Journalists poor at defending Windows PCs

Suppose a doctor offered you health advice while chain smoking. It's not a perfect analogy, but two technology journalists were recently shown to engage in risky behavior themselves.

In the Windows Secrets newsletter Fred Langa described his encounter with a virus in the LizaMoon family. It's an interesting read, in part for what he doesn't say.

The malicious software needs help from the end user to install itself and, in the interest of journalism, Langa followed all the malicious instructions.

What Langa did not do however, is to me, the most interesting part. He did not need to deal with UAC (User Account Control) which indicates that his Windows 7 computer was logged on as an administrator. In fact, nowhere in the article does he even discuss the concept of restricted* vs. administrator accounts.

A Windows administrator class user can do anything they want to the system. Malicious software obviously benefits from this unfettered access to the entire system. Restricted users are limited in their access to the core of the system which should prevent the worst tpes of malware infections. 

Running Windows XP as a restricted user was possible, but took determination. The feature was not well implemented in XP which, for example, won't let you click on the time in the bottom right corner of the screen to see the calendar if you are a restricted user. And, any time you switch users in XP your desktop icons get moved around.

As much as I hate Windows 7, I have to give operating system it's due, it does a great job of running as a restricted user far better than Windows XP.

I have been using Windows 7 as a restricted user almost from day 1. Whenever I do something requiring administrator rights, the system prompts for a password (see below). It's quick and simple, just the way an operating system should work. And, Windows Update runs fine when logged on as a restricted user. I can't recall ever having to logon as an administrator for any reason.

win7_admin_prompt_small.jpg

Dwight Silverman, of the Houston Chronicle, also just showed himself to be a chain smoker.

A Windows 7 computer belonging to his son got infected with malware. The story was meant as a plug for a relatively obscure anti-malware program. What I took from it, however, was that his son was logging on to Windows 7 as an administrator.

Why? Why did both Langa and Silverman make such a questionable decision?

If you tried to run Windows 7 as a restricted user and gave up on it, please let me know why, either with a comment below or by email (my full name at gmail).

Here is my suggestion: 

Consumers typically have a single administrator class user, so I'll consider that the starting point. Assuming the lone userid is "Harvey", then I suggest:  

  1. Create a new administrative user (Control Panel -> User Accounts) called HarveyAdmin with the same password as user Harvey
  2. Logon as HarveyAdmin and change user Harvey to a "standard" (restricted) user
  3. Logoff user HarveyAdmin

That's it. You may never need to logon as user HarveyAdmin again. Having the same password for both Windows userids makes the scheme easier to live with.

On a new computer, I start out with two users: MichaelAdmin and MichaelRestricted. In the screen shot above, I was logged on as a restricted user and you can see that the prompt is for the password for user MichaelAdmin. 

Both journalists shared another interesting tidbit about their malware infections, the computer was running Microsoft's Security Essentials. Consider that a word to the wise, both about MSE and about depending too much on anti-virus software.  

I can't help but think how each infection may have been prevented if Sandboxie had been employed. By putting up a virtual wall between the system and an application, Sandboxie offers a whole different type of protection.

Running as a restricted Windows user is not perfect malware protection, but it is safer than logging on as an administrator. This defensive tactic doesn't get the attention it deserves. There's no money in it.

*Windows 7 calls restricted users "standard", Windows XP called them "limited". Why two names? Beats me. In the interest of being understood, I avoid both terms.

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies