Creating a standard user account for security purposes?

[Brandon138]

Hey forum,

I never thought about it until recently when a friend mentioned it. He said even though I am the only one that uses my computer, that I should still create a standard user account and use that to greatly increase the security of my system. This seems to be sound logic and I have heard it somewhere else before, but I figure I would ask for the opinion of someone much more knowledgeable than myself.

Is it recommended to operate under a standard user account login even if you the sole user to the computer?

 

[gregrocker]

There are different views on this so I'll give you mine as an Installation guy who tries to set up perfect installs as compiled in Clean Reinstall - Factory OEM Windows 7.

When WIn7 is installed it issues an Admin account to the user assuming he is the owner.

As long as User Account Controls are kept at default then the only protection that an Admin Account lacks is that it will not be prompted to okay any changes with a password. It will still dim the desktop and flash the warning that changes are being made. So ask yourself how much more important it is to you to have to insert your password for every change made which triggers UAC. For most it is too annoying a redundancy to bother with.

If others are using your PC it is always a good idea to create for them a Standard Account and then password yours, or use the built-in Guest account.

Others may have a different view which is equally as compelling.

 

[DavidE]

I read the same type of suggestions for using a Standard account for "Normal everyday" use.
So when I started using Win 7 I created a Standard (no PW) account for my normal everyday use, and have a PW protected Admin account for anything that needs Admin authority.
I've been using it like this for years, and don't have a problem typing in a PW for the Admin account when I need to.

I see Greg's point and agree that it's too annoying for many to have to type in a PW when Admin authority is needed.
Most people I help only have the default Admin account and use that for everyday use.

I really wonder if a system is more secure when using a Standard account, or that is just a myth.
I think it would be interesting to get feedback from the SF Security Experts on this.
They might know for sure if a using Standard Account is better.
Or, is using a Standard account just a "myth/placebo" for better security, and there is no real advantage in preventing Malware and Virus.

 

[Brandon138]

Very interesting. From what I have been told, and from what I heard a man recently saying on TV, I thought that you guys would overwhelmingly be supporting the creation of a Standard User. However, the point you make Greg seems to have merit, although I do not believe it would be much trouble for me to type in the admin password from time to time, however I would rather not have to create another account on windows unless there were some noticeable and strongly recommended benefits to doing so. I have all windows security features set to their defaults and do not plan on changing that anytime in the near future.

I would as David was saying, be very interested in receiving more input/opinions on this matter. Also, on something of a separate note, would you gentlemen believe that computer performance might be affected on a system that has multiple logins, to that of a system that just has a single admin login? Like would the computer run slightly slower and or have more processes that would be actively running with a PC that has a couple users vs. just one?

 

[gregrocker]

I think the only delay is signing in to one or the other accounts. I don't like to password my own PC accounts, but have no one I need to keep out of them and nothing to hide.

 

[Brandon138]

I think the only delay is signing in to one or the other accounts. I don't like to password my own PC accounts, but have no one I need to keep out of them and nothing to hide.

Well, I think we all have something to hide, lol, but yeah I hear what your saying. See, I was lead to believe that the danger did not come from someone physically accessing your computer on it's admin account, but rather a hacker doing it remotely. Therefore they would be able to roam freely and not have to enter any admin credentials, while if they tried to do this with a SU they would not have this ability. However, being such a novice in this area, I cannot really say how likely this would be to happen, or if it is even a real threat.

 

[DavidE]

See, I was lead to believe that the danger did not come from someone physically accessing your computer on it's admin account, but rather a hacker doing it remotely.

However, being such a novice in this area, I cannot really say how likely this would be to happen, or if it is even a real threat.

I'm in the same boat - that's why I'd like Security Expert's feedback

And here's some more of my 2 5 cents to Consider:

The only time I see more processes running is when I do a switch user to login to my Admin account and stay logged in with my Standard account at the same time.
I don't do this often, but do it occasionally if I need to for whatever reason...such as looking in Regedit from both accounts, or looking at and emptying the Admin Recycle Bin...

I do suggest having an "extra" Admin account always available.
That way if your everyday account gets corrupted for any reason, you have another account that should still work so you can still use the PC and hopefully fix or replace the corrupted account...

I don't feel I really need this because I use System Backup Images and can restore the OS from "outside" the OS in case of any problem other than a MB failure.

But I do keep an extra account available, just as another "recovery layer" option available.

 

[whs]

Not a bad idea. But an even better idea is to only operate on the web with a virtual Linux system. That is very handy and can easily be run sise by side with your Windows 7. And the chances of catching any malware on Linux are very minimal. And should that really occur, just bring a copy of the virtual partition folder back into the system. See chapter 2.2 of this tutorial.

http://www.sevenforums.com/tutorials/288105-safe-internet-browsing.html

 

[gregrocker]

I do suggest having an "extra" Admin account always available.
That way if your everyday account gets corrupted for any reason, you have another account that should still work so you can still use the PC and hopefully fix or replace the corrupted account...

I don't feel I really need this because I use System Backup Images and can restore the OS from "outside" the OS in case of any problem other than a MB failure.

