Do you use Standard User Account?

  • Yes

    Votes: 33 37.5%
  • No

    Votes: 55 62.5%
  • Total voters
    88

legendcampos

Level 6
Verified
A microsoft account could be either administrator or standard. The main security gain is to use a standard account, whether microsoft or local.
That's true, but you'll have to click more times to authorize the installation a certain program. There are things that require administrator privileges, can make it annoying.
 

Andy Ful

Level 46
Verified
Trusted
Content Creator
hi all,

quick question: If i have an SUA account and i create a shortcut with admin credentials as per:

How To Create a Shortcut That Lets a Standard User Run An Application as Administrator

Does that defeat the purpose of having an sua account? Can malware exploit the saved admin credentials in the same way as if I were using an admin account?
thanks
In this way, you would bring back the credential security to the Windows Vista period. Your log-on admin password would be saved as a clear-text (reversible plain text) in all Windows versions, even in the newest Windows 10. Normally, from Windows 7 (hotfix + reg tweak) and Windows 8.1 (default setting), log-on passwords are saved in the form of encrypted hashes.

Edit.
Yet, I think that using such shortcuts on SUA is the better solution, than using Admin without them.
Harvesting admin passwords, requires admin rights as a start, and the silent process elevation is very hard on SUA, but rather easy on Admin. So, many malware samples will fail on SUA, but will elevate successfully on Admin, and will harvest the passwords using pass-the-hash method.
 
Last edited:
  • Like
Reactions: mkoundo and shmu26

Andy Ful

Level 46
Verified
Trusted
Content Creator
That's true, but you'll have to click more times to authorize the installation a certain program. There are things that require administrator privileges, can make it annoying.
In many cases, the user can split his/her work between SUA and Admin. But, in some cases it would be too uncomfortable. Anyway, for security reasons, it is worth to try.
 
  • Like
Reactions: shmu26