Benefits of running as non-admin?

Hi,

I was wondering what some of the benefits are of running as non-admin.

Can I still get viruses, worms, spyware, trojans and rootkits?

If I read my email this way will it protect me from becoming infected?

Do I need to run my regular security software (av/as/fw), while running (surfing) as non-admin?

Any other benefits from running as non-admin?

Thanks very much.

Quote:

Originally Posted by Doug Baker

Hi,

1//I was wondering what some of the benefits are of running as non-admin.
Can I still get viruses, worms, spyware, trojans and rootkits?

2//If I read my email this way will it protect me from becoming infected?

3//Do I need to run my regular security software (av/as/fw), while running (surfing) as non-admin?

4//Any other benefits from running as non-admin?
Thanks very much.

Hi
1// Yes you can still get them, but they won't be able to get to the core of your system, since getting to the core requires admin privileges. Your non-admin account would get infected, but you'd then restart the computer, get into your admin account, and from there delete the infected user account.
Data from this account would be lost, however.

Also, if other partitions or hard drives are available from the user account, the malware could get there in ambush for later, so yes, an AV would be welcome, at least from that moment on.

2// See 1//

3// Your FW is launched at the system level, so it will continue to run while switching to and running in user mode. same thing for real-time protection AV/AT. No end-of-the-world destructions in user mode, but cleaner to have FW and AV as well, especially FW

4// Adds another welcome layer of security without clogging the computer with more software. A very intellignet habit to get, indeed. The idea of Admin/user duality comes from the Linux world, where it has been apllied for many years.

Rgds

[BornMember]

this seems like a good idea

Does anyone else agree? what do the seniors think?

[DigitalMan]

Good question - asked it myself.

See this for an excellent, detailed discussion of pros/cons of running as a limited user in Windows:

Security Benefits of Logging in as Admin

Also see Wilders threads:
Thread #1 - Limited User Accounts
and
Thread #2

The bottom line answer to your questions seems to be:
It can help to run as a limited user - maybe a little, maybe a lot
It will not prevent infection / intrusion
There may be some useability / convenience tradeoffs in doing so

I personally decided not to run as limited user because I have 2 applications that won't support that mode and I don't want to dedicate the time to track down workarounds.

[squash]

I run this Windows XP computer as limited user for everyday use and admin stictly for installing software, upgrading software etc.

I think that if you install lots of software, it will definitely be inconvient for you beause most programs require access to the registry. With a limited user account, it does not allow write access to many parts of the registry except for its own registry seciton HKEY_USER.

By running as a limited user, you will still be able to get infected if a malware install to for example "My Documents" instead of C:\Program Files... that is why you will still need a antivirus and firewall for protection at the very least. The limitations of the limitation accounts complement an IDS such as PrevX.

Running as limited account in Windows XP should not however be used as a security feature on it's own but as an additional layer (somewhat a good one) to your additional security apps. In the *Nix/Linux world, the concept of Chmod 700 etc allows the non-root user to be further limitated by what the root user gives as the previleges.

Windows XP Professional has this "Chmod" concept (as Read, Write Modify instead of numbers) however Windows XP Home does not. If you have Windows XP Home, a limitated account is another layer not a security "feature". If you have Windows XP Professional, you can you limited account as everyday and furthermore increase limitation with (Access, Write Modify) on critical files such as the operating system core files.

Limited account can be considered as a security layer and not a security feature on its on as in *Nix/Linux because Windows XP does not have these capabilities and was slanted towards ease of use not security such as *Nix/Linux which has carried out this tradition every since it's invention.

[meneer]

Quote:

Originally Posted by BornMember

Does anyone else agree? what do the seniors think?

There's a challenge... Okay, I'm quite senior here, and I consider this a major security measure.
If you need to, you can always, form a limited account, run as an administrator.
Even Microsoft has a tool to allow administrators to lower their rights for certain apps (IE more specific) (forgot the specifics, sorry).