But I do keep an extra account available, just as another "recovery layer" option available.

Unless you're running from it now, you always have the Built-in Administrator Account - Enable or Disable - Windows 7 Forums and can access it from your Win7 disk or Repair CD using Built-in Administrator - Enable from WinRE - Windows 7 Forums.

We regularly help users enable that to create a new User account to replace a corrupted one.

I run Win7 from built-in Admin account - which is Admin without UAC - and have never had a problem. But only those who know what they're doing should do so (you know who you are).

 

[LMiller7]

Very interesting. From what I have been told, and from what I heard a man recently saying on TV, I thought that you guys would overwhelmingly be supporting the creation of a Standard User.

When UAC is enabled an admin account is a standard account for most practical purposes. By default any software you run will inherit your rights and they will be those of a standard account. If that software is malicious it will have tough road to do much harm. Only when you give permission with the UAC dialog do you get full admin rights.

With XP and older running with a standard account is more secure. Then an admin account always has full admin rights and so will any malicious software you run.

 

[Bluesan]

There are different views on this so I'll give you mine as an Installation guy who tries to set up perfect installs as compiled in Clean Reinstall - Factory OEM Windows 7.

When WIn7 is installed it issues an Admin account to the user assuming he is the owner.

As long as User Account Controls are kept at default then the only protection that an Admin Account lacks is that it will not be prompted to okay any changes with a password. It will still dim the desktop and flash the warning that changes are being made. So ask yourself how much more important it is to you to have to insert your password for every change made which triggers UAC. For most it is too annoying a redundancy to bother with.

If others are using your PC it is always a good idea to create for them a Standard Account and then password yours, or use the built-in Guest account.

Others may have a different view which is equally as compelling.

A Standard User's UAC setting is "Always Notify". The Windows 7 "default" is one step below that. Not quite the same.

Personally, I have a standard user account set up. Entering my "root" password to make changes to the operating system is similar to the sudo/su permissions model in Linux, which I'm quite used to. It's all about layering, and a lot of documentation exists, not only from Microsoft, but other sources as well, that suggest that it is a good security practice to have a standard account for everyday use.

 

[Brandon138]

Again I find this very interesting, and I really appreciate you guys engaging in this discussion with me. I feel that I have gained a better perspective on this matter. To summarize what I believe is the overall opinion here, is that; if you are the only person using the computer, creating a SUA offers little, if any additional security, given you do not alter windows security functions at their default level. Although it is highly advisable to create or have created system restore, system repair, and an overall system image, all of which I have done in the past due to the advice of this forum.

So while there are always certain things we can do to boost our overall security, (no system can ever be secure enough) as several others have mentioned, creating a SUA is not really one of them.

 

[gregrocker]

So why does the Win7 installer install an Admin account for the assumed PC owner, without any choice or warning that this is not the Best Practice (if it is)?

 

[DavidE]

Are some defaults really the "best practice" or "best choice for most users" ?

i.e.

I don't like the defaults for how Windows sets up Windows Updates...
I always change settings so I get notified for updates, but I choose when and what to install.
For most users I believe "default" auto install is a better setting, because they would not know to install updates...

There has to be a default install Admin account or folks would not be able to do many things without the built in Administrator account enabled...too geeky for the masses...

Once they have the default install User Admin account working, do most people know how to create and use a Standard account, and why that might be better for everyday use?

 

[gregrocker]

Even when users who get chronically infected use Standard Accounts they always still manage to get infected since they are letting the malware get past. I've never seen any evidence that malware can work its own way past UAC in either of the top two modes. So having the screen flash and needing to enter your own password isn't convincing protection to me.

What's always worked for chronically infected users for me is to keep MSE but add Malwarebytes Real Time protection - $30 for life.

That said, let's hear from the Security experts. It's always a learning experience.

 

[Bluesan]

So why does the Win7 installer install an Admin account for the assumed PC owner, without any choice or warning that this is not the Best Practice (if it is)?

Microsoft suggests a standard user account for all users (I'm not going to post a bunch of links, they're easily found by searching for them). Personally though, I think that they'd like to make a standard user the default, though my guess is, they are reluctant to force the use of one because the "always notify" was the standard in Vista, and it drove a lot of users nuts.

One of the advantages of Windows (if you want to call it that), is that their policy of backward compatibility with previous versions allows the everyday user to feel relatively comfortable with new versions. Unfortunately this policy of backwards compatibility has been the root of many, if not most, security vulnerabilities in Windows since they, in a more innocent world back then, by default, made the first user the administrator. They've rued that decision for years.

I have a son-in-law that in his formative years, worked for Microsoft in their code cave, and now has a consulting firm that administers several 1000+ seat windows clients. He has mentioned to me several times that if Microsoft would once and for all drop backward compatibility, that the expertise exists in Redmond to write a free standing operating system that would knock the industry's socks off. But alas, repeat customers drive Microsoft's business and, IMO, they're stuck, and that's why they continue with the first user being the administrator.

 

[Bluesan]

Are some defaults really the "best practice" or "best choice for most users" ?

i.e.

