1. #1
    Shintaro's Avatar
    Join Date
    Jun 2012
    Brisbane, Australia

    Why you shouldn't use Admin for day-to-day usage.

    Just thought this study by Avecto might be of interest as to why you should not be using the Administrator account on your computer for day-to-day work.

    **Note: To get the study you will need to give up your email address to them. But there are ways of creating a temp email address.

    Excerpt from Security Now.

    .............. So here's the breakdown. During that year, 2013 of critical rating, so there were 147 vulnerabilities
    published during 2013 with critical rating. 92, as I said, were mitigated, blocked, by
    removing admin rights. I'm sorry, not 92, 92% were blocked by removing administrator
    rights. 96% of critical vulnerabilities affecting the Windows operating system, so nearly
    all, 96% of those vulnerabilities which affected the Windows OS were mitigated by
    removing admin rights. 100% of the vulnerabilities affecting IE were mitigated by
    removing admin rights.

    Leo: Wow.
    100%. All you had to do is switch to a standard user. In the control panel, under
    Windows Users, you have a choice, be an admin user or a standard user. And
    unfortunately, by default, when you set Windows up, you're an admin user. That's what
    you get. So you need to create another user, set that up as a standard user, and that's
    the one you use. And then, when you need to do something that you're being blocked by,
    you need to enter the admin user's password. That's the way to be safe. Not even UAC
    gives you this level of safety. You need to be a standard user and then provide the admin
    password when you need to switch into the admin account, essentially. 91% of
    vulnerabilities affecting Microsoft Office would be blocked by removing admin rights and
    100%, all of the critical remote code execution vulnerabilities, and 80% of critical
    information disclosure vulnerabilities mitigated by removing admin rights.
    So the takeaway here is this is really important. If you simply stop being an admin, if
    history is any lesson, you're way safer. You are completely safe based on history from IE
    exploits, and those are the big way things get in is through Internet Explorer, through
    web browsing. And critical remote code execution is also how this stuff happens. 100%
    safe if you're not an admin. So we've got 41 days to go with XP. Certainly XP users ought
    to seriously consider no longer running as an administrator. Just run as a standard user,
    and use admin account only when you really know you need to.

    Try to live an ordinary life, in a non-ordinary way.

    • Ad Bot



  2. #2

    Re: Why you shouldn't use Admin for day-to-day usage.

    One of my professors stressed this over and over and over again, and now any time I am in public on a laptop, I am always signed into a different user account with non-admin permissions. If I need to do something admin related, I just quickly type my UAC info and I'm done. I'd like to make this transition even on my home computer, but to be honest, I am a little lazy in that regard

  3. #3
    jcgriff2's Avatar
    Join Date
    Feb 2012
    New Jersey Shore
    • specs System Specs
      • Manufacturer:
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
      • Case:
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Why you shouldn't use Admin for day-to-day usage.

    I recall reading that the Hidden Admin user account (SID -500) is incapable of installing certain security related Windows Updates. I do believe this was true under Vista & Windows 7 - not sure about Windows 8/8.1

    But yeah - running IE "As Administrator" whether by choice or SID-500 user account is definitely not the safest way to surf the Internet.

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

Similar Threads

  1. High-CPU usage and corrupt files
    By JP23 in forum BSOD, Crashes, Kernel Debugging
    Replies: 8
    Last Post: 11-05-2013, 06:41 PM
  2. Shouldn’t Google Be Pushing Google+ On Its Users
    By zigzag3143 in forum News You Can Use
    Replies: 4
    Last Post: 01-06-2013, 07:30 PM
  3. Skype usage up 50% under Microsoft
    By JMH in forum News You Can Use
    Replies: 0
    Last Post: 07-20-2012, 05:49 PM

Log in

Log in