One Secret That Will Keep Your PC Secure
You Can Increase PC Security and Stop Most Spyware and Viruses With This Simple Tip
Almost all spyware can be blocked without buying special software. PC Security can be as simple as changing one setting on your computer. They won't give you the strategy at your big box retail store; perhaps they know it and perhaps they do not.
A Little Background
When you buy a PC and turn it on for the first time, Windows creates an account for you. Unfortunately your PC security is at risk almost immediately. While you get to select your account name and password, you do not get to choose your permission level. Your account, by default, gives you permission to do just about anything to the computer. You can install programs, remove programs, change security settings, edit the registry, and perform many other potentially disastrous tasks. However, you have no malice in your heart. You'll probably never do any of these things, right?
Actually, you do these things without being aware. Well, Windows does them in your name because you're logged on with administrative permissions. When you install a new program you usually need administrative permissions to complete the task. Windows anointed you as an 'admin' when your account was initially created. In a perfect world this isn't a problem. In a perfect world we all know what we're doing and no one wants to take over our computer to control it from China.
If you live in a perfect world, feel free to stop reading now.
Here's the rub: any program you launch will run with your current permissions. If you're logged on with admin permissions then your programs will have admin permissions. This includes spyware and malicious programs that you accidentally download from the Internet.This also includes email attachments that you accidentally open. Spammers depend on the opportunity to leverage your account permissions.
"Super User" privileges seduce users, but any competent system administrator understands that it's dangerous to log in with admin permissions. One of the first points of emphasis in Admin School is to hammer home the risks of using a Windows computer as an administrator. This is also true for Linux computers, but Linux doesn't typically create new accounts with admin permission. When Linux adds user, it severely limits the capabilities of the new account.
Windows XP allows you to demote yourself to a Limited User. As a Limited User you don't have the permissions that a Computer Administrator User has. You can access the files you create and run most application programs but you can't make system-wide changes. You also can't install programs. In other words, if you accidentally download spyware then Windows usually won't allow it to install.
Demote yourself by opening the Control Panel and double-clicking on the Users icon. Change the Account Type from Administrator to Limited.
What Could Go Wrong?
some software may not run any more. It's possible that a program may
require resources that are available only to administrators. Some
programs are simply poorly designed. The good news is that individual
programs can be launched with admin permissions even if you're not
logged with admin permissions. Hold the Shift key down and right-click
on the icon of the desired program. A context menu will appear next to
the icon. Click Run As , then enter the ID and password of the account with admin permission.
You Can Change Your Mind
If reducing your permission level causes you too many problems, you can always promote yourself back to admin level again. You'll have to log in as someone who already has admin permission so be sure to keep the password for the Administrator account handy.
In all Fairness...
Microsoft actually discourages the practice of working as
Administrator. They understand the impact on your PC security. Look in the Help and Support Center that installs with
Windows XP. Go to System Administration / Password and User Accounts /
Overviews Articles and Tutorials. It's a puzzlement as to why they
programmed XP to create new accounts with admin permission by default.
Actually it's not a puzzlement. Limiting user permissions causes more calls to tech support and more frustrated users over the life of the computer. Windows users are conditioned to working with administrative powers all the way back to Windows 95. Windows users are also conditioned to accept the risk of spyware and viruses as inconveniences that simply come with the territory. Perhaps if we spread the word about limiting permissions, we can make a difference.
Some photos may be courtesy of http://www.sxc.hu/