Thanks for sharing your very useful thoughts.
Some users do not want the idea of logging-off and on. Some users has trouble in running 3rd party application that does not run in limited account. This reasons will lead or force them to use Administrator account but I do agree and also recommend to use Admin account only when needed.
For those who prefer to use Administrator account, there are ways to secure administrator account (just in case a user really want to use this admin account or if facing difficulty in running an application that also runs with administrator account.)
Windows XP Security Checklist- Basic and intermediate steps to secure Windows XP at http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm
Home and Office User Tips and Tricks: Help Protect Your PC. Six Tips to Help Protect Your PC and Avoid Security Menaces
For XP Pro users - take advantage of Group Policy Editor to secure the accounts and software. Type GPEDIT.MSC and hit enter!
Here's a thought folks....JUST DON'T RUN AS AN ADMINISTRATOR!!!
Over 90% of the people using their computers (email, web, word proc, etc.) do not need administrator rights. However, most all of them have them, and a lot don't even know it. It's like opening all the doors and windows and wondering why things are getting stolen or damaged.
Here's the advantage, holes that let trojans in, activex controls that do damage, virus infected attachments, etc. DO NO HARM. They (at least the majority of them) all try to install themselves, overwrite system files, change registry settings, change program files, etc. Well, guess what, they all do this in the context of the current user...if the user is an administrator, they do their harm...if the user is running as a limited account, they can do no harm.
Running as a limited user has become very easy with WinXP. Simply setup an account, give it limited rights, and use it. Keep the admin account for when you absolutely need to use it (install new apps, update the system, etc...again something that a large majority of users don't often do.)
This concept is not new, other OS's have employed this for years. For those Unix/Linux users, how mny times have you been told "Not to run as root"?!
Windows is just starting to catch up. But, one big key to this is to insist that the software you run is compliant with these rules. Older software will most likely have some problems, but WinXp let's you deal with those by running them as another user (if needed). However, I would highly recommend insisting that your software carries the "Designed for Windows XP" logo to give you the best and most secure computing experience. Apps that carry that logo have passed certification that they will work *properly* in an environment where the user does not run as an admin.
Folks, this is SUCH an easy prevention method that it too simple to miss. I would still recommend the use of a firewall (which next service pack of WinXp will enforce) and if you wish, some virus scan software for that 1% of viruses that might screw up some files. But by far, this approach will lead most new or non-tech folks to have a wonderful computing experience (which is what it should be).