Do you use a Standard User Account for daily usage?

  • Total voters
    61

shmu26

Level 85
Verified
Trusted
Content Creator
I think it's under this sentence: "If malware is running in your split-token account you've given it Administrator access. In the worst case all it takes is patience, waiting for you to elevate once for any reason. Once you've done that you're screwed."

If you switch to another account the malware cannot use the elevation (it's another account... I don't know if I'm clear, it's not really clear for me too !)

Help @Umbra ! :confused:

The problem, is that it's braking the superb usability of the uac :(
Thanks. That makes sense, at least to me.
I have UAC set high, and I get a UAC prompt every time I do something as simple as run a Macrium Reflect backup job. So it sounds like UAC is a waste of time for me, because I often need to enter my admin pin.
 
D

Deleted member 178

I think it's under this sentence: "If malware is running in your split-token account you've given it Administrator access. In the worst case all it takes is patience, waiting for you to elevate once for any reason. Once you've done that you're screwed."
If you switch to another account the malware cannot use the elevation (it's another account... I don't know if I'm clear, it's not really clear for me too !)
Exact

The problem, is that it's braking the superb usability of the uac :(
Usability is why UAC was created in the first place (imo big mistake) to avoid the need to sign in into admin account...it was strong on WinVista but whiners made it weak on Windows 7. Now there is rumor that MS will lock it to "max" setting without possibility of changes.
 

tonibalas

Level 40
Verified
Trusted
For about 6 months i am running SUA after the suggestion of @Umbra and other staff members.
At the 1st week i had a little trouble to get accustomed to the SUA.
But after that all is good.
When i want to install or try new software i switch to my admin account and proceed with my work.
I think anyone at least should try for a few days using a SUA.
 

Arequire

Level 25
Verified
Content Creator
I've tried multiple times in the past to use a SUA for daily computing but I always end up going back to purely admin. A good number of programs I use frequently require admin access and having to keep entering credentials or to keep switching back and forth between two accounts just to do simple tasks just irritates me.
 

Andy Ful

Level 58
Verified
Trusted
Content Creator
What is "split token" admin account?
What is this article telling us not to do?
From: Difference Between UAC and Admin Approval mode

UAC includes several features and security improvements.

Admin Approval Mode
Admin Approval Mode (AAM) is a UAC configuration in which a split user access token is created for an administrator. When an administrator logs on to a Windows Server 2008-based computer, the administrator is assigned two separate access tokens. Without AAM, an administrator account receives only one access token, which grants that administrator access to all Windows resources.

Why is this functionality important?
AAM helps prevent malicious programs from silently installing without an administrator's knowledge. It also helps protect from inadvertent system-wide changes. Lastly, it can be used to enforce a higher level of compliance where administrators must actively consent or provide credentials for each administrative process.

I have an impression, that SPLIT-TOKEN ADMINISTRATOR ACCOUNT from the article: Tyranid's Lair: Reading Your Way Around UAC (Part 3)
can be normal (not built-in) Administrator account with UAC.

Edit
That would be also consistent with the results of my test (see post #46).
 

AtlBo

Level 27
Verified
Content Creator
Exact, it is why i recommend to install softs or do critical admin tasks on admin account , not SUA.
I've come to think of the p/w prompt in the SUA as a security warning, and a request to change the system. There are only 4 or 5 applications installed that require the use of admin credentials, so I feel like I know that I can take the rest of them seriously if that makes sense. For this reason, I don't feel as though I need to change accounts to run these programs at least.
 

shmu26

Level 85
Verified
Trusted
Content Creator
Sorry, I still don't understand why its better to switch to admin account rather than typing it in a SUA. Someone try to explain it again please. :(
Problem is this: there might be malware lurking in the background, just waiting for admin permission to come along. So if you type in the admin password in your SUA, you just granted permission to that lurking malware.
But if you switch to your admin account, that is not where the malware is running in the first place. So it won't receive permission.
 

roger_m

Level 29
Verified
Content Creator
You're supposed to use the SUA for regular non admin tasks and anything that needs admin credentials you should log out of the SUA and into the admin account. By using an SUA and still entering your admin credentials at the UAC prompt you're defeating the purpose of using the SUA in the first place.
I did not know that. With that in mind, I'm staying with an Admin account, rather than changing to SUA. I'm constanty installing new software and it would just be too much of an annoyance to switch to a SUA account everytime I did this. In the past month, I've installed about 40 programs.
 
D

Deleted member 178

I did not know that. With that in mind, I'm staying with an Admin account, rather than changing to SUA. I'm constanty installing new software and it would just be too much of an annoyance to switch to a SUA account everytime I did this. In the past month, I've installed about 40 programs.
40 in the same day is sure annoying to switch, but 2 a day isn't so hard. A switch take 10sec.
 

shmu26

Level 85
Verified
Trusted
Content Creator
40 in the same day is sure annoying to switch, but 2 a day isn't so hard. A switch take 10sec.
What happens if you leave your admin account running in the background, so you can switch back and forth quicker? Is that a security risk?
 

roger_m

Level 29
Verified
Content Creator
40 in the same day is sure annoying to switch, but 2 a day isn't so hard. A switch take 10sec.
It's 40 this month, not in one day, but sometimes I do install a number of programs in one day.

For the moment, I'm going to stick with just using an Admin account, for the sake of convenience. I'm not click happy (it doesn't matter if I'm emailed ransomware, if I know better than to open the infected attachment) and I keep Windows and vulnerable software updated. In my experience, that is enough to keep me safe. If I'm ever proven wrong, I have backups. Because of this, I don't feel that my system isn't secure enough, or that I need to do every possible thing to secure it as much as possible.

If I rarely made changes to my system, then I most likely would use both Admin and SUA accounts, as it would not be much of an inconvenince in that situation.
 

_CyberGhosT_

Level 53
Verified
Trusted
Content Creator
Can default Admin account be hidden from Login screen? Hate the idea of having 2 accounts on a single-user PC.
I think there is a tweak for that Spawn, I too hate it, I will do some digging I remember reading something about it.
If I find it I will PM you the Info, if that's ok ?
 
Top