot do many things in my limited account in XP ::)

Admin
But...Browsers and e-mail are run as non-admin (via DropMyRights).

The only valid rationale I know is this: Running as an administrator is required for some programs to function properly.

And remember that you cannot expect everyone to run with limited rights. Becuase too much security can kill your functionality.

Which is more worthwhile? There's no answer to that.

What's a balanced diet in this case? Running with administrator rights is not necessarily a security risk, but it is what I call balanced security. Which means you won't lose any security while still retaining functionality.

As always, it seems to be a choice.

This is education. And there's really no need to label others as newbies or whatever other name, because we're all learning together as a community. Even the experts need to learn new things to keep up-to-date,right?

Administrator on this box. I want to control everything, having enough toys to protect this box.

I don't see a newbie as an inferior person. My wife is a newbie regarding computer security, but regarding a lot of other things not (I am sometimes).

Gerard

In between there is the power user option.

At work we use power user, eitehr it alwais work .. or there is a nice prompt that say: enter admion login when needed.

However one should not rely on poer user to secure a network as from there it's easier to get root access if you are a malicious user. But as long as self-security goes ... it's a nice option.

I use Admin. account being the only user of this computer.
I have read a few times it is safer to use Limited account, but a number of years later so far, so good. ;)

I run as administrator...

Nobody likes to be limited in what he is doing. No wonder the administrator vote is so high.
An adminstrator account = freedom, a limlted account = handcuffs.

I run in admin mode but I do restrict certain processes from running in "admin mode" with the Software Restriction Policy tool found in XP Pro.

I have also hardened my system as much as possible, this means disabling stuff that can be used in attacks (Command Prompt, Windows Scripting Host, Services etc.). Of course I don´t need this stuff most of the time, but if I do I can temporarily enable them.

But I´m still looking for a good sandbox tool that will restrict certain processes even more. Of course I´m also blocking all executable and other possible dangerous files from executing with SRP and SSM. Combined with common sense, my system should be malware free, normally speaking. ;)

Admin. here, too many hassles as limited account. Besides my system is well protected anyway.

Limited User

Only run as sys admin when needed ..

I only uses Limited Account when surfing the net, and Administrative Account for some other things. I think, you're very safe on the net when you are in a limited acct. together with good protection softwares. ;) But some programs don't behave well in limited acct but I'd rather not use those programs.

I only use Admin because of how restrictive Limited is. But my XP installs have first been stripped of most of the vulnerabilities with nLite.

But I use it without a password, because you are better off not having one if you are the only one using it and you have physical security of it. XP will not let anyone by default (even the best hackers) into your user account from the outside if there is no password on it. However, if you have a password and someone figures it out with a keylogger/trojan or something, then you are owned.

-{ Quote: "I only use Admin because of how restrictive Limited is. But my XP installs have first been stripped of most of the vulnerabilities with nLite.

But I use it without a password, because you are better off not having one if you are the only one using it and you have physical security of it. XP will not let anyone by default (even the best hackers) into your user account from the outside if there is no password on it. However, if you have a password and someone figures it out with a keylogger/trojan or something, then you are owned." }-

Well, wasn't there malware that took advantage of the assumption that Administrator didn't have a password?

Administrator always, same reason as all of the above.

It strikes me, that security experts, who always recommend a limited account to users, are very quiet in this poll. Maybe they don't like to admit, they also use an administrator account. ;D

Almost exclusively as "power user" on Win2k SP4. I am using the administrator account only if it is absolutely necessary (~ once/month or so, for updating windows manually).

-{ Quote: "Well, wasn't there malware that took advantage of the assumption that Administrator didn't have a password?" }-

You missed the part where I said no one can log in from the outside. Malware on your computer is working from the inside already and then it's irrelevant if someone can login to your account from the outside.

-{ Quote: "It strikes me, that security experts, who always recommend a limited account to users, are very quiet in this poll. Maybe they don't like to admit, they also use an administrator account. ;D" }-

I have no doubt the 'security experts' *HERE* use admin accounts, since most of their cool HIPS and other toys aren't designed to run on limited accounts yet (though I think this is slowly changing) and the people here are of a special breed who like their toys.

On the other hand if you run with limited accounts, you are already protected from many (but not all) the things people here rely on external security software.

You will find that people who don't rely on anything except their hardware firewall, will tend to use limited accounts.

Since almost everyone here loves their security software, obviously they wouldn't fall into that group.

It's hard for me to answer the poll, because it depends on what computer I'm using. I have one that is fully fitted with the coolest and latest wilders approved toys and that one runs in admin.

On the other hand, on other computers which are not as heavily protected/ burdened, just basic software firewall or antivirus (sometimes not even that), I run almost always with limited accounts.

