Running PC in administrator mode

>Primarily, IF something were to infect the computer while logged in as an admin user, whether it be a hacker or malware, the privileges given to the infection may be those of the logged in user.. <

Huh? The reason I thought is was so dangerous Is Because the privileges given the hacker WILL, not MAY, be those of the administrator since he's the logon, and so hacker has Entire Control of PC. Rather than a mere user's level of PC control. BTW, I am the only one using said PC, I created the first and only 'user' weeks ago, until then only having the one 'administrator-user' in XP and operating like that for 3 yrs.

I don't know what scripts and ActiveX really do, but know allowing a new one to run is potentially dangerous. I believe they're blocked, as well as popups; I get the yellow Windows bar alerting me when any of those are detected, asking if it should remain blocked or do I want to run it. Of course don't have P2P sw either.

How do you make your complex password? 'Safe-mode hidden admin', have no idea what this is, or how it is safer.

Is there really such a thing as a 'Secure Browser' and if so which?
I thought 'security' is relative, not absolute.
For instance, is IE7 with current updates/patches more secure than the(now unsupported, but fully functional) Netscape browser, in last updated version(a few yrs ago?).

I can't really answer the first question "Primarily...", except to say that you allow the hacker or malware in, and if they plant an executable file onto the system, (a file ending in .exe), you need to allow it to run, and that will install the hacker or malware package.

If you are aware of that, and don't allow anything to be installed that you are not aware of, then it is more difficult for the 3rd part hacker or malware writer to gain access. For example; using IE to download software. Do you "Download and Run"? Or do you "Download, save to disk, scan the file with your anti-virus, and only if it is clean, double click it to run it"?

The "Download and run" is the default setting in IE. Many people do that, and so pass on permission to whoever created that file.

You need to consider your accounts. It may be I have mis-read what you say, but I believe you only have the original System Administrator account the system arrived with, and a "Limited user" account you have recently created.

What happens if that single, System Administrator" account becomes corrupted? How do you attempt to repair it or recover from it without any other Admin account?

When a new pre-installed system arrives, it does so with a System Administrator account already setup. It has to, otherwise the user couldn't do anything. But it is recommended that the user create a new Administrator account immediately. Once that is done, the exisiting System Administrator account disappears from the Welcome Screen and is only available through starting Windows in Safe Mode.

We also recommed that users create another Administrator account, as a backup in case their own Administrator account fails.

Complex password = Ahe46lajdWiQoad43sj9ds0 - anything above 8 characters, a mixture of capitals, small case, and numbers.

Easy passwords;

Names. Dates of Birth, family names, (wife, children), pet names. ANY nams.
Social security numbers. Telephone numbers. Credit card PIN numbers, (I've seen that).
Admin, Test, Password, (I've seen that too), bank account numbers.

Complex passwords are very difficult for the user to use, and I wouldn't personally use that for my own Admin accounts. But for online transactions with bank, credit card, shopping, I would and I do.

IE is not the most secure browser. It is getting better, (IE8), but since it still has 67% of the browser market worldwide, it is the favorite browser for hackers and malware writers to use to try and 'get in'. Other browsers, Firefox, Opera, Safari, Sea Monkey, are much safer.

Keep your Windows Up to Date.

Mark

Very helpful, Mark, thanks. You didn't misread me, and I follow you. But I did not read or see the recommendation, or I wouldn't have been running XP in 'System Administrator' mode for 3 yrs!, let alone not create more admins as you advise. Thanks for that tip and how and why it needs done! That's exactly why I posted question, was just creating one new user all I had to do? Thanks for advising me it wasn't.

Yes I do as you say in IE when downloading and installing executables. I guess I'll have to make some pwords more complex per your example, never gave that much thought either, although they're not like the easy egs you give. Windows is kept regularly updated.

Finally, my last post was cut b4 the end, it asked...
For instance, is IE7 with current updates/patches more secure than the last updated version of Netscape browser? Should I update to IE8?Mark, None of these is as secure as those you mention?

And, it reads as absolute to me -- the ONLY way hackers can enter and mess things up is by planting a .exe program to my PC so it popsup the 'download' window attempting to get me to run/install it? That's the only way a hacker can do his dirt? If he did this, wouldn't it be obvious when I saw the 'Run' prompt that this isn't anything I actually downloaded myself and meant to install? If it's 'Yes' to both, I don't see the risk of being hacked, seems to me. ??

I guess I've never considered that the risks of getting hacked might be different from getting virused, if so, what are diff's?

Again, thanks. Always appreciate good advice.

...can allow a true hacker to access your machine and use the vulnerability to gain admin access, EVEN IF the user is logged in as a "limited" user.. So, as I stated earlier, those privileges "MAY be those of the logged in user". Still, a home computer usually has very little value for a hacker, therefore such a concerted effort to access your machine is worth the effort. Microsoft has been hacked.. The government computers have been hacked.. Those are worth accessing

Scripts and ActiveX cause active content to run on web pages as well as other programs. Dangerous scripting and ActiveX have the ability to direct your browser to an automatic download which may be spyware or a virus. Preventing those items from running in a browser is one more step toward preventing an infection.

