A few days ago, I heard about the .LNK file icon vulnerability, got a little concerned since there was no easy fix, and looked for ways to limit my exposure. After flailing about a bit, I decided it was time to look at the "Standard User" accounts in Windows 7.
I set up a new user, made it Standard, and copied over my Firefox profile, and I was up and running. It was surprisingly easy, and over 90% of my user experience is now running fine as "OrdinaryUser". I was surprised at how I rarely have to switch users. Most Administrator type tasks can be accomplished by just trying it, then Windows 7 notifies that I gotta be Admin for that, and asks me to pick an Administrator account, and give a password for it, then it just works. I think I am going to use this as my primary account--it gives me a (possibly unjustified) sense of heightened security.
However one complaint/question. As part of getting familiar with the new diggs, I edited the Registry, ( HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\BootAnimation )
was asked for the PW etc. and it worked fine. But now, I can go back to the same key and edit it WITHOUT any prompting, from the Standard account. I will experiment further, but it seems that my Standard User account now has unprotected access to the registry. Which makes my warm feeling of security just a little less comfortable.
Any wise words welcome.