My Dad also runs using limited accounts without a hitch. He runs as admin only if he has problems installing progams, but thus far he seldom as the need.

But you guys who like to play with your systems, install programs, obviously it wouldn't work.

You can use admin account and no realtime aplications and you can be protected.
Security is about settings (Windows, browser, etc), not about dozens of toys used.

-{ Quote: "You missed the part where I said no one can log in from the outside. Malware on your computer is working from the inside already and then it's irrelevant if someone can login to your account from the outside." }-

I think I understand your logic now. Apologies.

As for security experts here... I dont' actually recall anyone advising to run in a limited account. Something like "dropmyrights" maybe... But actually telling us to run in full limited account, no.

As for tweaking systems, options, and etc., I'd be reluctant to agree with that. I mean after all, with activeX turned off, scripts blocked and everything else, that couldn't even prevent the wmf of last winter. Keeping your computer up to date helps, but realtime... I think it's still needed for AVERAGE users.

-{ Quote: "Surprising... with all the security experts out there and IT professionals recommending we run as limited accounts only...

And here at Wilders, where all they gather... all run as admin.

:T" }- I agree. It's really astonishing that most people here rather prefer playing around with dozens of HIPS software. Most of them they simply wouldn't need under a limited account.

And I'd like to ask those of you who maintain that Windows isn't really usable under a limited account: If even my children (16 and 12 years old) can do it - why can't you ???

I've been doing it for many years, and I don't have any problems managing my Windows XP via the runas command and Aaron Margosis' MakeMeAdmin appoach. Have a look at http://blogs.msdn.com/aaron_margosis/ - you'll find a lot of valuable information regarding this topic. I suggest starting with this site (http://blogs.msdn.com/aaron_margosis/archive/2004/06/17/157962.aspx)

-{ Quote: "If even my children (16 and 12 years old) can do it - why can't you ???" }-
thats an easy question. it all depends on the software u use and the things you use teh computer for.

if one simply has AV/FW and browses teh net, then using a limited account would not cause problem.

but for those of use who install/remove many programs and do many tweaks, the limited account would be a terrible inconvenience.

-{ Quote: "As for security experts here... I dont' actually recall anyone advising to run in a limited account. Something like "dropmyrights" maybe... But actually telling us to run in full limited account, no. " }-
Or you don't read many posts or your memory is bad, but I've seen it several times, but I'm too lazy to look for the posts. :)

-{ Quote: "Or you don't read many posts or your memory is bad, but I've seen it several times, but I'm too lazy to look for the posts. :)" }-
This is true.

I should really get out of the software & services section more often.

Administrator account on my personal pc.

With my Ghost backups nearby. ;)

Administrator. My computer just doesn't run right in limited status. I have Image for DOS so... Damn the torpedoes, full speed ahead!8)

-{ Quote: "I agree. It's really astonishing that most people here rather prefer playing around with dozens of HIPS software. Most of them they simply wouldn't need under a limited account.
" }-

Less fun.

-{ Quote: "
And I'd like to ask those of you who maintain that Windows isn't really usable under a limited account: If even my children (16 and 12 years old) can do it - why can't you ???
" }-

I guess your children don't constantly tweak system settings trying to 'harden' their system, download and install whatever seems popular and new
programs particularly security programs and in general make major changes to their setup once every week or so.

-{ Quote: "thats an easy question. it all depends on the software u use and the things you use teh computer for.

if one simply has AV/FW and browses teh net, then using a limited account would not cause problem.

but for those of use who install/remove many programs and do many tweaks, the limited account would be a terrible inconvenience." }- Most normal applications can easily be installed with MakeMeAdmin. This is not true mainly for software that require a reboot after installation and further configuration with admin rights. This applies to many security applications. But - as I said - many of them are simply superfluous under a limited account. Example: Many people use applications which protect their hosts file - but a limited user has no write access for this file, so these programs are completely dispensable. The same is true e.g. for large parts of the registry and for most autostart locations - see this (http://www.wilderssecurity.com/showpost.php?p=698115&postcount=14) posting.

I agree that it might be fun to experiment with all these programs (I'm using some of them myself because I'm a control freak ;)) but they don't replace a sound security strategy. A sound security strategy starts with using a limited account - if you do this you no longer depend solely on your security applications (with their inevitable bugs), but they are simply a complement.

I found excellent support for my arguments in this (http://www.techsupportalert.com/security_scanners.htm) highly interesting reading of a test of 16 security scanners. Especially enlightening is this conclusion:

"First, it's almost impossible to defend your PC from a modern malware program that is allowed to run on your PC with full admin privileges. The problem here is not with the security programs. The problem is with Windows."

I run as admin, BUT I start my internet progs (Firefox, Thunderbird) with Dropmyrights.exe, ie with limited rights. Works fine here.....

