Shintaro BSOD Kernel Dump Analyst Joined Jun 12, 2012 Posts 189 Location Brisbane, Australia Mar 3, 2014 #1 Just thought this study by Avecto might be of interest as to why you should not be using the Administrator account on your computer for day-to-day work. **Note: To get the study you will need to give up your email address to them. But there are ways of creating a temp email address. Excerpt from Security Now. Steve: .............. So here's the breakdown. During that year, 2013 of critical rating, so there were 147 vulnerabilities published during 2013 with critical rating. 92, as I said, were mitigated, blocked, by removing admin rights. I'm sorry, not 92, 92% were blocked by removing administrator rights. 96% of critical vulnerabilities affecting the Windows operating system, so nearly all, 96% of those vulnerabilities which affected the Windows OS were mitigated by removing admin rights. 100% of the vulnerabilities affecting IE were mitigated by removing admin rights. Leo: Wow. Steve: 100%. All you had to do is switch to a standard user. In the control panel, under Windows Users, you have a choice, be an admin user or a standard user. And unfortunately, by default, when you set Windows up, you're an admin user. That's what you get. So you need to create another user, set that up as a standard user, and that's the one you use. And then, when you need to do something that you're being blocked by, you need to enter the admin user's password. That's the way to be safe. Not even UAC gives you this level of safety. You need to be a standard user and then provide the admin password when you need to switch into the admin account, essentially. 91% of vulnerabilities affecting Microsoft Office would be blocked by removing admin rights and 100%, all of the critical remote code execution vulnerabilities, and 80% of critical information disclosure vulnerabilities mitigated by removing admin rights. So the takeaway here is this is really important. If you simply stop being an admin, if history is any lesson, you're way safer. You are completely safe based on history from IE exploits, and those are the big way things get in is through Internet Explorer, through web browsing. And critical remote code execution is also how this stuff happens. 100% safe if you're not an admin. So we've got 41 days to go with XP. Certainly XP users ought to seriously consider no longer running as an administrator. Just run as a standard user, and use admin account only when you really know you need to.