Talk me into using a non-Admin user account

[Barfo]

I've tried using a user account without user privileges for my daily tasks because it's recommended in every security site but the truth is that after a few days I was sick of having to switch accounts for petty things like installing an app and some other stuff that I do several times a day, isn't there an easier way to have the security of a low privileges account without the annoyances?

 

[Barfo]

Oh, I forgot to mention that the last time some malicious software hit me, it was the sasser worm so I wonder if this will really increase my security which is ok already.

 

[n0cmonkey]

What about "Run As"?

Other than that, there isn't much we can say.

Its defense in depth. Zero days happen. Its not "if," but "when." Won't somebody think of the children?

 

[mechBgon]

^ what he said. And LOL at "petty things like installing an app"... you consider the power to install apps on your system petty? In that case, what do you consider to be actually dangerous... skydiving while juggling chainsaws?

 

[mechBgon]

Oh, and here's a narrated screencapture video I made for someone, demonstrating some RunAs techniques, if you're interested. Limited availability (haha), get it before dartworth shuts down the server: http://mechbgon.bluemonday.org/clips/runas.wmv

 

[bsobel]

Originally posted by: barfo
I've tried using a user account without user privileges for my daily tasks because it's recommended in every security site but the truth is that after a few days I was sick of having to switch accounts for petty things like installing an app and some other stuff that I do several times a day, isn't there an easier way to have the security of a low privileges account without the annoyances?

I presume this is XP? Upgrade to Vista, you might find UAC a happy middle ground.

 

[Skeeedunt]

UAC is a huge improvement over running XP as a non-admin, probably one of the biggest changes I noticed going to Vista.

Regarding Sasser - AFAIK running as a non-admin doesn't prevent attacks on vulnerable privileged system processes, but I think now that most people are behind firewalls this is less of a concern. I think the most common vectors these days are browsers and other user-initiated apps, which would all benefit from being run as an unprivileged user.