-{ Quote: "I run as admin, BUT I start my internet progs (Firefox, Thunderbird) with Dropmyrights.exe, ie with limited rights. Works fine here....." }- Dropmyrights is the wrong way - see my postings here (http://www.wilderssecurity.com/showpost.php?p=747254&postcount=10), here (http://www.wilderssecurity.com/showpost.php?p=747790&postcount=14) and here (http://www.wilderssecurity.com/showpost.php?p=617172&postcount=15).

i use admin, but for my wife i have create a limited user.

BHH

@tlu

...additionally I'm using Noscript,KAV,SSM and most importantly...........common sense! ;-)

I use an administrator account; however, my girlfriend's account on my computer is a Limited User account.

-{ Quote: "Or you don't read many posts or your memory is bad, but I've seen it several times, but I'm too lazy to look for the posts. :)" }-

Nah, compared to other forums, WSF isn't really into LUA, most of the posts about that come from Tlu . WSF is into HIPS. Many of them need to run in admin I think.

-{ Quote: "Nah, compared to other forums, WSF isn't really into LUA, most of the posts about that come from Tlu . WSF is into HIPS. Many of them need to run in admin I think." }-When I initially setup all my home machines, they were all setup with the primary user accounts as LUA. I simply ran into too many compatibility issues (mainly the kids games, although at the time Norton Systemworks couldn't deal with LUA on initial release either, there were other application issues as well - none security software related although I do not recall details now) and eventually I gave it up since, frankly, I had better things to do with my time. Should this have been the state of affairs? No, but it was.

Blue

-{ Quote: "Admin account only. Limited account is useless for a skilled user & complicated for a newbie." }-

Admin account for me as well, for the above quoted reasons.

-{ Quote: "Admin account only. Limited account is useless for a skilled user & complicated for a newbie." }-

Agreed two.

Salu2

-{ Quote: "Dropmyrights is the wrong way - see my postings here (http://www.wilderssecurity.com/showpost.php?p=747254&postcount=10), here (http://www.wilderssecurity.com/showpost.php?p=747790&postcount=14) and here (http://www.wilderssecurity.com/showpost.php?p=617172&postcount=15)." }-

I didn´t know about this, I´ve read the article but I didn´t understand everything. But with a HIPS blocking things like "Windows Messages", you should be able to stop these attacks, I assume? ::)

I used to run as limited, but that didn't last too long. I guess I'm too lazy to switch which is pretty bad becuase I even have a fingerprint reader to switch accounts fast with. Placing my finger on that darn fingerprint reader is just to much work lol.

I changed my account from the Administrators group to Debugger Users.

What I observe from my studies is that running using the LUA or Limited User group imposes excessive restrictions. Guests and LU group have same level of privileges but way too excessive.

Debugger Users can have access to some system areas still, but DU is really a non-admin group with no loss of functionality at all. Debugger Users have access to the MDM, no other privileges.

Instead of using the user accounts in the windows cp, go to run and type control userpasswords2. XP Pro may have more flexibility over this.

LIke so many others Admin here too.

Admin of course,this is my PC and nobody can touch my baby.

Admin..... cause I B lazy.:-[

I clicked too fast. I checked limited, but should have checked other. I have three accounts: installed admin, with incredibly long complex passphrase; managing admin; and Power User acct. which I use for daily stuff. I am doing the unusual today, I am here from the admin. rare. dangerous. Doing updates of all programs. Just finished Port Explorer.

Power User (~90%) under with all kinds of custom security restrictions/privileges for the different accounts and Administrator (~10%) when necessary.

-{ Quote: "Admin account only. Limited account is useless for a skilled user & complicated for a newbie." }-

Limited User. I don't suffer any problems running office apps, email and doing my development work (.net and php) and the changing to admin or using run as to install and change configurations.

I voted Limited as I use that most. I am the Admin also, but as discussed there seems to be 2 schools,and when on the net I use the Limited. When I have a down load intention I will use my Admin.

I use administrator.

I run as Administrator.

With Deep Freeze protecting the system partition, I'm not worried about any unauthorized changes.

-rich

Admin for me, fewer restrictions, fewer problems

Admin, full control. ;)

Administrator

Limited account, especially if I will need to go online.

Phil

Admin, don't want any limitations on me on MY computers. Why would I want to be abruptly stopped from installing something that I already bothered to get the installer off the web ???

Well, whatever. Some people choose Limited because of good reasons, too (mostly Security). But I'll stick with Admin, I can't stand being limited on something I rightfully own.

Administrator

I said "Other" because I use Administrator but with vulnerable apps filtered thru "DropMyRights".

Acadia

Everyone here uses Full administrator accounts. Sometimes we will set up our friends, reletives and clients computers with limited accounts because they have mucked their computers so often.