Jump to content
Sign in to follow this  
RayG

To help reduce security risks in Windows XP...

Recommended Posts

Using a limited account for your day-to-day computing (email, surfing the net, etc.) helps prevent malicious software from being unintentionally installed on your computer system.

 

To create a limited account:

 

Start > Control Panel > User Accounts > Create a new account > enter a user account name > Next > select Limited radio button > Next > Create Account.

 

After creating the Limited account, Start > Log Off which logs off the administrative account and takes you back to the login screen. Click on the newly created user (limited) account and set desktop preferences to your liking.

 

RayG

Share this post


Link to post
Share on other sites

ray what should be done if the user account becomes infected, also how do we protect other computers over a home network and how can we prevent boot viruses?

 

what will happen if the user account is infected and you need to switch to admin mode wich is highly likely in windows?

Share this post


Link to post
Share on other sites

ray what should be done if the user account becomes infected,

Why you disinfect it of course. ;)

 

If, by chance, your limited account becomes infected, switch over to admin account and do a full virus scan with whatever anti-virus program you're using.

 

also how do we protect other computers over a home network

It's important for each computer in the network to have and run its own anti-virus software. I've yet to have a virus jump from one computer to another via the network, though a determined user can make it happen. (I've been running some sort of home network for a few years now).

 

and how can we prevent boot viruses?

Virus prevention tips:

 

Also,

  • Set your CMOS so it doesn't boot from a floppy.
  • Stay away from P2P programs like Kazaa, BearShare, etc.
  • Don't click on links when Instant Messaging.
  • Don't copy to a floppy disk at the library or other public place.

what will happen if the user account is infected and you need to switch to admin mode wich is highly likely in windows?

 

Reboot into the admin account which will give you full access for removal purposes.

 

RayG

Share this post


Link to post
Share on other sites

If, by chance, your limited account becomes infected, switch over to admin account and do a full virus scan with whatever anti-virus program you're using

 

could you explain why they say not to use admin mode to delete or remove viruses :rolleyes:

 

 

i hear that alot and learned you need to be admin to remove user accounts, but i also hear that the admin account becomes infected once logged on to, maby im wrong but worms/trojans have this capability, do we have any assurence that this wont happen :)

 

noticed your topic states help reduce security risks, meaning this is not infact a sure way to prevent attacks?

Share this post


Link to post
Share on other sites

could you explain why they say not to use admin mode to delete or remove viruses :rolleyes:

It's very likely you won't have to log into the admin account to delete the virus, it depends on the removal procedure and your anti-virus software. If you ARE required to run as the administrator, it's usually because you need to run a virus removal tool (Symantec's W32.Sober Removal Tool is but one example), and you typically need admin rights to run the tool.

 

Who is 'they'? Linux users? :shifty:

 

i hear that alot and learned you need to be admin to remove user accounts, but i also hear that the admin account becomes infected once logged on to, maby im wrong but worms/trojans have this capability, do we have any assurence that this wont happen :)

The best way to absolutely protect any computer from viruses is to unplug the power cord and keep it turned off. ;)

 

noticed your topic states help reduce security risks, meaning this is not infact a sure way to prevent attacks?

 

No, as I said it's hard to defend against a determined user. Running in a limited account will help reduce that risk though. Not sure what you're suggesting, users use an admin account all the time?

 

RayG

Share this post


Link to post
Share on other sites

Who is 'they'? Linux users?

 

former windows user :rofl2:

 

The best way to absolutely protect any computer from viruses is to unplug the power cord and keep it turned off

 

that sounds correct :lol:

 

Running in a limited account will help reduce that risk though. Not sure what you're suggesting, users use an admin account all the time?

 

no, just as i stated it, its not a sure way but it helps, i agree

 

ms is is using this strategy in vista i think, its a bite of of linux but well worth the copy :mrgreen:

 

some say they hate using passwords to do things, i think its the rite way...........

Share this post


Link to post
Share on other sites

some say they hate using passwords to do things, i think its the rite way...........

