Do you use a Standard User Account (SUA)?

Do you use Standard User Account?

  • Yes

    Votes: 33 37.5%

  • No

    Votes: 55 62.5%
  • Total voters
    88
legendcampos

legendcampos

Level 6
Verified
Aug 22, 2014
286
shmu26 said:
A microsoft account could be either administrator or standard. The main security gain is to use a standard account, whether microsoft or local.
Click to expand...
That's true, but you'll have to click more times to authorize the installation a certain program. There are things that require administrator privileges, can make it annoying.
 
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
legendcampos said:
That's true, but you'll have to click more times to authorize the installation a certain program.
Click to expand...
Right. If you do a lot of installing and uninstalling, then standard user account is probably not so practical.
 
  • Like
Reactions: brambedkar59
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,497
mkoundo said:
hi all,

quick question: If i have an SUA account and i create a shortcut with admin credentials as per:

How To Create a Shortcut That Lets a Standard User Run An Application as Administrator

Does that defeat the purpose of having an sua account? Can malware exploit the saved admin credentials in the same way as if I were using an admin account?
thanks
Click to expand...

In this way, you would bring back the credential security to the Windows Vista period. Your log-on admin password would be saved as a clear-text (reversible plain text) in all Windows versions, even in the newest Windows 10. Normally, from Windows 7 (hotfix + reg tweak) and Windows 8.1 (default setting), log-on passwords are saved in the form of encrypted hashes.

Edit.
Yet, I think that using such shortcuts on SUA is the better solution, than using Admin without them.
Harvesting admin passwords, requires admin rights as a start, and the silent process elevation is very hard on SUA, but rather easy on Admin. So, many malware samples will fail on SUA, but will elevate successfully on Admin, and will harvest the passwords using pass-the-hash method.
 
Last edited:
  • Like
Reactions: mkoundo and shmu26
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,497
legendcampos said:
That's true, but you'll have to click more times to authorize the installation a certain program. There are things that require administrator privileges, can make it annoying.
Click to expand...

In many cases, the user can split his/her work between SUA and Admin. But, in some cases it would be too uncomfortable. Anyway, for security reasons, it is worth to try.
 
  • Like
Reactions: shmu26
You must log in or register to reply here.

Similar threads

lokamoka820
  • Poll
Poll Do You Use Swap on Linux?
Replies
13
Views
416
ChromeOS & Linux
lokamoka820
lokamoka820
F
    • Like
    • Applause
Advice Request Differences Hard_Configurator vs WHHLight
Replies
6
Views
1,333
Hard_Configurator Tools
Tiamati
Tiamati
Victor M
    • Like
Least Privilege for Ubuntu 24.04 Standard User
Replies
2
Views
484
ChromeOS & Linux
Victor M
Victor M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top