Average Win 10 Owner: Administrator or Standard User?

In the past I have been advised of the security benefits of using a standard user account as my every day account because I was told that being an admin will significantly increase the risk of malware damage on my Win 7 computer.

Is this still the case with the latest edition of Win 10? I don't install a ton of software but I do browse the web enough that I occasionally and accidentally end up on a webpage that seems unsafe. I usually try to quickly close it but I don't know if that comes with risk and if that risk is greater when using an admin account. I have active Norton and surf with Chrome.

What are the general thoughts about which user privilege is best on Win 10 for an average user? Are there any downsides to being logged in as a standard user beyond having to enter an admin password for some programs?

 

If you're only concerned about websites, you could use a program like Sandboxie to run your web browser in a sandbox, which cordons it off from the rest of your computer, minimizing the risk of damage from rogue software. I'd also ditch Norton in favor of a different security suite. I like Webroot Secure Anywhere because it's effective, lightweight, and doesn't nag you to death. Others prefer ESET NOD32.

You certainly can create a separate user account, and this is what you'd want to do if your computer were shared with multiple people in your household. But if it's just you, and you're careful, it's not absolutely necessary.

 

Thanks a lot for the reply. Is Norton not an effective antivirus for Win 10? I haven't kept up with the latest news in that market. When I first got Norton years ago it was well regarded. Any downsides to something like Sandboxie? Is it complicated or cause any performance differences?

The computer will be only used by me but at the same time I don't care about occasionally entering an admin password IF that is the only downside of making my daily user account a standard user. Thoughts?

 

I'd 100% recommend a standard account over an admin account for a regular user (or any user, really), with the only (minor, trivial) downside is that you have to enter in the password whenever you need admin rights.

Think of this scenario: your account is compromised and now an attacker has access to your windows account. With an admin account, they are free to do anything they wish, including installing software, running existing software (like the command line) with admin rights, etc all without you knowing. With a standard account, if they try to do anything of the sort, you'll be prompted for the admin password. If you were not trying to run anything with admin rights, this would (should) make you pause and raise the alarms, so to speak. With a compromised admin account, you have no such warning.

 

Here's my take if your not installing software or customizing it-use standard user account for your everyday usage and only use Admin/Owner with password protection when your software needs updating. This way any installs will be forced to ask for Owner permission before making changes this will alert you to something that you don't want. And for Norton it has grown to become it's own worse enemy a bloatware/malware infested program that wants you to think what it wants. I use MSE/Defender that is free for Windows owners and had no problems so far. I use Admin/Owner but only because I install only needed software not let any installs install themselves as "express" install. If you want to protect your system "Password" the Admin/Owner account this will do far more to protect then a A/V can do and is your first line of protection. This is what alot of Windows owners forget your using the Admin/Owner account when you first setup your account and that is where your problem will begin if you don't recognize this.
1. Make the Admin/Owner Password protected
2. create and use the Standard user account
3. For me I use MSE/Defender and so far been fine
4. I use a hosts edit that blocks unwanted redirects and popups to harden the Browsers.

 

Standard User.
I've been using Standard User almost 100% of the time since Windows Vista (Dec 2006). Works fine.

Back story - Windows XP had some draw backs to this unlike Windows NT or Windows 2000 before it (1996-2001), where I ran as Standard User under NT & 2000, and changed permissions to harden/un-harden it). WinXP "broke" a lot of that and so did the software vendors, IMO, so I ran as Admin User under WinXP.

Exceptions - I login as Administrator to play games or benchmark / overclock and I disable all security software. (Win8.1 and Win10).

No Antivirus, don't really see the need. I do run Malwarebytes Premium (MBAM) for antimalware. Though >80% of the time I do recreational web surfing under Mac OS X or Linux (Firefox). I also use OpenDNS for "protection in layers." It catches about half of the poisonous ads on random sites. OpenDNS is my first line of defense. Plus its name lookups are faster than my ISP or Google's DNS servers.