On that I completely agree. My kids better hope I live a long time 'cause all 4 systems have admin accounts that are password protected and only dear old dad knows what the passwords are. :geezer:

 

My wife thinks I'm paranoid with the passwords, limited accounts, etc. etc., but I like my computers to run smoothly. B)

 

RayG

Share this post


Link to post
Share on other sites

my wife says that about me, i tell her its nothing to do with being paranoid, i just dont feel like fixing things every other day :mrgreen:

 

ray, wonderfull tip, thumbs up :tup:

Share this post


Link to post
Share on other sites

To reduce security risks in Windows XP: Get a new OS!

Considering Win XP comes pre-installed on most new computers, which of the many alternatives do you recommend? Linux (which distro pray tell, I've tried a number and remain unimpressed)? BSD? Solaris? OS X? Plan 9? QNX? z/OS? eCos?

 

Too many choices... :pullhair:

 

RayG

Edited by RayG

Share this post


Link to post
Share on other sites

Wow, I feel all Linux now!

 

Im happy with Linux, SuSE is great for begginers; I spose I am still a beginner but I got Debian running despite the ill-advice I received by the experts!

 

Make sure you get a distro that supports KDE, KDE is cool for when you initially change from Windows as it is very graphical and the mouse can do pretty much everything. If you do need some console commands go to the Linux forum and XxenxX or Bruce will answer! I think they sleep with lists of terminal commands!

 

(Even if you are still learning Linux, like me, everyone immediately assumes you are a computer god!)

 

Well, as I wrote elsewhere, I've tried out various distros (both full and LiveCDs), including Mandrake 6.5, Red Hat 7, Caldera Open Linux, Beatrix, Knoppix, Ubuntu, Damn Small Linux, MEPIS, elearnix, Lindows, Feather, SuSe, Slax, and probably a couple others I'm forgetting.

 

More recently here at home, I did full installs of Beatrix and Knoppix, and though I give high marks to both for their ability to automatically configure my internet, Beatrix kept locking up and Knoppix wouldn't let me do an apt-get update or apt-get upgrade, nor would it let me download and use the Linux version of Firefox. With my WinXP box I've never had a glitch I couldn't recover from, I've had no problems downloading either .zip or .rar files, and my updates are automatic. I must say, I DID love the simplicity of Beatrix. It looked crisp, attractive, and uncluttered. Knoppix just gave me too many choices and I found it somewhat frustrating to use.

 

I simply don't find Linux as 'easy' to use as my familiar WinXP, doesn't mean I don't LIKE Linux.

 

Keep in mind my hint was for those Win XP users who'd like to keep Win XP but reduce their security risks. B)

 

Don't worry, if I ever get a Linux distro to work comfortably I'll be making the switch. :clap:

 

RayG

Share this post


Link to post
Share on other sites

its like this, take someone thats never used windows and only used linux or mac, that por guy will be so lost in that windows machine, he may even get upset due to all the needed maintanence :laughing:

 

its the same the other way around, so as far as it being difficult well its not, just think of learning something new all over again!

 

back on the topic :rolleyes:

 

if there was a way to use a password to access some things like device manager or add and remove without having to log as admin :thud: , thats the beauty of linux :P

Share this post


Link to post
Share on other sites

mandrake 6.5 :laughing:

 

RedHat 7 :laughing:

 

I think the evolution of this thread should be moved out of this forum, and put elsewhere so it doesn't detract from the intent of this forum.

 

Maybe the, I tried 9 year old operating systems forum and didn't like em.

Edited by Bruce

Share this post


Link to post
Share on other sites

I can remember when you sent me red hat 7 disks Bruce, it couldn't have been that long ago, Back then you thought red hat 7 was the best, and for that time....it probably was :mrgreen:

 

RedHat 7 is 7 years old. It was good for it's time. But there have been since that time.

 

RedHat , 7.1, 7.2, 7.3, 8.0, 8.1, 8.2, 8.3, 9.0, 9.1, 9.2 ........then Fedora , Fedora core 1, core 2, core 3, core 4, core 5, Enterprize 1, 2 , 3, 4...............

 

 

Unlike Windows things change every six months, not every six years.

