I came across a recent study that reinforced why I recommend to my clients that they not use their computer logged in with administrator privileges.
The study revealed that of the 251 vulnerabilities in Microsoft's Patch
Tuesday security bulletins in 2015 with a critical rating, 85% were concluded to be mitigated by removing administrator privileges.
The primary benefit of running in Standard user-level privilege instead is that programs which try to install without your permission/involvement cannot do so unless you provide the administrator password. This includes malware.
This approach is also beneficial if you're sharing a home computer with kids - the last thing you want is them installing programs without your supervision. (And it's best to have parental controls running on their accounts too.)
The administrator account does not need to be named Administrator. It can be named whatever you like: Master, Admin, Big Kahuna, Sky Lord, whatever. But it needs to be the only account on the computer with administrator privileges.
When setting this account up, choose a password that only you or another trusted person knows.
After creating the new administrator-level account, log off the computer and try to log in with that account. Verify in Settings or the Control Panel that the account in fact has administrator privileges. This is very important!
The next step is to demote all other users to Standard user level. I've provided links at the bottom for Widows 7, 8, and 10. Select a desired user and change to Standard. Then log off the computer and log in again as that user, just to test the user can still log in.
You will notice a change on the computer after doing this: If you try to install software or make system-wide changes as a Standard user, you'll be prompted for the administrator password.
Again, this is a best practice for computer security. It applies to Windows computers, Apple computers, and Linux (in Linux, administrator is called root.)
Thanks for reading.
Sam
---
If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send.
Thanks for reading.
Sam
---
Links for changing account types
Windows 7
http://www.sevenforums.com/tutorials/103538-user-account-type-change.html
Windows 8
http://www.eightforums.com/tutorials/5518-user-account-type-change-windows-8-a.html
Windows 10
http://www.tenforums.com/tutorials/6917-account-type-change-windows-10-a.html
No comments:
Post a Comment