Is this the most basic of ALL Internet Security Procedures??

I must have "missed" this day in 'Web-Surfing/Internet Security Class' (*joke*).

Up until about a year ago, I didn't realize that it was "dangerous" to visit the internet from an Admin. Profile/User Account/whatever (no wonder I used to have the problems I was having!). Thanks to a gentleman here, I no longer do that, but my question is: As I seem to have to switch back and forth a bit (much more than I'd like to) from my "Standard" or "Limited Access" account TO the Admin account, should I simply push the power button on my cable modem each time before I switch into Admin? Is there another, better, simpler way - or is that just "IT"?

Thanks,
g

 

Sorry, I don't understand.

Say I'm surfing the internet, checking email, sending email, looking at websites - whatever. Suddenly, I want to, or realize that I need to, do something from the Admin side (some sort of maintenance/clean/security operation or for whatever reason - something that can ONLY BE DONE FROM Admin.), and I want/wish/need to switch immediately FROM the standard/limited user account that I use to visit the web/net, TO my Password Protected - and potentially sensitive (and/or vulnerable to attack when I am in it) Admin account - question is: I should NOT be IN the ADMIN account AND ON THE INTERNET AT THE SAME TIME - correct?


Thanks again,
g

 

Whether or not you're on the internet at the time is irrelevant.

A security-conscious user always runs with the lowest permissions possible for the operation, no matter what it is.

You can see this being implemented in Windows Vista.
With XP, there are usually 2 administrative accounts immediately after a fresh install. 1 is the default, the second is the one you create during setup. Often, these are not password protected, either.

Anything running on these accounts has full control of the registry, and the file system. This power can be abused, obviously.

Vista is different in that there are NO administrative accounts. You get a standard user account, and any time you need to perform an operation that requires higher permissions, you are prompted to allow the task. (And then silly users get annoyed, and disable the prompt. IMO, something like getting annoyed by and removing your kevlar vest en route to a gunfight )

XP has the ability to mimic this if you use the RunAs Service

You may have heard this recommendation in terms of the internet to prevent malware you may get while online from running amok.

 

EXACTLY! (& Thank You) - What I am trying to understand is, I suppose: how long of a period of time is "acceptable" (or wise) for me to be IN the ADMIN account AND ON the internet, AT THE SAME TIME? My problem is, I'll be over in the admin, doing something that can only be done from the there, and "lose track of time" ... before you know it, an hour or two has gone by before I realize that I am STILL in the admin account AND ON THE NET, during which time I am afraid my PC could have been "exploited" or "compromised" (or whatever it's called - "HACKED"!?!?!).

Thx again ...
PS - I only understand all this "permissions" stuff on a very basic level (especially since the display interfaces seem to change every few years, i.e. 95/98/ME/2000/XP & now Vista ... is that all of `em - I'm sure I missed one or two!?!). I REALLY wish I had more time to just sit and learn/work with all this security stuff, but I simply don't (and I am not IN the "TECH Industry"/don't get a chance to work with it every day). As an aside, I'd like to follow-up with someone about some XP security matters as my dear old mom (and me, when I am there) are using XP on her PC, and there is VIRTUALLY NO CHANCE we are going to change her now, after six years w/XP - she is simply too set in her ways, at 67, to change from it, much less GO THROUGH it.

 

If you are using privilege escalation in Vista, or in XP (RunAs service) and earlier as per below, then the question is moot, as only what you are doing will have the administrative privileges. Nothing else. Hopefully, you're wise enough to do only trusted operations like this. We can't help someone who gives their sexy asian screensaver admin privileges, for example

If you are talking about actually logging in as an administrator, then it depends on how secure your network/computer is.

If, for example, you are running connected directly to the internet without a firewall, it could be seconds. You get port scanned, and a service holding a port open gets malicious code ran against it. This can be done automatically by "bots" faster than any human could conceivably do it.

Any hardware firewall (as in most routers) will take the brunt of these attacks.

