Creating a standard user account for security purposes?

Hey forum,

I never thought about it until recently when a friend mentioned it. He said even though I am the only one that uses my computer, that I should still create a standard user account and use that to greatly increase the security of my system. This seems to be sound logic and I have heard it somewhere else before, but I figure I would ask for the opinion of someone much more knowledgeable than myself.

Is it recommended to operate under a standard user account login even if you the sole user to the computer?

There are different views on this so I'll give you mine as an Installation guy who tries to set up perfect installs as compiled in Clean Reinstall - Factory OEM Windows 7.

When WIn7 is installed it issues an Admin account to the user assuming he is the owner.

As long as User Account Controls are kept at default then the only protection that an Admin Account lacks is that it will not be prompted to okay any changes with a password. It will still dim the desktop and flash the warning that changes are being made. So ask yourself how much more important it is to you to have to insert your password for every change made which triggers UAC. For most it is too annoying a redundancy to bother with.

If others are using your PC it is always a good idea to create for them a Standard Account and then password yours, or use the built-in Guest account.

Others may have a different view which is equally as compelling.

I read the same type of suggestions for using a Standard account for "Normal everyday" use.
So when I started using Win 7 I created a Standard (no PW) account for my normal everyday use, and have a PW protected Admin account for anything that needs Admin authority.
I've been using it like this for years, and don't have a problem typing in a PW for the Admin account when I need to.

I see Greg's point and agree that it's too annoying for many to have to type in a PW when Admin authority is needed.
Most people I help only have the default Admin account and use that for everyday use.

I really wonder if a system is more secure when using a Standard account, or that is just a myth.
I think it would be interesting to get feedback from the SF Security Experts on this.
They might know for sure if a using Standard Account is better.
Or, is using a Standard account just a "myth/placebo" for better security, and there is no real advantage in preventing Malware and Virus.

Very interesting. From what I have been told, and from what I heard a man recently saying on TV, I thought that you guys would overwhelmingly be supporting the creation of a Standard User. However, the point you make Greg seems to have merit, although I do not believe it would be much trouble for me to type in the admin password from time to time, however I would rather not have to create another account on windows unless there were some noticeable and strongly recommended benefits to doing so. I have all windows security features set to their defaults and do not plan on changing that anytime in the near future.

I would as David was saying, be very interested in receiving more input/opinions on this matter. Also, on something of a separate note, would you gentlemen believe that computer performance might be affected on a system that has multiple logins, to that of a system that just has a single admin login? Like would the computer run slightly slower and or have more processes that would be actively running with a PC that has a couple users vs. just one?

I think the only delay is signing in to one or the other accounts. I don't like to password my own PC accounts, but have no one I need to keep out of them and nothing to hide.

gregrocker said:

I think the only delay is signing in to one or the other accounts. I don't like to password my own PC accounts, but have no one I need to keep out of them and nothing to hide.

Well, I think we all have something to hide, lol, but yeah I hear what your saying. See, I was lead to believe that the danger did not come from someone physically accessing your computer on it's admin account, but rather a hacker doing it remotely. Therefore they would be able to roam freely and not have to enter any admin credentials, while if they tried to do this with a SU they would not have this ability. However, being such a novice in this area, I cannot really say how likely this would be to happen, or if it is even a real threat.

Brandon138 said:

See, I was lead to believe that the danger did not come from someone physically accessing your computer on it's admin account, but rather a hacker doing it remotely.

However, being such a novice in this area, I cannot really say how likely this would be to happen, or if it is even a real threat.

I'm in the same boat - that's why I'd like Security Expert's feedback

And here's some more of my 2 5 cents to Consider:

The only time I see more processes running is when I do a switch user to login to my Admin account and stay logged in with my Standard account at the same time.
I don't do this often, but do it occasionally if I need to for whatever reason...such as looking in Regedit from both accounts, or looking at and emptying the Admin Recycle Bin...

I do suggest having an "extra" Admin account always available.
That way if your everyday account gets corrupted for any reason, you have another account that should still work so you can still use the PC and hopefully fix or replace the corrupted account...

I don't feel I really need this because I use System Backup Images and can restore the OS from "outside" the OS in case of any problem other than a MB failure.

But I do keep an extra account available, just as another "recovery layer" option available.

DavidW7ncus said:

I do suggest having an "extra" Admin account always available.
That way if your everyday account gets corrupted for any reason, you have another account that should still work so you can still use the PC and hopefully fix or replace the corrupted account...

I don't feel I really need this because I use System Backup Images and can restore the OS from "outside" the OS in case of any problem other than a MB failure.

But I do keep an extra account available, just as another "recovery layer" option available.

Unless you're running from it now, you always have the Built-in Administrator Account - Enable or Disable - Windows 7 Forums and can access it from your Win7 disk or Repair CD using Built-in Administrator - Enable from WinRE - Windows 7 Forums.

We regularly help users enable that to create a new User account to replace a corrupted one.

I run Win7 from built-in Admin account - which is Admin without UAC - and have never had a problem. But only those who know what they're doing should do so (you know who you are).

Very interesting. From what I have been told, and from what I heard a man recently saying on TV, I thought that you guys would overwhelmingly be supporting the creation of a Standard User.

When UAC is enabled an admin account is a standard account for most practical purposes. By default any software you run will inherit your rights and they will be those of a standard account. If that software is malicious it will have tough road to do much harm. Only when you give permission with the UAC dialog do you get full admin rights.

With XP and older running with a standard account is more secure. Then an admin account always has full admin rights and so will any malicious software you run.