I've tried using my PC with limited user rights, a PITA. I always install and uninstall crap so its a no-no.
I use an admin account and have UAC turned off for the same reason. If I wasn't continually installing and uninstalling software it wouldn't be so bad I guess. Edit: I guess a lot of people are happy having limited access due to the increased security and like being prompted when administrator access is required, and also like receiving UAC prompts. That's fine, but personally I absolutely hate receiving lots of prompts for action, and want any prompts asking me what to do to be kept to an absolute minimum. I want my AV software to prompt me for what action to take when a threat or possible threat is found, but other than that I want my AV software to be silent as much as possible. Yes, I know that makes me more susceptible to infections, I prefer that to being constantly interrupted with prompts.
Only to install software or change system settings, otherwise a limited account. I've been running things this way for over 10 years now on all versions of Windows since NT4 that support it. No malware or security problems since I started doing this with a fairly minimal amount of security software and a fairly lax attitude to upgrades. I also tweak the file permissions to make the user account a bit more secure. Yes it's a PITA but so is a malware infection and having an online account hacked due to one. So is having heavy security suites installed that eat up system resources. I don't install software that often. I usually vet it thoroughly in a VM and then a test machine before I use it on my main machines. I find it much more effective to have a minimal amount of software that I know well for what I really need it for. Apart from malware, there is a lot of software that is badly written, badly behaved or just doesn't work well in my system and most of the software I reject is for those reasons. Limited privilege is one of the foundations of security, computer or otherwise, and any time you use a computer in a public library or well set up corporate network, you are going to have your privileges limited for a good reason.
Yes for xp, no for win7 recently removed av and started using std account. Lets see how much I can tolerate
One of the reason for running a standard or limited account is to make privilege escalation harder; however, I feel confident in my use of network groups policies and other access control methods: layered access, layered defense (software, hardware, & operating system), etc. to be sufficient to negate most of the risk. Physical access aside, against better practices, I do run admin on my own personal devices and standard accounts on other computers. Below is a summary of the steps (my best practices) that I've taken to mitigate my risk. Data Management: all sensitive and personal information is saved on encrypted external drives. all sensitive and personal information is accessed on non-networked PC. exception: password manager, accessed via separate portable mediums. all external drives are securely locked up and hidden amongst decoy drives. system cleaners for wiping data, shell-bags, etc. System Management: application segregation via app/task specific sandboxes. annual full system restore. sandbox: drop-my-right enabled & strict access controls disabled/removed unnecessary services per viper's. diversified & minimalistic layered approach: software, hardware, and OS. exploit mitigation w/tailored config (based on default EMET profile) network user groups and user access/control policies. some form of system imaging and virtualization on all computers. UAC max setting updates: check, but wait before downloading and/or installing. unnecessary services are disabled and/or removed. Browser Management: disabled caches, minimal extension and extensions virtual private network used as needed with private tunneler. files are rarely recovered to system. 99.99% re-uploaded/downloaded. portable browsing for sensitive activity. new browser/config each time. Policy; no banking, avoid online shopping as much as possible, etc. multiple methods for certificate verification are used on a site-by-site case. third-party DNS service and regular DNS flushing. sandbox is purged and securely deleted between websites. web-filters to help screen potentially malicious sites. Network Management: virtual router handles mobile traffic separately. direct hard-wired connection into router. no longer using wireless connect. Future Plans: implement additional forms such as biometrics or yubi-key as part of a layered access approach. running only standard account for daily use setting up a DMZ: secondary network behind our internet facing router/modem. possibly switching to counter-mail from existing (yahoo, gmail, etc. services) Obviously, I haven't hit on everything that I've done, but this gives a general overview. I think overall this is more than adequate to handle most system threats. In fact, many would probably say its over-kill. An opinion I can respect, but have no easy answer for. Adding additional hardware and software increases my attack surface area, while too extreme of a minimalistic approach leaves attacks vectors ill-protected. I feel confident that the steps that I have taken are an adequate balance that should handle most common security threats. With exception of course to professional cyber attacks, which residential networks and systems are generally ill-prepared against, and against internal threats due to physical access. Despite implementing proper encryption and layered physical access barriers.
I dont have UAC off, i just dont like running with limited rights. UAC pop ups are not that annoying.
