Sunday, 25 April 2021

Are you running as an ADMINISTRATOR, convenient yes, but DANGEROUS

When you set up your Windows system, by default you were given an ADMINISTRATOR (admin) account. And chances are you are still running in that admin account. Not knowing what you're doing, running in an admin account is a really BAD thing to do ... I know what I'm doing, and I never run as an admin, I'm just regular USER!

An admin account has permission to do nasty things to your machine. One of the nastiest is the ability to infect your entire operating system, really easily, since it has permission to write to areas a USER is not allowed to.

A USER account, how you should be running, like me, can do almost all that's needed to run your PC, and when needed, the system will prompt you very nicely for an admin credentials (username/password).

A USER account does not have permission to do nasty things to your operating system, like destroy it, which an admin account can do, easily.

If you were to introduce a virus, or ransomware, into your system, an account with  "elevated permissions", like an admin account, will literally give the virus permission to destroy the entire system. That same virus or ransomware introduced in a USER account is much less likely to do real damage to anything other than that user's account.

Now, don't run as a USER and just figure you're safe, you're not. Virus and ransomware programmers are very smart and do all sorts of things to get around system security. Running as a USER just makes it harder, the virus needs to be much more sophisticated to be able to destroy the system.

Running as a USER does not mean you are "safe", it's like wearing a seat belt, you are "safer".
----------
How to set up a system if you are running as an ADMINISTRATOR:

1) (on a new system) Create your user name you'd like to run with, this could be a USERNAME or Microsoft-linked email address.

2) Set up your entire system, install programs, get it running. DO NOT SURF THE WEB yet, ONLY go to websites you need to in order to download the basic software you run with.

DO NOT (google) SEARCH for a website you know the name of - if you know the website name, put it directly in the ADDRESS-bar. For instance, if you need to download adobe-reader, do not SEARCH for "adobe", just goto adobe.com in the ADDRESS bar. Why "search" for something when you know where it is?

3) Create a ADMINISTRATOR account, I like to call mine something like danadmin. Give it a COMPLEX password!!!

4) LOGOFF and log back on to your newly-created ADMINISTRATOR account from Step-3.

5) Change the USER-TYPE on your original account from Step-1 (the one you will regularly run with) from ADMINISTRATOR to USER.

6) LOGOFF and log on to your original account from Step-1 (the one you just made a USER).

You are now safely running as a USER and not an ADMINISTRATOR. When admin privileges are needed, the system will prompt for your admin credentials - THINK ABOUT IT - did you really do something that should require an admin? If not, don't enter the credentials.

The only reason I recommend step 2 above being done while still being an admin is for simplicity of software install, and, some software even given admin credentials won't install properly unless truly under an admin account. BE CAREFUL while still running as an admin!

Here is a new Rule #1:
NEVER GO INTO A WEB-BROWSER IN AN ADMIN ACCOUNT.

But that's really a good Rule #2, here's the real Rule #1:
NEVER CHECK EMAIL IN AN ADMIN ACCOUNT.

Yeah, I like that for Rule #1. In case you missed that, here's the order:

Rule #1: NEVER CHECK EMAIL IN AN ADMIN ACCOUNT (yes, I am yelling at you).

Rule #2: NEVER OPEN A WEB-BROWSER WHILE IN AN ADMIN ACCOUNT

Rule #3: Have a question, post it in a COMMENT. Oh, that's not really a rule, or I would have YELLED it :)

Dan