A Very Simple Security Tip for Windows 2000/XP

[michaelper22 0]

We all know the difference between a limited user and an administrator user under Win2k/XP - you can't/can install major software, perform system maintainence, and other stuff. But using a limited user on a day-to-day basis also provides you with decent protection from a bunch of threats: if the malware is running under your limited-rights user, it can only do as much as you can. For instance, a limited rights user can't edit the HKLM hive of the Registry, so any malware running under the same user won't be able to touch that area. It's extremely simple to implemnt, and pretty effective.Note: don't forgo the anti-virus and Windows updates just because your user is slightly protected.

[contor 0]

i think it is pretty uncomfortable, to be changin users, expecialy whith my slow pc

[michaelper22 0]

i think it is pretty uncomfortable, to be changin users, expecialy whith my slow pc

Here's a trick to work with my security method: If you need to run an executable (say, an installer), right click on the file in Explorer (or on any shortcut) and choose Run As.... You will get a dialog box asking you to enter an admin password. Supposedly Windows Vista will do this for you, but let's not discuss that.....

[FirefoxRocks 0]

I always use the RunAs command. It DOESN'T work on the Internet/E-mail programs on the start menu (although you can do it on those programs, just not there). Microsoft Office programs can't do that (you can do it in Program Files).This is a good security tip.

[Zero Ziat 0]

Can't a malware that captures keystrokes or saves critical data use the RunAs command to abuse it ?

[cangor 0]

Ok, if you're on a school computer, here's a tip to run whatever you want... just name it the same as an existing program (e.g. notepad.exe, iexplore.exe) and it will run... It is really nice and you can do stuff like run Firefox on school computers. (Portable firefox is really nice at school.)

[mattzyzy 0]

for the slower pc - log-off first before you change to another account . it is safe to say Run As is handy but can be as sluggish too at times

[heavensounds 0]

Hm..very good advice. Though I am a bit sceptical because if you know that, hackers know that also almost for sure so they make such programs that use the runas command or something similar that bypasses this limited account...However, this is still a good way to protect youself if you don't mind switching between acounts when trying to install a new program or something...Greetz

[michaelper22 0]

... I am a bit sceptical because if you know that, hackers know that also almost for sure so they make such programs that use the runas command or something similar that bypasses this limited account...

Greetz

 

They can't make their programs use runas because most people should have a password on their administrator accounts (whether it's one they made, or the one windows has by default). To change the passwword of the administrator, log on as an administrator, go to start -> Run, enter control userpasswords2 and hit enter, click on Administrator in the list, and click Reset Password.

[masterio 0]

For instance, a limited rights user can't edit the HKLM hive of the Registry, so any malware running under the same user won't be able to touch that area.

Yeah, you're right!. But remember they still can write to HKCU, so if you use that account for surfing the internet or anything else. The virus or spyware can still capture your activity, because they can write HCKU/Software/Microsoft/Windows/Current Version/Run. And run every time you log on!.

So, Better suggesting is use linux for daily activity !?!? Try Ubuntu Linux is very easy to use and secure!!

[the_aggie10 0]

We all know the difference between a limited user and an administrator user under Win2k/XP - you can't/can install major software, perform system maintainence, and other stuff. But using a limited user on a day-to-day basis also provides you with decent protection from a bunch of threats: if the malware is running under your limited-rights user, it can only do as much as you can. For instance, a limited rights user can't edit the HKLM hive of the Registry, so any malware running under the same user won't be able to touch that area. It's extremely simple to implemnt, and pretty effective.Note: don't forgo the anti-virus and Windows updates just because your user is slightly protected.

if you were to get a virus could you to a virus scan on a limited-user account? or would you have to log onto an administrator account? that would seem like a big hassle but it is a good tip either way
Edited October 1, 2006 by the_aggie10 (see edit history)

[michaelper22 0]

if you were to get a virus could you to a virus scan on a limited-user account? or would you have to log onto an administrator account? that would seem like a big hassle but it is a good tip either way

Well, the whole point of using a limited-rights account is to avoid viruses (and other malware, worms, trojans, spyqare, etc.), but most anti-virus software should run and scan without admin priveleges.

[rahul_rules22 0]

Absolutely, It might prove to be a comparatively safer method of protecting your computer from few threats if you dont mind switching between users. I for one have been using a profile just for the sake of it

[tydes 0]

Tips & Trick prevent Virus attack!Almost every day our computer infected computer virus, a lot of it is make damage, like Decoy.A hiding our document. There is virus of h0n3y.A which make our drive cd open & close until damage. Wuihhh, in fact this matter can be prevented, although there are no antivirus, but our computer always health. There are some tips & trick from me to make our computer always health and free from viruses:Carefully every open file.This matter is first step to make our computer always safe. You need see its propeties, usually there is folder we to open, after we see its properties eh... in the reality its file type is application, this is so-called virus......... ketahuan deh.....Don't immediatelly open file we know.Usually, known file format, ex: its icon is MS Word or folder often cheat us. Careful all known file formats, this is virus trap using similary known file format icon.Setting Windows Explorer for show file extention.We will see clearly virus program if windows explorer show file extention, ex: There is a file with MS Word Icon, but when we see its extention there are xxxxx.doc.exe or xxxxx.exe through its icon MS Word, we must suspect that file is virus.Lock Normal Project viewing.Locking meant for our document with infected by macro virus can not infect our free virus document because Normal project have been locked with our password. Way to lock is open Microsoft Visual Basic for Application or press Alt+F11, then choose normal project in left window, right click it, choose Normal properties. Choose Protection tab, check Lock Project from Viewing, enter the password to open, then re-enter it. I guarantee the infected document will not increase.Don't get taken with the file name which make us passion.Many virus maker using our weakness to deceive us. They usually using file name which make us passion, like Hot Sex, Free Porn Download, Foto Gadis Bugil, Free Sex, Mature, etc. this is virus.Never open any email attachment.If you receive email with attachment from your friends or unknow people, 70% of attachment is virus. If email with attachment come from our friends, please confirm to your friends really send that email via sms, email, or another media.Update virus definition.This is last level protection, if you are really using antivirus, whatever antivirus or its version, try to update virus definiton every month or every 2 weeks, usually antivirus company make update for your antivirus every 2 weeks or every month. Remember, whatever antivirus or its version, the important things is update virus definition.OK I think that enough