(Clearwisdom.net) The security of user accounts differs between Windows XP and Vista operating systems. Most commonly Windows XP users are configured to have "administer" rights to the computer. An administrator account can modify the system settings and install software while a non-administrator (regular, or limited user) account is subject to restrictions. Though these restrictions may bring inconvenience, they are good to have from a security perspective. For example, a non-administrator account can't install new files in the system directory. This can prevent installation of most Trojan viruses because these viruses usually need to create files in the system directory. We can benefit by using limited accounts to log into the computers, as this will prevent viruses and spyware from installing. It's easy to use the computer as a non-administrator. Most software will work properly, and many common operations are not restricted.

In Windows Vista, a user account may have administrator privileges assigned to it, but applications that the user runs do not have administrator privileges unless they are approved beforehand or the user explicitly authorize them to have such privileges. In this way, malware is prevented from receiving the privileges necessary to compromise the Windows Vista operating system.

On Windows XP there are two ways to allow administrative operations.

1. Switch to an administrator account and switch back after the operation is completed.

To do this, log off (or switch users) from your limited account, and log in to your administrator account to perform the operation. When finished simply log back into your limited account.

For example to switch to the administrator's account press Start --> log out or switch user

2. Right-click and select "Run as"

For example, right-click the program file you wish to run in Windows Explorer, and select "Run as:" and a menu will appear. Select the administrator account, then enter the administrator's password and click OK. You will then be running the program as the administrator.

Installing New Software

Software can be installed only by users whose accounts have administrator rights. In Windows XP, one can switch to an administrator account, install the software, then switch back to a non-administrator account. Or, one can right-click on the program that needs to be installed and select "Run as..." and selecting the administrator. These extra steps can effectively prevent Trojan viruses from being installed. For example, you don't need to be an administrator to open a Word or PDF file. When a non-administrator opens a word or PDF file, the Trojan viruses hidden in the file that would otherwise infect the computer can't be installed, and the computer will not be infected. Recently discovered viruses that are hidden in Word or PDF files don't work when the system is operated by a non-administrator. For those using special software to circumvent China's internet blockade, the software works fine with a limited user account.

How to Use the Control Panel to Change System Settings

Administrator rights are needed to change many settings in the Windows XP Control Panel. In this case, switching users will not work because after you switch to an administrator account, the configurations that are modified are for the administrator's desktop profile, not for the current user. To change system settings for the current user, you must right-click one of the control panel icons and select "Run as..." (or hold the shift key and right-click the mouse). For example, changing the power options for the current user needs to be done this way. Only the settings in the control panel require the shift - right-click on the mouse. For other programs, users just need to right-click on the program in order to use "Run as..."

Some software requires administrator rights to run. Examples include Nero 6, some FTP programs, and Acronis True Image backup. These programs will run properly by right-clicking and selecting "Run as..." an administrator. Normally you should first try to double-click on the program and see if it will run with normal user rights. If not, then use the "Run as..." and select your administrator account, to run the program. There are not many programs that require this. After some time, you'll remember which applications need to run with administrator rights.

Installing Drivers for Hardware

Administrator rights are needed to install drivers for hardware. When installing drivers for Windows XP hardware devices, it's easier to switch to an administrator account, then switch back after the installation is complete. Alternatively, if and only if you are an advanced user, you could run a command line console as an administrator (find "Command Prompt" in the Start menu, Start --> All Programs --> Accessories --> Command Prompt, right-click to select "Run as..." to get administrator access to the command prompt). All commands issued under this prompt will then be executed with administrative privileges. In the command prompt window, type "compmgmt.msc" to launch the computer manager, where you will find "device manager" for hardware driver installations. Other hardware devices are installed or upgraded by simply running a program that is downloaded from the vendor's website. Simply right-click and use "Run as..." in this case.

To summarize, switching users or right-clicking and selecting "Run as..." can solve most problems a non-administrator might run into. Most operations in daily uses don't require an administrative account. For this small price of inconvenience, using the computer as a non-administrator is rewarded greatly security-wise. Anti-virus software is only effective at detecting known Trojan viruses. Anti-virus software offers little or no protection from new or unknown Trojan viruses. For new or unknown Trojan viruses, only the restrictions that come with a non-administrator account can block them. Operating using a non-administrator account is a fundamental security measure.

To have the most protection, it's best to reinstall the operating system and start using the computer with a non-administrator account.

The first default user for Windows XP is the administrator, so a non-administrator account must be created. The newly-created account should be a "limited" account.

In Vista, even though the default account has administrator privileges, the "user account control" security feature requires approval prior to performing any operation requiring administrative access, so a limited account is not required if the user is cognizant of these prompts. A Windows XP administrator account should be used only when it's needed, using the non-administrator account for daily use.