donkeed wrote:
jim911 wrote:
BPM wrote:
Best way to protect yourself is: Stop using IE, Use FireFox and install Ad-Block Plus and potentially NoScript. You won't get anything that way.
This is bad/shallow advice. The
best way to protect yourself is to
never do anything over the internet with administrator privileges enabled. Period. Every other precaution is just a feeble bandaid compared with letting all the wonderful security machinery built into the operating system take care of business for you.
Working as a non-admin sucks though. You have to go back and forth to do simple things, and not every app works. Fusion recording software is one example.
Two things: first, I don't know about he 'go back and forth to do simple things" -- I almost never need to do anything on my system that needs admin privileges. I admit it took a little futzing with ACLs and some other tweaking to get things settled down (this on XP/Pro -- on Vista I've had to do essentialy *no* fiddling to get it to be perfectly behaved from a non-admin account], but even if you believe that you absolutely
must run as admin (although whenever I talk to people about this their reasons are generally utterly bogus), there's just no reason whatsoever to run your IM client, your browser, you email client, and apps of that ilk as administrator. [google for "dropmyrights"]
Second, you're right, there are a few apps that for various reasons need to run as administrator [Nero is another]. That's what "run as" is for..
. But seriously, it is very easy to use run-as [or go into the advanced properties of its shortcut and set the "run with different credentials" box] to run a
particular app as adminstrator out of your limited account (that's what I do for Nero, which is about the only non-system-administration app I have that needs admin privs). If you just can't abide typing in your admin password to run these apps you can use 'runasuser' (q.v.)and it'll handle the mechanics and hide it all for you.
And notwithstanding the quibbles, it doesn't change the bottom line fact that running as administrator is dangerous, and, IMO, foolish. Period. You can argue that you prefer the convenience of never being nagged or having to do anything "extra" to run an app, and so fine: but then don't complain if/when your convenience bites you in the shorts and your system gets trashed. All of those security-bandaids are pretty close to being snake oil -- they provide very little security and mostly serve as scare-tactic marketing vehicles to keep the McAfees and such rich, feeding on the laziness and fears of the average Windows user.
XP and Vista are
very secure operatings systems, and that's
without any of that add-on crap!, but only if you don't turn off all the security machinery!! And if you do turn off the security machinery, there's essentially no way to plug all of the moving-van-sized security holes you've now opened in your own system. Windows's biggest security problem is that its uses insist on shooting themselves in their collective feet.