 

But that wasn't my point.

 

My point was (in a round about way) that Ray'G is giving some fantastic windows tips, that I also highly recommend, and turning this into a Linux thread not only detracts from his excellent tip, but it also takes away from the intent of this section of the forums.

 

It is unfair to the folks who come here expecting to read tips about their chosen OS, only to be subjected to something else.

 

It does Ray,G a disservice, and all the members who come here wanting to read his helpful information.

 

Of all the tips I have seen so far, Ray,G has posted the best and most usefull. It is a shame to see it diverted into something else.

 

I don't think the chatter belongs here, I think his tip should stand on it's own merrits.

Edited by Bruce

Share this post


Link to post
Share on other sites

Well those resopnsible, could delete their posts and make it right for Ray G

Share this post


Link to post
Share on other sites

ray i did an install of windows a few weeks ago, during the end of the install theres a section where you can add a admin password, if this is done during the install a user will be forced to use a limited user account and will have to log on as admin when needed :)

 

i had to throw that in, i think this would be helpfull if folks want to reformat and start with a clean slate.....

 

 

Posted Image

Edited by duanester

Share this post


Link to post
Share on other sites

ray i did an install of windows a few weeks ago, during the end of the install theres a section where you can add a admin password, if this is done during the install a user will be forced to use a limited user account and will have to log on as admin when needed :)

 

i had to throw that in, i think this would be helpfull if folks want to reformat and start with a clean slate.....

 

:mrgreen:

 

The (mandatory) admin account in your example is the hidden one that only shows up when you hit Ctl-Alt-Del from the login (welcome) screen. Consider it the equivalent of the root admin account in Linux. During the Win XP installation you'll also be presented with an area where you can add up to 5 users. No matter how many users you add, they are automatically given admin rights, so it's important to change one of them to limited for normal computer usage. (typically I only add two users, leaving one as a password-protected administrator, and changing the other to a limited account.)

 

Also, when you right-click and Run as... a program file it gives you the option of running the program through any installed administrative account you want, hidden or not.

 

RayG

Share this post


Link to post
Share on other sites

No matter how many users you add, they are automatically given admin rights

 

RayG

 

i knew you would catch that :P

 

 

equivalent of the root admin account in Linux

well i dont know about that, i do get your point though :mrgreen:

 

as joeC would say windows doesnt make it easy!

 

but i like the fact that nothing cant be changed in device manager and you can install some programs, thats great, but noticed system restore does not work for limited users, i think this is an important key the sys restore doesnt monitor limited accounts because if infected it could attack the entire system !

 

 

ray again this is the best advice ive ever seen for a windows machine, i have to say that everyone who reads this switch to limited user

Edited by duanester

Share this post


Link to post
Share on other sites

ray again this is the best advice ive ever seen for a windows machine, i have to say that everyone who reads this switch to limited user

Thanks, but I'm just passing along what I've put into practice (and learned elsewhere). :P

 

Couple of links on running as limited user (sometimes referred to as 'protected' user)

 

http://blogs.msdn.com/aaron_margosis/archi...egory/6592.aspx

http://nonadmin.editme.com/WhyNonAdmin

 

Excellent info in both links!! :clap:

 

RayG

Share this post


Link to post
Share on other sites

Well those resopnsible, could delete their posts and make it right for Ray G

 

Done, but I'm still in the quotes!

Share this post


Link to post
Share on other sites

Using a limited account for your day-to-day computing (email, surfing the net, etc.) helps prevent malicious software from being unintentionally installed on your computer system.

 

To create a limited account:

 

Start > Control Panel > User Accounts > Create a new account > enter a user account name > Next > select Limited radio button > Next > Create Account.

 

After creating the Limited account, Start > Log Off which logs off the administrative account and takes you back to the login screen. Click on the newly created user (limited) account and set desktop preferences to your liking.

 

RayG

 

Share this post


Link to post
Share on other sites

I just want to agree that using a limited user account is the best way of initially protecting XP. At least from the users side.

 

On my system which is a home assembled unit. I have taken the following steps to reduce outside risks in XP.

