Hi malware fighters,
For those who want to run their XP account as nonadmin:
http://nonadmin.editme.com/
The facts:
Total Processes Files Registry
Windows 2000 SP4
User 1 0 1 0
Administrator 19 3 503 2,500
Windows XP SP2
User 0 0 0 0
Administrator 16 20 400 2,774
polonus
Yes a nice site in explaining why you should consider using a non-admin account. Though much of it dates from 2005/2006, it is still relevant, but some of the tools mentioned namely DropMyRights are no longer available (except in Bob’s shared files).
But from my brief reading (though it is a large amount of information, etc.) of it is is suggesting using a limited user account (can use MakeMeAdmin), which many won’t want to do (limited user account) and without DMR it leaves them more open.
but some of the tools mentioned namely DropMyRights are no longer available (except in Bob's shared files).For those interested, you'll find every thing you need on this subject at: http://mysharedfiles.no-ip.org/DropMyRights/
Its important to understand that having a Limited User Account doesn’t mean your completely protected from malware, it mearly limits the chance of infection, so in light of this, i would like to suggest people also read this interesting article: http://www.prevx.com/blog/83/Is-Limited-User-Account-enough-Not-really.html
–lee
It doesn’t limit the chance of getting infected as people will still be visiting the same sites and doing the same things and the black hats will still be trying to infect you by whatever means. All it does is limit the potential for damage, by not allowing files to be placed in system folders and creating registry entries (outside of the HKEY_CURRENT_USER registry area) to run malware on boot , etc.
I don’t say it will stop you getting infected, just reduce the potential and then you are looking at whatever other security tools you have for back-up. Then if the worst comes to the worst you have to have a back-up and recovery strategy to haul you a** out of the fire if need must.
I often read on online boards how many people are saying that using a Least-Privilege User Account (or Limited User Account, LUA) can prevent you from being infected by any kind of malware.While this is a true statement and, indeed, this should be the way to go for a number of reasons which I’ll explain a bit later, the truth is that using a Limited User Account doesn’t save you from every kind of infection.
You seem to of misunderstood, my fault completely for not explaining myself fully. 
The statement for meant for less “computer savvy” users, i have met (and read about online) people who seem to believe that dropping your rights meant you could slack on scanners etc.
So i just felt mentioning it and leaving a nice link (that i feel should be shown to all who use LUA’s) for reference, sorry for any offence, it as not my intention :-\
–lee
Indeed.
Hi malware fighters,
There is no real panacea where malware is concerned. Staying out of harm’s way should be the result of various measurements taken to come to running considerably reduced risks of getting infected.
What we discussed is one form of enhancing your security. I for one use this:
http://www.theorica.net/safexp.htm
Know where the malware vectors come from and try to get protected against it. And know the danger is growing malware doubled over the last year, and the situation is growing worse…
One thing can be said however and I hope everyone agrees Windows as it comes out of the box is dangerous, and still there are a lot of users unaware of this fact.
polonus
Windows as it comes out of the box is dangerousJust remember, this doesn't only apply to the Windows operating systems.
It doesn't limit the chance of getting infected as people will still be visiting the same sites and doing the same things and the black hats will still be trying to infect you by whatever means. All it does is limit the potential for damage, by not allowing files to be placed in system folders and creating registry entries (outside of the HKEY_CURRENT_USER registry area) to run malware on boot , etc.
I’m sorry but i feel i must respectfully disagree here, having a LUA will limit the infection because it reduces (limits) the scope of the infection/problem.
The point i was trying to make is thats its not unbeatable, just harder to exploit/infect and spread.
You can say i don’t know what I’m talking about here, but i feel i do. (no offence intended)
Just remember, this doesn't only apply to the Windows operating systems.
Correct, nothing is truly safe, just harder to “get at” it.
It doesn’t limit the chances you are going to get infected that is largely down to your browsing habits and what you may bump into. For instance, like the earlier hack of the forum, a chance of getting infected and sites are getting hacked all the time. This is entirely different to limiting the potential damage.
Limiting the chances of getting infected is entirely different, you can do that without a limited user account or DMR, etc. By keeping your OS, security software up to date, your choice of browser, extensions, using link checkers, exercising safe hex, common sense, etc. All of these limit the chances of getting infected, without using a limited user account, but they won’t limit the potential damage if anything gets by those defences
Limiting the chances of getting infected is entirely different, you can do that without a limited user account or DMR, etc. By keeping your OS, security software up to date, your choice of browser, extensions, using link checkers, exercising safe hex, common sense, etc. All of these limit the chances of getting infected, without using a limited user account, but they won't limit the potential damage if anything gets by those defences
This is actuary the point i was trying to make, guess i didn’t do to well, o well i never claimed to be good with words
–lee
Actually DavidR overstates his point in his attempt to defend the usefulness of LUA against the points made in the article…
Running with LUA has two benefits
Some infections attempts will totally fail (e.g attempts that require “root”, kernel rootkits)
“Limit potential for damage” - Infections that work fine without using admin rights, but such infections are limited and are easier to detect and remove because they are user-mode (worse case scenario, just delete the account). An admin account that is infected is always more dangerous…
The article merely points out that (1) while true is often over-stated. But reading this thread, one might get the impression that (1) isn’t true at all…
You can say i don't know what I'm talking about here, but i feel i do. (no offence intended)
Well of course you don’t know what you are talking about… You are new here…and not an avast-evanglist 
Hi lusher,
How can you say such a thing, that people don’t know what they talk about? I think lee19 has loads of potential for this forum, he is eager to know and learn, and I am sure he will be one of our malware fighters one day. Lusher, when you were in your cradle you too was tabula rasa, and at that point was a complete n00b. Better start and help to instruct people, inspire people, and do not criticize… discuss rather. Happy Easter to you,
polonus
Lusher,
Well of course you don't know what you are talking about.. You are new here...and not an avast-evanglistAgain you open your mouth when you should have left it closed.
lee 19 (originally lee16) has been here for quite some time. (Probably a lot longer than you)
Stop trying to start fights on this forum. WE DON’T NEED IT
Well of course you don't know what you are talking about.. You are new here...and not an avast-evanglist
See the picture below & click to enlarge.