Thread: Administrator account - Built-in vs. new one
View Single Post
  #3 (permalink)  
Old 09-08-2007
Luc
 

Posts: n/a
Re: Administrator account - Built-in vs. new one
Hi Bruce,

Thank you for your detailed explanation. To be on the safe (safest) side
then, I had better create a second, standard account for myself (I'm the only
user, by the way) to be protected best against malware, use the administrator
account that was created when installing Vista only for those actions that do
require administrator-privileges, and leave the built-in but unabled
administrator account untouched (the built-in one doesn't seem to be subject
to UAC, if I understand correctly, so doesn't provide quite the same
protection that any other administrator account does).
--
Luc


"Bruce Chambers" wrote:

> Luc wrote:
> > It is generally recommended to use a standard account for day-to-day
> > operations, and to reserve the administrator account for any actions that
> > affect all user(s) on a system. Even when there is only one user, say on a
> > home PC, if I understand things correctly, it is best to have both an
> > administrator and a standard account.
> >
>
>
> Correct. Routinely using a computer with administrative privileges
> is not without some risk. You will be more susceptible to some types of
> malware, particularly adware and spyware. While using a computer with
> limited privileges isn't the cure-all, silver bullet that some claim it
> to be, any experienced IT professional will verify that doing so
> definitely reduces that amount of damage and depth of penetration by the
> malware. If you get infected/infested while running as an
> administrator, the odds are much greater that any malware will be
> extremely difficult, if not impossible, to remove with formating the
> hard drive and starting anew. The intruding malware will have the same
> privileges to all of the files on your hard drive that you do.
>
> Vista's UAC adds an additional layer of protection, even if you
> don't enter a password each time it warns you; the important thing is
> that you're being warned, and can then make your own decision. A
> technically competent user who is aware of the risks and knows how to
> take proper precautions can usually safely operate with administrative
> privileges; I do so myself. But I certainly don't recommend it for the
> average computer user.
>
>
> > But what is the better alternative, if any: enable the built-in
> > administrator account and convert the administrator account that is created
> > automatically when installing Vista to a standard one; or create a second,
> > standard account alongside the administrator that is created when installing
> > Vista, and leave the built-in administrator account disabled.
> >
> > Any thoughts or recommendations?
> >
>
>
> The built-in Administrator account really was never intended to be
> used for day-to-day normal use. The standard security practice is to
> rename the account, set a strong password on it, and use it only to
> create another account for regular use, reserving the Administrator
> account as a "back door" in case something corrupts your regular
> account(s).
>
> I create both an administrative account and a regular account for my
> use, reserving the built-in Administrator account (after renaming it and
> placing a strong password on it) for emergency use should my "normal"
> administrator account become damaged or otherwise unavailable.
>
>
>
> --
>
> Bruce Chambers
>
> Help us help you:
> http://dts-l.org/goodpost.htm
> http://www.catb.org/~esr/faqs/smart-questions.html
>
> They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety. -Benjamin Franklin
>
> Many people would rather die than think; in fact, most do. -Bertrand Russell
>
Reply With Quote