For people whom I setup computers, I do the following:

• I give them one of my lifetime copies of MBAM (I used to stock up, anytime NewEgg had a sale, limit 3, for like $10/ea). Skip the AV.
  
• I set them up with OpenDNS, and if their router has support, set it to update the IP automatically).
  
• I set them up as standard user, and give them an account with a name like "Install" or "Installs", and they use that for UAC prompts.
  
• Or let them login as admin (IDGAF), it's their property, identity, and risks.

Too, you have to ask yourself or your customer ... if *this* machine, this particular machine right here, gets p0wned by some criminal hacker group overseas, what is the worst you are out? If it is just some forum logins, some steam saved game data, etc. Is that a problem? Now, if you doing banking from this machine or manage your kids' inheritance, the risk profile changes.

 

Thanks a ton for all the replies. It sounds like I should just use a standard user account. As someone unfamiliar with this sandboxie recommendation, is that also an important tool that average users should be using?

Do you think it's important to have a paid account of Malwarebytes that is running all the time?

Finally, I get a bit overwhelmed by AV options. Norton has generally great reviews. I also read that BitDefender is popular as well as Kaspersky. Microsoft's Windows Defender seems to do worse in reviews on major sites so I'm not sure what to make of it. It feels like a zoo with regards to picking AV.

I haven't had any problems with Norton in the past but it's a bit alarming to read that it's malware and bloat in itself.

 

I am admin. Have been so for quite some time. All other users are standard.

 

As much as I smirk at your joke, I'd really appreciate your honest opinions on my questions as well

 

Anyone care to take a stab?

 

use ESET NOD32 Antivirus. it's one of the lightest, has protection for PUPs as well and has an HTTP scanner so it will prevent any bad/malicious connections. No need to buy the Internet Security Suite, the AV is more than enough

Its the only AV that has no bloat, no system optimizers or online cloud storage or anything else, just a good file scanner with HTTP connection and HIPS (host intrusion prevention system)

 

That is the best for the O/S protection to prevent infection limited to the user account that can be wiped clean and a new account started. And having no effect on the Admin/Owner account.

XP can't secure itself because all users are Admin/Owner and if you attempted to change it it messes up the rest of the other accounts. Changing users in XP to limited doesn't go down well in settings and privileges.

Bad exceptions. Standard users are just fine for gaming and if your having issues then you got hardware problems as well along with driver issues. That are the cause of the problem not necessary the O/S here.

Over simplification - for you probably not but the masses require this because they be default will permit any and all malware infections. Just watch the news online and TV and that is all the facts you need to know. We like to think we know more but that is second guessing that doesn't work in our favor. I have no problems with MSE/Defender in Windows 7 or Windows 10 for everyday usage.

• I setup them up with MSE/Defender and a custom hosts edit and so far no problems when this was all "Free" since they already owned Windows O/S.

I don't set anything on the Router and leave as is but make a new Router password and wifi password and login to further harden their internet and wifi. This is what needs to be done first. And then update their Firmware.

I make a Admin/Owner name of them so they know this is Admin and then make another name like "KiDs" or "Family" standard user so if they mess up the Standard user account it can be deleted and recreated again. Oh and I make recover DVD/USB so that in case of worse case they can wipe clean and restart over.

I create the Admin/Owner as their account and password protect it and tell them to leave as is until they need to update software and then only do that as needed.

That's being over simplified about the issue. All it takes is a matching info from another account for them to make your identity somewhere else.

 

^ If you're using similar account names between silly and serious services or (even worse) reusing passwords between the two, no OS or software will fix that.

However, most of the time you're only going to be attacked by lazy script kiddies who want to put in the least amount of work to achieve their goals; connecting different accounts if you use different usernames and passwords is too hard to do quickly. More likely to be done if you're being attacked by professionals or a government, but in that case software will be of limited help and you have more pressing issues at hand.

 

I keep the Admin/Owner password locked and the Standard user no password that so that you only have to remember the Admin/Owner account only so that should something try to install with Standard account it will require the password and you will know if it is what you want or was a attempted install from bad software or malware this will alert you to stop such install that you don't want.