Windows 7 standard user vs admin

Some advantages of malware that never gets elevated rights (vs. malware that does):
1. Usually easy to clean. You've mentioned this in the past if my memory is correct.
2. More difficult to interfere with the operation of antivirus and other security software.
3. Can't hide its presence from security software that runs with admin rights.
4. Can't steal data from other user accounts.
5. Can be discovered via autostart enumeration programs such as Autoruns running with admin rights.

I was a bit hasty in my previous recommendations. If your computing habits/setup are such that you are unlikely to get malware in the first place, then most (or all?) of this thread can be ignored.

 

Yes, you are right, somewhere I did mention it. Still, it needs to be removed one way or another and the disappointing part of it all is that it gets allowed in the first place, no matter how minimal its impact may be just because it's running at user level.

All good and valid points to be sure. Still, I want to keep it out in the first place so all of this should become, at least in theory, immaterial.

It's far too interesting to ignore. Just because of my stance, does not mean I am not somehow positively influenced by your shared knowledge. You've got me thinking about and possibly re-evaluating my security approach. You are a smart cookie

 

Same here . That begs the question: then why not just run as a protected admin with UAC set on max? How does running as a protected admin with UAC at max decrease your ability to keep malware out in the first place (vs. using a standard account)?

 

Ha ha...it probably doesn't decrease it. It's just that for me running as standard user is the "proper" way to do things, because I can, and because it is still a bit more of a "safety barrier" over that of running protected admin. I know my employer isn't going to give me admin rights on the work machines just because I tell them I'm responsible and capable enough of keeping out malware

So on this note, it pains me somewhat to be using a tool, in this case one that elevates a process, that isn't perfect in a security sense, although it's tough for me to let it go and use something else, mainly because I've yet to find anything that does it like SuRun. I see Kay has posted the b2 with the fix

 

Here's another demonstration of how malware can get itself elevated within an infected account:

Malware changes the program launched (a per user setting) for .MSI files to a malicious program, perhaps named something such as "Windows Installer.exe". Now when the user opens a given .MSI, the malicious program "Windows Installer.exe" is launched and requests elevation. If the user allows the elevation, then the malware can install a rootkit and pass control to the real Windows installer to continue the given installation.

 

When using a Windows 7 protected admin account with default UAC settings (or any below max), malware can elevate with no UAC prompts.

 

So then this will not happen on a standard user account?

 

That's correct. It also wouldn't happen in a protected admin account with UAC set to max, which isn't the default setting.

 

OK thanks.

I've had the UAC slider at max since I installed W7, even though people were telling there was no significant reason to do so.