My last computer ran XP; administrators had unrestricted access (no UAC) and my normal day-to-day account was a standard user. I simply did a 'run as' then entered the admin credentials when I needed to do something such as install software. It made sense to have the day-to-day account be a limited one (like with Linux).
I've recently purchased a new Windows 8 computer. With User Account Control, when I am logged in as an administrator, UAC will pop up an allow/deny prompt if an application tries to make changes to the computer.
If I instead make my day-to-day account a standard account, when I do something that requires admin privileges, it will prompt me as well (but for a password and username). As both user accounts will prompt me anyway, is there any point to making my day to day account a standard one? What is the 'best' practice and do you all personally follow it?
Answer
UAC is not considered a security boundary. What this means is that there is only (relatively) weak protection preventing malicious software from "escaping" UAC and gaining administrator access. (In particular, Microsoft do not promise to fix issues that allow this to happen.)
Personally, I always use a standard user account on my home machine, except when I'm actually administering the computer.
No comments:
Post a Comment