I don't like the defaults for how Windows sets up Windows Updates...
I always change settings so I get notified for updates, but I choose when and what to install.
For most users I believe "default" auto install is a better setting, because they would not know to install updates...

There has to be a default install Admin account or folks would not be able to do many things without the built in Administrator account enabled...too geeky for the masses...

Once they have the default install User Admin account working, do most people know how to create and use a Standard account, and why that might be better for everyday use?

I've seen the following referenced by posters who offer help in setting up a standard account many times. (I think I've even seen it here once or twice in these forums.)

...UAC was introduced with Vista and was widely maligned due to its in-your-faceness, and though it's calmed down some as Vista has been updated, it seems to have really hit its stride in Windows 7. I like UAC a lot.

But even in its imperfect form, it was a good idea, attempting to brighten the terribly blurry line between administrative tasks and user tasks that has plagued Windows since the early days.

Much of this is due to the early consumer operating systems Win95, Win98, and WinME, which maintained no technical distinction between these roles: everybody was always an administrator, and software developers had no way of even thinking about a separation of roles.

But even with the more modern NT-based systems Windows 2000 and Windows XP, it was so painful to really get your work done as a non-administrative user that most people simply gave up and ran with an admin account. This was almost entirely due to poor habits by software developers: they themselves ran as admins, and simply wrote sloppy code that assumed everybody was one too.

Microsoft has been trying very hard to counter this everybody-is-an-admin mentality, and UAC was their attempt at compromise: if you're going to run as admin, at least we can make you aware of the role differences. This is what UAC is attempting to do...

Microsoft's pickup, and republishing of Steve Friedl's blog post:

Configuring Windows 7 for a Limited User Account

and, the original:

Configuring Windows 7 for a Limited User Account

 

[gregrocker]

MS contributor Friedl's MS blog post from 2009 urging use of Limited Account came before we had five years real-world experience with Win7, including helping here with tens of thousands of installs, all of which were configured as the owner/administrator during install.

I honestly do not see any real world experience pointing to the need to reinstall or convert Admin-level account to Standard, or to even urge that Standard account be default during install.

So why does the Win7 installer install an Admin account for the assumed PC owner, without any choice or warning that this is not the Best Practice (if it is)?

Microsoft suggests a standard user account for all users (I'm not going to post a bunch of links, they're easily found by searching for them).

Do you have a link for this from MS because I cannot find it? I also asked the top MVP at MS forums who isn't aware of it.

 

[Bluesan]

<snip>

Do you have a link for this from MS because I cannot find it?

<snip>

Sure, here's a couple of them for you...

We recommend creating a standard account for each user.

(And it doesn't exclude the Administrator from that recommendation.)

Why use a standard user account instead of an administrator account?

Use standard user accounts

Users should always run as standard users with the following exceptions:

The user travels frequently and may need to install applications or print drivers while traveling.

The user uses applications that require administrative privilege and that an application compatibility database cannot correct.

For information about how to fix application compatibility issues, see User Account Control: Planning and Deploying Application Compatibility Databases for Windows 7 (http://go.microsoft.com/fwlink/?LinkID=148442).

Make the primary user account a standard user account. For users who are allowed to perform administrative tasks on their client computers, create a local administrator account for performing those administrative tasks. When a user is logged on as a standard user and attempts to perform an administrative task, the credential prompt is presented. The user must enter an administrator user name and password, and then click Yes to perform the task...

http://technet.microsoft.com/en-us/library/ee679793(v=ws.10).aspx

And that's, that.

 

[Bluesan]

MS contributor Friedl's MS blog post from 2009 urging use of Limited Account came before we had five years real-world experience with Win7, including helping here with tens of thousands of installs, all of which were configured as the owner/administrator during install.

I honestly do not see any real world experience pointing to the need to reinstall or convert Admin-level account to Standard, or to even urge that Standard account be default during install.

So why does the Win7 installer install an Admin account for the assumed PC owner, without any choice or warning that this is not the Best Practice (if it is)?

Microsoft suggests a standard user account for all users (I'm not going to post a bunch of links, they're easily found by searching for them).

Do you have a link for this from MS because I cannot find it? I also asked the top MVP at MS forums who isn't aware of it.

Sorry, I almost forgot to mention, that if you really believe this to be true, you might want to petition Brink to modify his tutorial. As you said above, apparently part of it is no longer valid for the "real world":

Standard user (Users) - The standard account is an unelevated restricted users account. It can help protect your computer by preventing users from making changes that affect everyone who uses the computer, such as deleting files that are required for the computer to work. It is recommend to create a standard account for each user instead of an administrator account for the user. When you are logged on to Windows with a standard account, you can do almost anything that you can do with an administrator account, but if a standard user wanted to do something that requires elevated rights that affects other users of the computer, such as installing software or changing security settings, Windows will give the standard user a UAC prompt to enter the password of an administrator account for approval and confirmation before allowing the action.

http://www.sevenforums.com/tutorials/507-built-administrator-account-enable-disable.html

Nothing more to add to this thread.