How effective is using a limited user account to surf the net? I’ve read
that if you get infected with a virus/trojan etc,the amount of damage caused
can be dramatically reduced if you were logged on with a limited account. Also
if I set up such an extra account (for surfing), do you have run anti virus
updates, and do scans on both the administrator and limited account, or does an
ONE anti virus/anti spyware scan cover all the accounts on the computer.
In a word, yes – Limited User Accounts are very effective at reducing the
potential impact of a virus or spyware.
Unfortunately my experience has been that they’re also effective at reducing
your abilities in other areas as well.
Become a Patron of Ask Leo! and go ad-free!
I’ll be honest … every time I’ve attempted to set up a Limited User
Account (often referred to as LUA), I’ve been frustrated, and eventually ended
up reverting that account to full administrative privileges.
My frustration is not with LUA itself, per se, but with other software.
The concept behind LUA is simple: you don’t need every privilege on your
machine in order to do most day-to-day activities. Surfing the web, sending
email, writing documents or balancing your checkbook do not, and should not,
require anything other than the most basic of permissions on the computer.
Taking away certain types of permissions – such as the ability to write to
certain system directories, install activex controls and the like – means that
it’s more difficult for malware to do those things if you happen to run across
it as a Limited User. Since so much malware relies on exactly those types of
operations, it’s actually a very effective strategy.
And yes, even though I have my own frustrations with it, I do recommend it,
if possible, as a very valid step towards increasing the overall security of
your system. I particularly like the idea of families setting up their
children’s accounts on a shared computer with LUA.
To do so, by the way, in Control Panel, User
Accounts, click on the account you wish to change, click on
Change My Account Type, and then select
Limited. Note that you will not be able to change the
primary Administrator account, and that not surprisingly, you need
administrative privileges to actually do this to any account.
towards increasing the overall security of your system.”
Now, about my frustration.
Every time I try to run as an LUA, I keep running into things that I can’t
do. Things that I want to do. For example installing software in general is an
issue using an LUA. If that software expects to be installed for the current
user, then logging in as the administrator to install it may still not set up
the software for use in another Limited account on the same machine.
Now, to be fair, there are often workarounds. One could temporarily elevate
the Limited account to administrator just long enough to install whatever
software needs installing. But there are also frequently still complications,
and it’s certainly an additional, somewhat cumbersome step to what’s typically
already a complicated process.
Now I definitely understand that there is a fundamental conflict here – you
want to prevent installation of malware, while allowing the installation of
trusted applications. Unfortunately there’s no easy way to distinguish, so LUAs
must prohibit both – or at least those that affect protected system areas.
The more fundamental problem is that while many applications do need it, too
many assume administrative privileges when they don’t. As a result,
they fail when installed or run from LUAa.
If there’s good news in all this, it’s the answer to your other question
about anti-spyware and anti-virus software. Most of these applications are
installed at the system level, and as such work on the entire machine,
regardless of what user you happen to be logged in as, or even whether you’re
logged in at all.
So, yes, I’m one of those folks who apparently needs to use software that
requires or assumes administrative privileges often enough that running as an
LUA is simply not a practical option for me. My advice to you: try it. I know
I’m an edge case – I do a lot of things that more normal people don’t. You may
find that all your needs are met in an LUA, and as a result, you will
definitely be safer.