A lot of Windows users take an additive approach when it comes to security. Think you need to increase your protection? Install another piece of software. There are some great apps out there, like RansomFree, but you can actually make your Windows PC a lot more secure simply by changing one little setting.
Changing your Windows user account from an administrator account to a standard account would have protected it from 94% of the critical vulnerabilities Microsoft patched in Windows last year. That’s according to research from Avecto, a security firm that protects around 2.2 million computers at various Fortune 500 companies.
94% is impressive enough, but get this: 100% of all Internet Explorer, Edge, and Office 2016 threats reported last year were powerless against non-admin accounts.
Now, not all of those vulnerabilities were actually exploited by cybercriminals… but why would you not want to add that kind of protection just in case?
First Step: Create A New Administrator Account
If you only have one account on your Windows PC, then it’s an administrator account. Turning it into a standard account isn’t hard. You can’t simply go and change it to standard, however — there has to be at least one administrator account so that you can do things like add and remove software or install a new piece of hardware.
The first step is to add a new user account and make it an administrator.
Windows 10: Go to settings, accounts, and then other people. Click to add someone else to the PC. When you’re done, click the new account and then click the change account type button to switch it from standard to administrator.
Windows 8: Go to settings, users, and add a user. When you’re done adding the account, click it and then click edit to make it an administrator.
Windows 7: Head to the control panel and then look under user accounts and family safety. Click add or remove user accounts, and then click the link to create a new account link. Give it a name, tick the administrator box, and click create account.
It’s critical that you create a password for this account when you set it up. Blank passwords — especially on administrator accounts — are a bad idea.
Step Two: Demote Your Existing Account
With the new admin account created, it’s time to remove administrator rights from your old account.
Windows 10: Click your old account then click change account type. Click the account type box to switch from administrator to standard then click OK.
Windows 8: Click your old account then click edit. Click the account type box to switch from administrator to standard then click OK.
Windows 7: Click your old account then click change account type. Click standard then click change account type.
Why It Works
A lot of Windows vulnerabilities can’t be exploited without full access to the system. That’s why it’s a good idea to have one account for surfing, chatting, gaming, and getting work done and a separate account with admin rights.
Even if you did happen to wind up on a malicious web page or get tricked into executing a booby-trapped document from a phishing email there’s a good chance your PC won’t be compromised. Your account simply isn’t allowed to do some of the things the malware will try to force it to do.
A Time-tested Linux Trick
This is something that Linux users have been doing for ages. On most Linux-based OSes there’s an admin account called root. Users don’t typically log in to the root account. Instead, they provide the root username and password when they need to perform administrative tasks.
Why not log in as root? Because if you do that all the programs you launch run with root privileges. That’s extremely dangerous. If any of those programs goes haywire, it could damage the entire operating system. The same is true on a Windows PC.
There’s An Adjustment Period
Now that you’re using a standard account, you’ll have to get used to a few changes. When you install a new app, for example, you’ll have to enter the password for the new admin account you created. You’ll also have to enter that password when making changes to various system settings.
It’s a very minor inconvenience… especially when you think about how much more secure your computer is after making the switch.
Source: SANS ISC SecNewsFeed @ February 26, 2017 at 10:12AM