Roll Up the Welcome Mat for Hackers

Inviting A Break-In?

Lock the Door!

Microsoft has provided some excellent tools for users to enable secure computing, but if you don't know about them, you can leave the door open to all manner of intrusions and exploits.

One of the biggest open doors for hackers is the ability to install software. For technically-minded, this is generally called running with administrative rights, and running routinely with this capability is dangerous.

Here's why. If you're using a windows login with admin rights while browsing the web, landing on the wrong web page can result in getting infected with malware. Once downloaded, this malware can easily be installed in your system folders if you're running with admin rights.

That's a bad thing.

So here's how to protect your system.

Here's what needs to happen, from the 20,000 ft level, assuming your login has admin rights. If you can't do this, ask your technical support to help.

  1. Create a separate login with administrative rights.
  2. Log out of your commonly-used login and into the new admin login.
  3. Remove admin rights from your common login.
  4. Log out of your admin login and back into your common login.

Once done, you'll notice no difference in how you work, unless you attempt to do something requiring admin rights. When you do, you'll see a dialog asking you to provide credentials (login) with admin rights, as shown here.

You'll see a default admin user to begin with. In this example, that user is gandalf.

If this user is the one you have created, fine. Enter the password for this admin user.

If not, click on the More choices link (red arrow).

You'll be presented with choices, like those shown in the next dialog.

When you click on your choice for the admin user you can use (bottom red arrow), the login name will change (top red arrow).

Enter your password. Press <ENTER> or click the Yes button.

If you entered the password successfully, the system will proceed to perform the requested operations. If not, you'll see the same dialog again in order to re-enter the password.

A few considerations:

  • Disallowing admin rights to your commonly used login will prevent many exploits, but isn't an end-all solution. Practice safe computing!
  • The additional time and effort is well worth it when you consider the effort and frustration involved should you be hacked!