 

1) Use Firefox to browse the internet instead of Internet Explorer; because Firefox is not tied to the operating system at such a low level as is IE and acts as a buffer instead of a gateway from outside threats. Internet explorer is a good browser, but the decesion to tie the browser to the OS was and still is stupid.

 

2) Turn off automatic running of activeX in Internet Explorer on the off chance you are forced to use IE. ActiveX is a program and the problem with ActiveX is you don't know when an ActiveX app is running. It just does. If ActiveX runs in IE; I wan't to know what it is and where it is running at.

 

3) But most importantly, run as a limited user. Good job RayG.

Share this post


Link to post
Share on other sites

our PC suddenly became infected by the SEEKMO scamware.the pop ups were relentless,tell me if this is amazing? I think it is. I did a system restore to 48 hours prior.and the PC had to be manually shut off for

inteferrence reasons,of course normally that would cut any restore from completeing,well when I signed back on, I was astounded to see the restore took place,and all the nasty stuff was gone! just a little tip. I have xp btw.

Share this post


Link to post
Share on other sites

If I may ask, doesnt a limited account prevent you from making necessary moves such as restore etc?

I mean, if you have problem,you have to be signed in as an admin to make corrections.does the limited acct interfere with normal pc functions like surfing,IM,email, etc? sorry to sound naive,but I am, =)

vikki (thank you)

Share this post


Link to post
Share on other sites

If I may ask, doesnt a limited account prevent you from making necessary moves such as restore etc? I mean, if you have problem,you have to be signed in as an admin to make corrections.

Yes, you can't do away with the admin account entirely, but so far I've only found a handful of reasons to switch over to the admin account.

  • to download and install Windows updates
  • to do a system restore (though I can only think of 1 time I had to do this*)
  • to implement network changes
  • installing or deleting hardware drivers

does the limited acct interfere with normal pc functions like surfing,IM,email, etc? sorry to sound naive,but I am, =)

vikki (thank you)

 

It shouldn't. I surf the net, use MSN Messenger, email, do my online banking, participate in message forums, create and print invoices, listen to internet radio, watch news clips, and even download and install programs, all while using the limited account. I only switch to the admin account if and when required, which thankfully isn't very often at all.

 

RayG

 

* I have 4 ethernet systems and 1 wireless system connected 24/7, and I've had to do a system restore only once (on only one machine) because my kids had surfed the net from the admin account and picked up some malware. I booted into safe mode, logged on as the admin, performed a system restore, and rebooted back into the limited account within minutes. Haven't had any further problems (knock on wood)

Share this post


Link to post
Share on other sites

 

Yes, you can't do away with the admin account entirely, but so far I've only found a handful of reasons to switch over to the admin account.

  • to download and install Windows updates
  • to do a system restore (though I can only think of 1 time I had to do this*)
  • to implement network changes
  • installing or deleting hardware drivers
RayG your tip to create a limited account and do the daily internet tasks in it should be number one if it ain't.

 

There are a couple of additions I wish to make. You did not discuss this but one does not have to download third party software and most Microsoft software in an administrator's account; it can be downloaded in a limited users account, scanned again, and then later plucked into the admin account for installation. That's the way that I do it.

The second, sometimes there is a need to email descriptions of errors or send a report or file as an attachment to a vendor while in an administrator account; install in the admin account a smtp mail client for that purpose. I use QM, smtp only. DiamondCS has one too, SendMail. I do not, if I can help it, have anything coming into my adminstrator account. I do not surf in it. I may go the Ms update site, but I seldom do that. I update my system with Shavlik Technologies' NetChk Protect. Only the necessary updates come in to it.

If you wish to do more than what is allowed in a limited User account, but I don't recommend it. You may make the user account a Power Users account and you can install some programs in it. It's not as safe as a User account, but you can run your browsers, and email client sometimes, in a virtual environment or sandbox. There is one called Sandboxie which is free; another called GreenBorder; last, one that I plan to try soon, VM-ware with Browser Appliance, also free. I use Sandboxie now. I like it. I am curious about VMWare.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×