N/A

Don't Be a Malware Victim
Take Away Your Own Rights for Safety on the Internet

Downgrade yourself from Administrator to Standard User

Internet security experts including Symantec, confess that we are losing the "arms race" against the malware bad guys. Anti-virus software helps, but has limits.

You don't have to be a victim. from the IT experts at MBSG, here is powerful protection you can add for yourself.

The Big Idea

If you are the administrator on your own workstation (PC, MAC, laptop), take away from yourself administrator rights, for day-to-day activities.

How This Helps

Viruses and malware can be very clever in how they trick you into loading them onto your computer. If you have administrator rights to your own computer (which many of us do by default), you may inadvertently 'allow' viruses and malware to infect you. However, if you take away your own administrator rights, you foil the bad guys. If they try to trick you into downloading dangerous stuff, your computer will prompt you for an administrator password. This gives you pause to react.

Q: Don't I need administrator rights for legit stuff, like downloading program updates?

A: Yes, you do. However, you don't need to be working day-to-day, all the time with administrator rights.

A safer approach is to use your powers as administrator only when you need it. Other times, login as another user with less powerful rights.

Q: Huh? Are your suggesting that I have two User accounts – one for day-to-day use and a second User account for when I need administrator rights?

A: Exactly. That is the big idea here.

When the security gurus first suggested this to me, I pooh-poohed the tip. After all, I am a trained IT professional. How likely is it that I would fall for a scam to infect my computer? Would I mindlessly click OK to a seemingly innocent prompt?

Hm-m-m. Maybe there is something to this 'take away my own rights' policy. In our IT consulting practice at MBSG, we routinely take away local administrator rights for our clients' computer. This protects the "innocent and unaware", PLUS it protects the "the aware but busy".

Q: Are you 100% vigilant 100% of the time in your daily computer use? Are you immune from being tricked into downloading harmful stuff?

A: Probably not. Given recent events in the news (computer break-ins at Target, Bank of America, Intuit, and others), our IT consulting experts strongly recommend this simple but effective protection.

Following our own consulting advice, I now perform day-to-day activities under one user account (Robert) and perform system maintenance under a second account (Admin).

How Exactly Would You Set Up Two User Accounts?

This varies by operating system. However, the general principle is the same.

  1. Create a new account such as Admin, which you will use for administrative functions.
  2. Give this account administrative rights and a password.
    Hint: Don't use the user "Administrator" on Windows machines, as that is often a hidden account on your system.
  3. Login as Admin.
  4. In User Maintenance, find your existing account, the one you use every day such as: Robert
  5. Change (demote) the rights on your every day account (e.g. Robert) to Standard User.
  6. For everyday use, continue to use your every day account (e.g. Robert), which no longer has administrator rights.

Voila. Powerful protection, at very little time investment. If you deliberately or inadvertently attempt to download some program that requires administrative rights, the system will prompt you for an administrator password.

For Step-by-Step Detail, see below.

Step-by-Step Technical Details

Here are the steps for Windows 7 computers.

For illustration purposes, there are two accounts in the screen shots below.

Admin The new account that we will set up with administrator rights

Robert The everyday account, where we will take away administrator rights

  1. From your desktop, click on START, then Control Panel. The system will display a screen similar to this. (Showing only top half here).rights_step_01.jpg
  2. In the search box on the upper right, enter: User
  3. The system will display a screen similar to below:rights_step_03.jpg
  4. Now click: Create administrator account.
  5. The System will display a screen similar to the following:rights_step_05.jpg
  6. Click: Create Account.
  7. The system will display a screen with all of your accounts.
  8. Click on the new Admin account you just created
  9. The system will display a screen similar to the following:rights_step_09.jpg
  10. Click on: Create a password.
  11. The system will display a screen similar to this:
    rights_step_11.jpg
    Note: If you are not clear on any warning in the above screen, consult an IT support professional.
  12. Fill in the blanks. Then click Create Password.
  13. Write down the new password and store it in your password file.
    Note: We cover password files in a separate blog article.
  14. Log out of the new User you just created, Admin
  15. Log back in as user Admin
    • Make sure the password you just created works.
    • The next steps are to demote your everyday account (e.g. Robert) to a standard user.
  16. As Admin, from the control panel, navigate back into User Account Maintenance
  17. Select the account you want to demote, e.g. Robert.
  18. The system displays a screen similar to the following:rights_step_18.jpg
  19. Click on: Change the Account Type
  20. The system displays a screen similar to the following:rights_step_20.jpg
  21. Select: Standard User
  22. Click on: Change Account Type
  23. Exit Control Panel.
  24. Voila. You have successfully
    • Created a new account with administrator rights: Admin
    • Withdrawn administrator rights from your everyday account: Robert
  25. For day-today use, use your non-administrator account (Robert).

If the system prompts you for an administrator password, you can pause and think-- before you inadvertently download dangerous stuff.

Summary

Switching between two accounts can be a minor inconvenience. However, taking away your own rights has proven to be one of the most powerful protections against viruses, malware, and internet crooks.

Of course, you still need antivirus software, firewalls, and safe surfing habits. If you have any questions or need help for your organization, MBSG IT consultants are happy to help.

Bob Michlin, MBSG
We design and support the systems that run your business.

MBSG Systems Consultants deploy and support

• IT infrastructure on-the-ground and in-the-cloud

• Accounting software and everything it connects with

• Financial and Operational reporting tools

• Streamlining and automation of business processes