A software firewall may provide a little extra visibility as to what is making connections to/accepting connections from your computer and from where.

If you're an an admin account with proper firewall protection, then the primary source of infection would be downloaded files that get executed by the user.

Antivirus and Antispyware apps with realtime protection are best in this case, as they will scan any file the user tries to execute, and raise flags before it causes trouble.

Scheduling scans picks up the slack. Hopefully, your security app can detect and remove any files on your system that AREN'T currently in use.

For the best advice, follow the instructions in the How to Protect yourself from malware! thread.

 

Yeah ... I apologize, but I still don't think we're understanding each other - and please forgive me in advance - I am not TRYING to be a wise-@$$ - I just simply AM - or APPARENTLY often 'come-off' that way - rest assured, the problem(S) here are ALL on, and WITH - me. Now, that said ...

I am not looking to subvert any security, nor go without ... that is, what I currently HAVE, or whatever I can have for FREE is all I'm going to have for awhile (the foreseeable future) as I am having some health problems and am currently out of work (read: "BROKE"). A Router (any extra, or new, hardware OR software that would cause me expense, that is) is not in my immediate realm of possibilities as they cost $$ - naturally. Actually, I am probably OVER-Protected now (I tend to be), from a software standpoint, already. It is the configuring of such programs AND, MORE IMPORTANTLY for me, the CONFIGURING OF MY OS (Vista Home Basic, now) that gives me the "worries", in addition to my "habits", such as switching to & fro in the "user accounts" (whilst connected to the internet - read: Exposed - "POTENTIALLY" Exposed, or even "SEMI-EXPOSED" - or "potentially vulnerable" if you prefer, to attack/hack/whatever).

1. When you say; " privilege escalation" - I don't have a CLUE what that ACTUALLY, IS - "EXACTLY" - and "EXACT" is what I need to be. You cannot presume anything where computer technology and I are concerned - everything, pretty much, that I have learned, I have learned "by myself", in a "virtual" sense - nothing "formal", nothing with a REAL LIVE PERSON sitting beside me, assuring, and RE-assuring me that what I am doing is in fact correct/proper/acceptable. Also, I am 48 (next month), and have really only been at this (off & on) for aboutthree or four years. And this, for me, is perhaps the most difficult way of learning things - by reading (especially in forum posts, which are a bit like email!) - I hope (and pray) that someone, is picking-up on this, and will consider it when responding to me.

Thank you very much, in advance,
glenn

1. When you say; " privilege escalation" - I don't have a CLUE what that ACTUALLY, IS - "EXACTLY".

 

Privilege escalation is when you give a task higher permissions than it implicitly has running under your user account.

On Vista, you have user account X. Someone using the X account tries to perform an administrative task (say, installing a printer). However, user X is not permitted to do so, unless the task is given escalated privileges.

On a default install of Vista, user X will get a prompt saying, "someone is installing a printer. Do you want to allow or deny?" (or similar, can't recall the exact wording)

By allowing it, you've escalated the privileges of the task so it can complete.

If you are running Vista, and you haven't disabled this prompt, then you are in good shape! Your system is pre-configured to support privilege escalation. When you allow something from that prompt, it runs as administrator, and then quits. You're back into a standard user account without administrative privileges.

So in Vista, your question really has no meaning, as nothing has admin access unless you allow it at this prompt, and the access is taken away immediately after it is complete.

XP is different in that it has administrative accounts right out of the box.
You can mimic Vista's "privilege escalation" feature by enabling the RunAs service (it is on by default), logging in only as a standard user, and performing administrative tasks using the RunAs service.

Sadly, this isn't 100%; it's poorly implemented. There will be times where you have to log in as an administrator. This is where the security apps come in.

I can appreciate your situation, everything recommended in the thread I linked you to is 100% free. Didn't necessarily recommend buying a router, was just part of my example. You DO need a firewall, however, but there are MANY you can get for free.