Is using an admin account unsafe in Win7?

ScretHate

[H]ard|Gawd
Joined
Jun 5, 2001
Messages
1,889
I know the most secure set up is to run as a limited user. However, I find it annoying to have to enter my password so frequently.

So, as long as long as UAC is set to maximum, is using an administrator account considerably less safe?
 

rflcptr

Supreme [H]ardness
Joined
Mar 27, 2008
Messages
6,202
I know the most secure set up is to run as a limited user. However, I find it annoying to have to enter my password so frequently.

So, as long as long as UAC is set to maximum, is using an administrator account considerably less safe?

You could actually change the elevation prompting behavior under admin to prompt for a password, so you don't have to create a standard account (if you still wanted to enter a password :p).
 

devil22

2[H]4U
Joined
Jan 1, 2003
Messages
3,837
I know the most secure set up is to run as a limited user. However, I find it annoying to have to enter my password so frequently.

So, as long as long as UAC is set to maximum, is using an administrator account considerably less safe?

Attacks against UAC are mostly theoretical, I mean first you have to have malware already running on the system, then you have to have insecure software that you run as admin - but loads code that was write-able by the limited token you normally run with, that the malware managed to 'infect', so that the admin level code would execute the malware. Sure it's 'possible' but highly unlikely, because Windows 7 (and Vista) has a lot of anti-exploit techniques, which will keep malware off the system in the first place, and because software that runs as described probably is rare. So far I haven't heard of any malware that tries this 'attack' method, because it is too difficult to get on a Windows 7 system in the first place probably. Just run MSE and you should be ok. I've run Vista, and now Win 7 for 3+ years and have not had a single malware infection, despite the fact that I surf the shadier parts of the web on a daily basis. Some other security advice, would be to run x64 (KPP, only in x64 Windows, stops kernel modifications and unsigned drivers thereby twarting rootkits) and maybe use chrome, since it was the only browser that survived the pwn2own hacking contest, and it does sandboxing. And check out the security guide in my sig.
 

bigdogchris

Fully [H]
Joined
Feb 19, 2008
Messages
18,440
Recently in the news it said that 60+% of all Windows exploits are prevented simply by running as a limited user. This included 100% of Microsoft Office exploits.
 

devil22

2[H]4U
Joined
Jan 1, 2003
Messages
3,837
Recently in the news it said that 60+% of all Windows exploits are prevented simply by running as a limited user. This included 100% of Microsoft Office exploits.

Yes, but UAC runs you with a limited user token, unless you elevate, and you can elevate running as a limited user too. I'm not familiar with that study, but it probably refers to XP users and people who turn off UAC, not people who run Vista/7 with UAC on since that is running as limited user.
 

bigdogchris

Fully [H]
Joined
Feb 19, 2008
Messages
18,440
But from what I understand, it's already been shown the default UAC level in Windows 7 is very exploitable. If you're going to use UAC in 7, you have to turn it up to the maximum level, and it will match Vista's security.
 

devil22

2[H]4U
Joined
Jan 1, 2003
Messages
3,837
But from what I understand, it's already been shown the default UAC level in Windows 7 is very exploitable. If you're going to use UAC in 7, you have to turn it up to the maximum level, and it will match Vista's security.

Oh yea, I was assuming everyone here knew that.
 

xenios

Gawd
Joined
Aug 8, 2008
Messages
992
I personally have it set so that I have to enter a password in every time. Not a bad thing, you do it all day at work, doing it at home is no biggy.
 
Top