Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

How do I stay protected using an administrator account?

//

Leo, I’ve heard that browsing with an admin account puts you at more risk and I’m wondering what are some ways to stay protected without switching to a less privileged user account. Also, what is sandboxing?

What you’ve heard is correct. Running with what’s called a limited user account (LUA) is indeed safer.

It’s also something that unfortunately, many people don’t do… including myself.

Become a Patron of Ask Leo! and go ad-free!

The weakest link is … you

The single best thing you can do if you need to run as administrator is to use common sense. Basically, learn to understand where you should and should not browse, what you should and should not download, and just generally what steps you need to take to stay safe online.

Honestly, all of that can really go a long way towards keeping you safe regardless of whether you’re using an admin account, a limited user account, or a guest account. Understanding how to be safe is the single most important tool you can develop.

Unfortunately, of course, it’s not 100% reliable.

CCleaner UACUAC is almost LUA

So the second most important thing you can do if you need to run as administrator is to run Windows 7 or better and have User Account Control (UAC) enabled. UAC is that annoying pop-up that says, “I’m about to change your system. Is that ok?” It’s enabled by default.

With UAC enabled, you’re running as administrator, but not really. You’re running as an account that’s allowed to be administrator, might be a better way to put it. Then pay attention to those pop-ups. Those are the things that are requesting true, full administrative access to your machine.

Often, they are things you want, like a program that you’re installing. Sometimes they’re things you don’t want, like malware. Being able to understand the difference is key to keeping yourself safe.

And naturally, the traditional litany of using anti-malware software, firewalls and common sense is worth reiterating.

Playing in a sandbox

A sandbox is an interesting additional solution. You can think of sandboxing software as kind of a protective wrapper around some other program. When you run that program within a sandbox, it looks to that program like all of the changes that it’s making to your system are actually being made.

In reality, they’re being held by the sandboxing software. When you exit the program, all those changes can be discarded, which is particularly nice if those changes happen to be a malware installation. You shut down your browser, the sandbox cleans up, and all of that malware is gone.

Of course, using a sandbox quickly gets complicated because there are still some changes that you want! Things like your browser settings, or certain cookies, or the bookmarks that you saved, or downloads that you really want to keep and so on.

So it’s not a simple “just do this” kind of a solution without some ramifications, but it can be a very good approach to safety. I know a number of people who swear by it.

Sandboxie is the most common example (originally, a “Sandbox for IE”, hence it’s name). It can now be used to sandbox just about any program you might want to run.

2 comments on “How do I stay protected using an administrator account?”

  1. We recently purchased a domain name, the site administration files, and the site graphics. All was available from an individual who “owned” this, etc. and was running a site for – “non-profit” community. After we send an event announcement with 3 graphics, we received a ton of backlash from someone who was affiliates with the non-profit community. The person who sold everything owns his own web host company, he own(Ed) the domain etc, and was registered on Whois. In the county registrar (public property/business records) the domain is listed as owned by the individual who is throwing backlash, stating the “county registry” is proof that he is the owner of the domain, and site files. Is there any relationship to a county “public record” and the ownership of a domain name, and it’s related files? If yes, how was this available/possible to be sold to us?

    Reply
    • The ownership of a domain name (a specific URL) is held by the registrar. That would be found by the search in whois. Make sure you are looking up the ownsership in a proper whois site such as http://www.domaintools.com/. If this domain was sold to you properly you should now see your name on the registration.

      There is a chance that the domain has whois protection – in that case no name will be showing on the public records but you should be able to see your name in your own official registrar account. More on that in this article: http://ask-leo.com/what_is_whois_protection_and_do_i_need_it.html

      If the individual throwing backlash let his registration lapse, then he has lost ownership, whether or not it is listed in a local county or state registry. I am a web designer and have problems all the time with clients who forget to renew their domain names. As soon as one expires someone else snatches it up – and then they own it.

      The solution to your problem is as simple as checking the official whois registries, that will prove who owns the domain.

      Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.