"...change your account to a Limited User Account"

  • 27 July 2012
  • 1 reply

Userlevel 7
  • Retired Webrooter
  • 1581 replies
Running a limited user account will effectively mitigate against the majority of Windows vulnerabilities.  System Analyzer will notify you in the event you are running an administrative account, rather than a limited (or "standard") user account.

Why is it a good idea to run a limited user account?  Our own Dancho Danchev wrote an article for ZDNet a while back that explains just how important this can be.  The article may be getting a bit old, but the principle behind it hasn't changed.
Many exploits require administrative rights to function at all.  Certain other malware can be contained to affecting only the limited user account instead of every account on the computer.  Certainly there are types of malware that can get around the fact that you are running a limited user account, but why not choose to lower your risk?  There will always be scenarios in which no matter how many safeguards you put in place, something gets through anyway.  But on the other hand, the existence of tanks is no excuse for not locking your front door.  In short, it's a security best practice to use a standard user account when you can.  Webroot will protect you regardless of which type of account you are running, but you'll be even better off if you can save yourself from even needing to invoke that protection just by using some simple security tricks.
*edit is just to update the link 🙂

1 reply

Userlevel 5
Whilst there is an argument for LUAs, there is something to be said for keeping systems updated with the relevant patches against such vulnerabilities. I know of someone who hadn't applied Windows Update for ~3 months where they had admin rights, and I ended up adding 32, yes 32, updates for them!