Windows 7 RE USERS and SECURITY

[ruggb]

it is purported that creating a separate admin account then setting your admin acct to a std user helps with warding of malware. In order to do any admin tasks u must enter a PW.

The purpose of UAC is to help ward off malware. If set at default, in order to perform admin functions u must dismiss the UAC prompt with a yes/no.

In either case u must do something to proceed.

The question is -- what additional protection does a std account give u over UAC?

IE, what admin tasks can malware perform that will not trigger UAC such that a std account will provide protection?

thx

 

[Mike]

The standard account will require elevated privileges and admin authorization to perform actions that require administrative access. I.E. Overriding filesystem permissions or installing certain software that modifies system configuration or requires administrative authorization.

 

[ruggb]

Thx Mike

But what I am not understanding is - UAC asks about this requesting a clk - for a std user the 'ask' requests a pw.
Once allowed, what is different?

Are there actions UAC does not warn about that a std user prevents?
If so what are they?

 

[Mike]

The elevation prompt requires user interaction to confirm that an authorized transaction is taking place. When an account has administrative access, the account user has agreed to use this type of pre-screening to prevent unauthorized changes to the system that require elevation. For example, as an administrator, you will still run many applications without elevated privileges under UAC. Actions that require elevation will require you to run that program using "Run as Administrator".

Running as a standard user also requires this confirmation, and an administrator password for an additional layer of security.

Here is further information about it, particularly "Over-the-Shoulder" and "Admin Approval Mode" should be of interest to you in understanding these transactions:

Lesson 2: Understanding User Account Control (UAC)