There is no perfectly secure browser, therefore my statement about YOU being the primary prevention tool rings true here.. Just an example, try the free Firefox browser from the link below.. It doesn't automatically allow ActiveX content to run unless you choose to install a plugin which causes it to do so..

http://www.mozilla.com/en-US/firefox/upgrade.html?from=getfirefox

Hope this helps.

Grif

Thanks Grif, for your tips, do I understand you to say using PC in admin mode is No Less vulnerable than in ltd user mode to get hacked, so it REALLY doesn't matter? Or that stealing my financial info is not worth a hacker's time? Your reply indicates that a competent hack can get in there regardless of what mode XP is running in to do his deeds AND that choice of browser is more critical than what level user is running Windows. ??

IF THAT IS TRUE, then I don't need this aggravation of fixing programs, who knows for how many reasons possible, that don't work properly(finding out why is the hard part) in my new 'User' mode.

Thanks all for info abt browsers, but answer this; With always-on DSL connection, whenever PC is on and there is at least one user loggedon to Windows, I thought a hack can harm me then as easily as when a browser is also open? Or is it that a hack can only gain access to PC with and thru an open browser? My belief has been that viruses and malware penetrate only thru an open browser but hacking only needs a Windows user logged on.

Of course I don't know if/how hacking differs from malware.

I understand abt me being primary prevention tool in this, but until I become less ignorant of this, I'm firing my questions. In some instances your good answers have detail that's certainly important to know but confuse in another way(not meant as criticism).

As you say, 'try the free Firefox browser from the link below.. It doesn't automatically allow ActiveX content to run unless you choose to install a plugin which causes it to do so.. '
Are you saying that MY Internet Explorer 7 is NOT like that too? ('Yellow bar with warning if I want to allow ActiveX, popup, etc to run' mentioned prior?) Or just that Firefox is better than IE?

And what abt Netscape browser mentioned b4?

Much thanks
Stephen2217

It really doesn't matter much if you're running an Administrator account or a Limited User account. If someone hacks into your system, then a Limited User account may limit the damage done - or it may not. Does it matter if someone shoots you in one arm and one leg or in both arms and both legs? Either way, you've been shot and are wounded; everything else is merely a matter of degree.

The basics of computer security are always the same: 1) Install strong, effective security software, to include a good antivirus package, a strong firewall and, IMO, three separate antimalware apps, with the antivirus and one anti malware app set to scan continuously; 2) Keep all security software updated: 3) Keep Windows and other applications fully updated (this includes device drivers); 4) Manually scan your rig for malware at least once weekly; 5) Make regular backups of, at the very least, audio/video files, documents, downloaded software and emails, and store them anywhere except on your C:\ drive (A second internal hard drive or CD/DVD is best); and 6) Follow the sound advice on safe web surfing habits that have been given you by others in this thread.

This need not cost you much; there are any number of free software apps out there that will lock down a PC. In fact, I have no paid security apps on this PC. If you need the convenience of a paid security suite's user interface - and don't mind paying for it again and again through subscription fees - then fine. For me, the convenience is not worth the expense.


Paul

overreacted to the sternly worded warning. Reading it 3 yrs late and the bold print.

I will correct my prev note, I ran my PC not in the System 'Administrator' mode but one I created at initial setup with the same admin privileges, I think. A rt click on an app to 'run as', only 2 options are 'Administrator' and 'my namerandomnos'. From what I understand, I'm going to keep running with the latter. Using my newly-created limited 'user' doesn't appear significantly safer than my adminuser always used. And making things work right or completely is ongoing when logged on to user. As well, it all seems to run slower.

I think I use safe practices re security, incl 5 of the 6 that Paul detailed. Have subscribed to an active Trend AV/AM suite for 3 yrs and had one slightly problematic infection. That seems pretty good.

I still ask as far as vulnerability with DSL to being hacked and virused. What difference does it make whether a browser is open?

That's where the YOU comes into play.. I cleaned out my daughter's computer last weekend because she simply can't stop clicking on those "Please install this" buttons which popup while surfing MySpace or Facebook, etc. Spyware was on the machine.

There is no better answer to your question than was previously given regarding the probability of DSL getting hacked or virused. You're taking many of the correct steps but you must always be vigilant. Hacked is different than being virused but many of the vulnerabilities are the same and many of the new types of malware place trojans and keyloggers on your computer which then allow for methods to steal your financial information. So keep your computer secure..

In response to your question about Firefox vs Internet Explorer 7 or Netscape, yes Firefox has better protections regarding ActiveX than either IE7 or Netscape..

Since you mentioned DSL, do you use a wireless router, a router, or just a modem.. Each one has different security vulnerabilities which need to be addressed.. Have you change the default router/modem access passwords? (Most newbies can find the default user name and passwords of most routers.) Have you enabled the firewall on your router? If using wireless, have you created a LONG complex password and do you change it occasionally. if you're using a wireless connection or a laptop, instead of using wireless, have you moved toward using "wired" instead? It's slightly more secure but is the extra security more important than the mobility?

It all comes down to personal choices..

Hope this helps.

Grif