I was reminded recently as to why all users should be running with a standard user account on a Windows machine. Up until Windows Vista, users generally have used an administrative account that provided unlimited access to the computer and its resources. While this made it easier to use the machine, it also made it easier for malware to propagate among Windows machines.
It was the fact that some adware was installed on a Windows 7 system that I was reminded why I don’t use an administrative account for my day-to-day account on my Windows 7 systems. Because of this, I haven’t had any malware in the 7 years that I have used systems running Windows Vista and above. Here is the story of
Using an Administrator Account Could Defeat Anti-malware Protection
Malware to me is any software that is installed that can can have a malicious purpose. I include adware in this category as popup ads can lead to more malicious software if the user clicks on a link or button in the adware software.
I was contacted by a user who was having issues with their Windows 7 laptop. They were experiencing popups on the screen, and within Web pages that weren’t displayed in the past. Regardless of the website they were visiting, there would be ads and popups displayed on the screen.
Of course, once I heard about this I immediately suspected malware was installed, probably from a website that was hacked, or from software that was mistakenly downloaded and installed.
In the case of the infected laptop, the user had installed software they thought was iTunes, but it turned out to be other software instead, that installed other, potentially unwanted programs (PUPs) onto their computer. By the time I gained access to the machine, there were about five adware programs installed and an “optimizer” (I use that term loosely) application installed.
The good news was it wasn’t hard to find and remove the offending applications because many had installed themselves and were shown in the list of installed applications within Windows. After running the uninstall programs I then proceeded to continue the cleaning with Malwarebytes Anti-malware and then Microsoft’s Security Essentials.
It did take several runs of both software packages to eliminate the malware, but eventually the laptop became clean again. Unfortunately, the laptop didn’t stay clean for long.
A few later the owner contacted me for the same reason – unwanted popups. This time the owner just indicated they visited websites, and didn’t install any software. The malware installed in the background without their knowledge. I once again cleaned the system, but I went one step further – I created a new administrator account, and changed their account to a standard user account in Windows.
Administrative Day-to-Day Accounts Should Be a Thing of the Past
Let me put it simply: you don’t need an administrator account to use Windows everyday. It used to be that everyone was an administrator in Windows because you need to be an administrator to use Windows. Since Windows Vista, Microsoft has changed the security of Windows to the point where using an administrative account everyday is no longer needed. Changing to a standard user account is a more secure option.
In the case of my story above, had the user’s account been a standard user account instead of an administrator, then much of the malware that needed to removed wouldn’t have been installed in the first place.
The problem with the malware that I had to remove is that it was installed without the user’s knowledge – quietly in the background. With an administrator account, this is possible.
When Windows runs an application, such as an installation, it will run that application under the context of the logged in user. In the case of an administrator, the application will run with unrestricted access to Windows and the computer’s resources. This allows application to silently install in the background.
Standard user accounts are much more restrictive in that those accounts can’t make changes to the system that impact other users. This means that a standard user account can’t install software on a system. When a standard user account in Windows tries to install software, they will be prompted to enter the password to the administrator account to install the software. No password, no software install.
You can probably see how this would have solved the laptop problem. Had the user been a standard user account instead of an administrator, then the adware wouldn’t have been installed without the user’s permission – entering the administrator account password. If they were prompted to install the software, they could have easily cancelled the install and no adware would have been installed.
Besides helping to reduce the chances of having malicious software installed, using standard user account has also been shown to reduce the impact of vulnerabilities in Microsoft applications.
Unfortunately, when you setup Windows the first account that is created is an administrative account. If you are using the same account you have used since you started using Windows, I suggest you check to make sure it isn’t an administrator account on the machine. If it is, I recommend you create a new administrator account, and then switch your current account to a standard user account to help keep your machine protected.