Neto wrote: ↑Mon Aug 01, 2022 9:42 pm
(I also never go on the internet when logged into the Windows admin account. So I don't need to have any antivirus software installed, either. It just drags down the system.)
tell me more please.
i live on the admin acct, it's a pain to not be able to do what i want, when i want.
but are you telling me, that only the admin acct collects viruses?
how does that work?
and really and truly not need antivirus if i would live on a secondary account?
0 x
Anything seems possible if you don't know what you are talking about. fb meme
How often do you need Administrative permission to do what you need to do? Any process that requires Admin authorization will ask for it, and you just enter the password and go on with it. But only do this if you know that the process that wants to run is one that you initiated. (Although there ARE processes that DO require going into the Admin to perform, but they are not the common operations. Running QuickBooks updates, especially if it is doing more than a single level - "Release Packs" - then if you do the "Run As Admin" procedure, it will perform the first one only, and then will not have the authorization to do the succeeding ones, and while it will TELL you that it completed successfully, it will not have actually done it.)
But this is also the reason why it works as a solid security measure. Any process that needs to install MUST have Admin permission. Running in the Admin account automatically gives it the access to just go ahead w/o you knowing it. But in a non-Admin account it must ASK you to enter the password, so if you do not know what it wants to install, if you did not initiate any installation process, then you do not give it that right, and it fails.
A lot of people will say that I'm full of bologna here, but I have been doing this for more than 10 years, and have not had a single virus infection. (I actually heard this at a workshop conducted by Microsoft, back in the Vista era. And Microsoft strongly urges people to not use the Admin account for daily use. Maybe not as much anymore, because since Win 7 came out, they disable the built-in Admin by default, and so if you don't change the security settings, the User Account Control automatically requires Admin approval in order to do installations. But I suspect that the viruses and so on can get around that. This is because the account itself has the rights to make changes, run Power Shell operations, etc, so they probably contain code that circumvents the default security settings. As far as Microsoft goes, it is unfortunate that they automatically make the log on account you set up when you start up a new system the first time an Admin account, and do not advise you to make a non-Admin account for normal use. I suspect they have their hand in the till with the anti-virus companies, so they don't tell you everything they know about this. In my opinion, they are too confident of the capabilities of the UAC to stop virus attacks.)
Downloading a program you want to install? I always choose the off-line installer (if available), then run the installation in a separate process. It is true, however, that more and more program installers are only 'bootstrap' executables, and may require running directly in an Admin account. So there are exceptions to my "rule". I just do it as quickly as possible, and do not stay logged in as Admin (while connected to the internet) for any longer than is absolutely necessary. (It helps that my computer is not connected wirelessly, and in fact does not have wireless capabilities. So I can simply disconnect the ethernet cable, and I can be completely certain that it is not on-line.)
The Short Answer: If having an antivirus software program running in the background all of the time give you peace of mind, then it's well worth it. But it DOES tie up some of the system's computing power, perhaps mainly the RAM - the memory. At one time I had TWO antivirus programs installed, and that was really bad, because they both thought the other was a virus, so they fought one another. That really slowed the system....
0 x
Congregation: Gospel Haven Mennonite Fellowship, Benton, Ohio (Holmes Co.) a split from Beachy-Amish Mennonite.
Personal heritage & general theological viewpoint: conservative Mennonite Brethren.
Neto wrote: ↑Tue Aug 02, 2022 7:48 am
How often do you need Administrative permission to do what you need to do? Any process that requires Admin authorization will ask for it, and you just enter the password and go on with it. But only do this if you know that the process that wants to run is one that you initiated. (Although there ARE processes that DO require going into the Admin to perform, but they are not the common operations. Running QuickBooks updates, especially if it is doing more than a single level - "Release Packs" - then if you do the "Run As Admin" procedure, it will perform the first one only, and then will not have the authorization to do the succeeding ones, and while it will TELL you that it completed successfully, it will not have actually done it.)
But this is also the reason why it works as a solid security measure. Any process that needs to install MUST have Admin permission. Running in the Admin account automatically gives it the access to just go ahead w/o you knowing it. But in a non-Admin account it must ASK you to enter the password, so if you do not know what it wants to install, if you did not initiate any installation process, then you do not give it that right, and it fails.
