Protect Your Computer by Using a Safer, "Least Privilege" Account for Day to Day Use
When Windows is installed, it creates an account name for you to use when you login. Typically, that account is created with "administrative" privileges. Those privileges allow you, and any program you may run, full access to your entire computer. While that may sound good, it represents unnecessary risk. Very few people need full access to their computer for day to day use. Having such access while doing things like browsing the web or reading e-mail means if you, or someone using your computer, accidentally clicks something malicious, it will have full access to your computer, your data, and online accounts used from your computer. It will have access to everything you type including passwords, credit card numbers, and documents. It will also have the capability to turn off your anti-virus software, security updates, firewalls, and other security software. Finally, it can hide itself so you can't see what its doing.
Most people don't need to do the kinds of things on a daily basis that most malicious programs do to perform their damage. So risk can be greatly reduced with relatively little adverse impact if a lower privilege account is used day to day. Doing so follows some of the oldest and most basic security principles in the book - the principles of least privilege and default deny. In this case, using the least privilege necessary for for day to day use and denying privileges by default. This will keep malicious programs that may be run due to operator mistake or product defect from doing extensive damage to the computer.
This practice is particularly recommended for shared or unattended computers and those used by children. Home computers are much less protected than campus computers.
Most computer operators will have little or no problems using this type of account once it is set up. And if problems are experienced, they can always use the riskier account temporarily to accomplish infrequent activities.
MacIntosh computers, a form of unix computer, have been shipping for some time so that the unix root account isn't easily available. However, the default account ( administrator ) does carry more privileges than typically necessary for day to day use. Most other unix and linux systems don't have tiered privilege accounts and encourage the creation and use of non-root accounts during their installation process. Windows computers, the most often targeted and most common, set up a fully privileged account by default leaving them the most vulnerable.
Some minor difficulties may be encountered:
Two web sites with more information about this common sense, low risk configuration are: