Getting back my security by "fixing" User-Account

no, don't make your only account into standard user. Because you will need atleast one active administrator account.

You can do two things:
1) Restore back to the state where you haven't made your account standard user yet.
Create new account (standard user account)
And use this standard user account for your everyday tasks.
For administrative tasks either login to your last admin account or "run as administrator" and put password for your admin account.

2) If you don't want to configure your settings and preferences to new account:
Restore back.
Create new Administrator account.
Login in with it.
Make your previous account standard user.
Proceed just like at (1). use standard account for everyday tasks and for administrative tasks either switch user or "run as admin".

First option is more preferable, as in some cases if you convert admin into LUA (limited user account) it may still inherit some privileges from admin.

Thanks so far, do you think UAC is worth all the stuff?
I played a bit with it now, and found it very very uncomfortable. I mean, every default program asks for admin rights or, if not, I need to rightclick->start as admin, because it's installed in c:\programs and needs write access:

-miranda
-rainlendar
-keepass
-flashfxp

It's just very very annoying and isn't there a way to always execute them as admin without having to click yes everytime? I mean, e.g. miranda doesn't even run without admin privileges, since history etc is written to my database...

I enjoy the UAC when installing new programs etc, so there's no security lack for viruses, keyloggers etc etc, because I have to click "yes" before they can install, but I don't want to always have to click yes when just starting my programs Im working with everyday...

wabbo said:

Thanks so far, do you think UAC is worth all the stuff?
I played a bit with it now, and found it very very uncomfortable. I mean, every default program asks for admin rights or, if not, I need to rightclick->start as admin, because it's installed in c:\programs and needs write access:

-miranda
-rainlendar
-keepass
-flashfxp

It's just very very annoying and isn't there a way to always execute them as admin without having to click yes everytime? I mean, e.g. miranda doesn't even run without admin privileges, since history etc is written to my database...

I enjoy the UAC when installing new programs etc, so there's no security lack for viruses, keyloggers etc etc, because I have to click "yes" before they can install, but I don't want to always have to click yes when just starting my programs Im working with everyday...

Lets say, UAC actually is not security product but more of a compatibility provider.
But, yes in a way it will give you a security.

I am not really familiar with programs you listed (except keepass), but I will try to help you.

I cant understand why IM (miranda) can't run without admin privileges.
It is the problem of the developers. In Vista and Windows 7, Microsoft has moved into different strategy of working of software.
Basically in this OSes, most of the programs shouldn't need admin privileges and should not write to "program files" folder.
All their configurations and stuff, they should write into AppData and ProgramData folders.
So, it is actually laziness by developers of Miranda to adopt, new model which is causing problems.
Microsoft did know that developers will be slow to adopt to this model, and that it will break some of the current software, therefore it created UAC.
So, it will enable those programs work under the new model.
But it never meant to be final solution, but temporary one.
It was created to give time to developers to adopt to new working model.
But as you can see some developers are still too slow to move to the new model.
Therefore in a way it was meant to be annoying, to force developers to adopt faster (because otherwise they will start loosing annoyed customers)
Unfortunately, as you can see some developers don't care about it.
And I am 100% sure, it IS possible to move IM into full LUA environment.

So, in a nutshell, this annoyance isn't fault of UAC, but fault of lazy third party developers.
Secondly, contrary to popular belief, UAC is not meant to be security mechanism. It was made to assist developers and users to move into standard user environment.
And in many technical papers it was stated that it was only temporary, until all developers adopt to LUA.

ok, anyway. I am going to much into details

It's just very very annoying and isn't there a way to always execute them as admin without having to click yes everytime?

Have a look at this tutorial: Elevated Program Shortcut without UAC Prompt - Create

Okay thanks so far. I now see what you mean. But no, the miranda IM messenger isn't laziness-product it's me, who likes the "portable" software, where the profiles, data etc is written to the folder itself. I don't like it, when the data is scattered around the hdd... So I often download portable software which doesn't really run because it needs to write data to the programs folder... Thanks for the link though, I'm gonna try it out.

But what do you mean by saying, that UAC isn't a security mechanism? I mean, it's obvious that this helps to be more secure, doesn't it? This makes me safe against any virus installation etc, because I will SEE it and can click "no"...

wabbo said:

Thanks so far, do you think UAC is worth all the stuff?

Hi, wabbo.

Yes, UAC Is worth it, particularly since you have a 64-bit system. The quote below is from this topic: Alureon Bootkit Trojan - Crossing the 64 bit Barrier

However, it's important to note, the infection can only compromise a 64 bit Windows 7 or Vista system, if User Account Control (UAC) is turned OFF or if the user casually approves the malicious action.

Thanks so far. If I understand it right, I can say generally, that infecting a 64bit system is harder than doing it on a 32bit system. At least, that is what I read from this part of the text:

More recently, in early August 2010, a new Alureon TDL variant that displayed the ability to infect Vista and Windows 7 64 bit based computers emerged.
This was a very unsettling but significant development, because very strict security measures that were integrated into 64 bit versions of Vista and Windows 7 (Patchguard and very stringent driver signing requirements) had to be bypassed to allow this to happen!

Am I assuming right? Is it really harder for malware and viruses to get into a 64bit system? Or do they only mean such rootkits, which need to install into MBR etc...?

You are correct, wabbo. At this point, it really is more difficult for malware and viruses to get into 64-bit systems that are kept up to date with Microsoft and third-party security updates, UAC on, antivirus and firewall installed and, most importantly, the user doesn't allow install an infected program. There is no protection from the careless user.

Thanks. Assuming that UAC is turned off, is there still a difference between 64bit and 32bit (User is the same (he is not careless), Firewall and Avast Antivir turned on)? From what I read off the article, there is one because 64bit viruses need some signed drivers, but I'm not sure about it.