Surf More Safely In Any BrowserMarch 8, 2008 – 6:06 PM
This is one of those ideas that make you want to slap your forehead and wonder why it never occurred to you before. I don’t remember what prompted it, but I decided to do a little experiment with my virtual test PC. I created a low-level user account and then went surfing some of the most spyware-infested web sites I could find.
Guess what? Nothing happened. Not only did I fail to pick up a single hijacker, I never once saw as much as a single ActiveX prompt. As far as I could determine, I was immune to spyware infection. Why? Because in limited mode, Windows doesn’t allow you to do very much. You are not allowed to make the changes necessary for malware to install and hide itself.
That is not much of a revelation. Many people already realize that if you surf the web in limited mode, not as “root” or “Administrator”, then you are much safer. The reason why people, myself included, do not tell internet newcomers to do that is because using a Windows computer in limited mode is nearly impossible.
Don’t believe me? If you have Windows 2000 or XP, try it right now. Go to Control Panel > User Accounts and create a new limited user. Now spend a few days in it and see what happens. Numerous programs that you use, if you are able to install them at all, simply will not work. You will have an unending series of “permission denied” errors as you try to use your computer normally. Because of this problem, very few people use Windows in limited mode.
The main culprit is software developers. Many of these developers create their programs in such a way that a limited user cannot use them. I remember trying to install a copy of PaintShopPro 7 once. First, I couldn’t install it. When I circumvented that by using the “Run As” feature and did install it, I couldn’t use it. That is just boneheaded design right there.
Microsoft is partly to blame. I mentioned the “Run As” feature. What that does is allow you to load a program as a different user. Basically, you provide the log-in password for an administrator account while logged in as a limited user.
The problem with this is that Windows treats that situation as if you are logged into that administrator’s account. Files saved from the program, if launched this way, cannot be stored in “your” My Documents folder. They have to be stored in the My Documents folder associated with the administrator account. Occasionally, a program won’t operate correctly even if you use the “Run As” feature.
Microsoft could learn from Linux on this one. With Linux, you operate normally as a limited user. If you need to do something to the system, you can open a command terminal, give the “root” password and Linux will temporarily give you the same permission as the root-level user. The problems you run into with a limited Windows account simply do not occur with Linux.
So, although it is much safer to surf the web in limited mode, people refuse to do it because of the permission problems they run into. No one wants to run Windows in limited mode.
Well, there is a simple fix for this problem. It is so simple that I wonder why it never occurred to me before now.
Use Windows normally in your admin-level account to avoid the problems caused by bad software design. However, any time you plan to surf the web, log out of that admin-level account and into a limited account. When you are through surfing the web, log back into your admin-level account. If you have any version of XP, you don’t even have to log out of your normal account. Just use Fast User Switching to go back and forth.
I won’t claim that you will be immune to a spyware infection if you do this. I will say that the chances of it happening are very slim.
There is one thing that I want to point out. Windows XP has a really stupid bug. If you create an additional account, the default “Administrator” account will disappear from the Welcome screen. Since quite a few people use that default account, that leaves them unable to log-in from the Welcome screen after they create a new account. This bug is present in XP Gold, XP SP1 and XP SP2.
Unbelievably, Microsoft considers that to be a feature, not a bug. So the chances of it ever being fixed are low. There is a registry hack that will put the account back on the Welcome screen. Do not attempt to edit your registry if you don’t know what you are doing. You could cause some serious problems with Windows.
Don’t worry, there is an easy way around this bug if you don’t feel comfortable hacking at your registry. At the Welcome screen, simply press the CTRL ALT DEL buttons at the same time and a new log-in prompt will pop up. Just type “Administrator” for the user and give your normal password and it will log you in.
If you are one of those people whose computer is infected repeatedly by malware (you know who you are), you should give this a try. I’ll bet that, if you do this, you will not have nearly as much trouble with spyware as you do now.