A lot of people will say that I'm full of bologna here, but I have been doing this for more than 10 years, and have not had a single virus infection. (I actually heard this at a workshop conducted by Microsoft, back in the Vista era. And Microsoft strongly urges people to not use the Admin account for daily use. Maybe not as much anymore, because since Win 7 came out, they disable the built-in Admin by default, and so if you don't change the security settings, the User Account Control automatically requires Admin approval in order to do installations. But I suspect that the viruses and so on can get around that. This is because the account itself has the rights to make changes, run Power Shell operations, etc, so they probably contain code that circumvents the default security settings. As far as Microsoft goes, it is unfortunate that they automatically make the log on account you set up when you start up a new system the first time an Admin account, and do not advise you to make a non-Admin account for normal use. I suspect they have their hand in the till with the anti-virus companies, so they don't tell you everything they know about this. In my opinion, they are too confident of the capabilities of the UAC to stop virus attacks.)
Downloading a program you want to install? I always choose the off-line installer (if available), then run the installation in a separate process. It is true, however, that more and more program installers are only 'bootstrap' executables, and may require running directly in an Admin account. So there are exceptions to my "rule". I just do it as quickly as possible, and do not stay logged in as Admin (while connected to the internet) for any longer than is absolutely necessary. (It helps that my computer is not connected wirelessly, and in fact does not have wireless capabilities. So I can simply disconnect the ethernet cable, and I can be completely certain that it is not on-line.)
The Short Answer: If having an antivirus software program running in the background all of the time give you peace of mind, then it's well worth it. But it DOES tie up some of the system's computing power, perhaps mainly the RAM - the memory. At one time I had TWO antivirus programs installed, and that was really bad, because they both thought the other was a virus, so they fought one another. That really slowed the system....
I agree with most of this, although I trust UAC in Win7+ a bit more than Neto does. Neto is absolutely correct though that you should use a non-admin account for all of your general computer use.
When Microsoft's built-in antivirus solution, Windows Defender, initially came out it was junk. That has changed to where Windows Defender is generally rated at a similar level to the name-brand AV providers. I now turn on Windows Defender on all of the computers I manage and do not use any other AV product. Much more cost effective and in my experience doesn't take nearly the toll on computer resources that Norton, etc did.
And yes, definitely don't install two AV programs - one is enough!
ken_sylvania wrote: ↑Tue Aug 02, 2022 8:07 am
I agree with most of this, although I trust UAC in Win7+ a bit more than Neto does. Neto is absolutely correct though that you should use a non-admin account for all of your general computer use.
When Microsoft's built-in antivirus solution, Windows Defender, initially came out it was junk. That has changed to where Windows Defender is generally rated at a similar level to the name-brand AV providers. I now turn on Windows Defender on all of the computers I manage and do not use any other AV product. Much more cost effective and in my experience doesn't take nearly the toll on computer resources that Norton, etc did.
And yes, definitely don't install two AV programs - one is enough!
Yes, I failed to mention Microsoft's own Windows Defender. I do not turn it off either (it's on by default), but I don't depend on it. Because I do not do the security updates, my Windows 7 system is running much like the early Service Pack 1 version. (I only install the functional updates required to run programs I have installed.)
So for a Windows 10 (or 11) system, the Windows Defender (or does it have a new name?) is an important factor in security. Windows 7 is completely off-service, so I suppose that there is nothing available from Microsoft that would claim to protect it from recent threats.
In a different vein, what is pushing me toward Windows 10 is that I am now blocked from accessing some websites. I can use the latest version of Chrome, but even sites like wikipedia are marked as 'not secure', and if I force it to go on anyway, it will not display correctly. The motherboard manufacturer MSI, I cannot do any downloads in Win 7 from there, either. I recently had a lightening strike, so I reinstalled Windows 7 from an SP 1 DVD, and then installed my list of off-line updates, and it acted this way from the start. Maybe there is an update I am missing, that would correct this, but I don't know what it would be, or how to search for it. What it is doing is marking some sites as not being HTTPS, even though they actually are. If I search on the error message, it directs me to instructions for the website manager, on how to publish a current security certificate. Some of these sites display correctly after I force it past the warning screen, but others do not. (And some cannot be forced past the warning screen.)
0 x
Congregation: Gospel Haven Mennonite Fellowship, Benton, Ohio (Holmes Co.) a split from Beachy-Amish Mennonite.
Personal heritage & general theological viewpoint: conservative Mennonite Brethren.