Thanks George -- I believe that also applies to XP pro -- although I noticed that there is an adminstrator login on xp home as well, but since I have given away my xp home machine, I suppose i'll never know what all it supports. my nephew claims it is not at all the same as xp pro, and in some respects that is true, but in the case of types of accounts, it appears to be similar. Take care. --le ----- Original Message ----- From: "George Bell" <george@xxxxxxxxxxxxxxxxxxx> To: <guispeak@xxxxxxxxxxxxx> Sent: Sunday, January 09, 2005 8:19 AM Subject: [guispeak] Re: adaware Hi Laura, I know this relates to Windows 2000, but I don't have time to research deeper. However the general principals still apply. (Watch the URL doesn't split. It should end in admin.htm) http://www.microsoft.com/windows2000/en/advanced/help/defaul t.asp?url=/windows2000/en/advanced/help/windows_security_why not_admin.htm Why you should not run your computer as an administrator You should not add yourself to the Administrators group and you should avoid running your computer while logged on as an administrator. For most computer activity, log on as a member of the Users or Power Users group. If you need to perform an administrator-only task, log on as an administrator, perform the task, and then log off. Running Windows 2000 as an administrator makes the system vulnerable to Trojan horses and other security risks. The simple act of visiting an Internet site can be extremely damaging to the system. An unfamiliar Internet site may have Trojan horse code that can be downloaded to the system and executed. If you are logged on with administrator privileges, a Trojan horse could do things like reformat your hard drive, delete all your files, create a new user account with administrative access, and so on. You should add yourself to the Users or Power Users group. When you log on as a member of the Users group, you can perform routine tasks, including running programs and visiting Internet sites, without exposing your computer to unnecessary risk. As a member of the Power Users group, you can perform routine tasks and you can also install programs, add printers, and use most Control Panel items. If you need to perform administrative tasks, such as upgrading the operating system or configuring system parameters, then log off and log back on as an administrator. If you frequently need to log on as an administrator, you can use Run as. For more information, see Related Topics. Why you should not run your computer as an administrator Use Run as to start a program as an administrator Differences between Windows NT 4.0 and Windows 2000 default security settings Default security settings Add yourself to a group Log off from the computer so someone else can use it -----Original Message----- From: guispeak@xxxxxxxxxxxxx [mailto:guispeak@xxxxxxxxxxxxx] On Behalf Of Laura Eaves Sent: 09 January 2005 05:38 To: guispeak@xxxxxxxxxxxxx Subject: [guispeak] Re: adaware Hi -- this is an issue that has been discussed on other lists I'm on and amongst my various family members... Actually, one reason windows is so insecure for the average user compared to a shell account on a unix or linux system is that on the unix-based systems the root/administrator/superuser account is well defined and separate from all the various user accounts, and administrative operations are typically only done by the system administrator who logs on as root only long enough to do the necessary actions, then does all his/her regular work as a normal user. Non administrative operations are never done running with root or superuser permissions. Compare this to windows, in which a PC comes with the default login being OWNER, which has administrative priveleges, and so the unwary user, when on a malicious web page, or clicking on an attachment or untrusted program, can unleash a virus running with the same priveleges, and can thus infect the whole system and do much more damage than the same malicious program run without administrative priveleges. Now what to do about it... I actually haven't tried this, but one of my nephews has suggested (on xp) setting up the system and installing all the software you want to use as administrator, then creating a separate login with only guest or other non-administrative priveleges and do your regular work there. Now if there comes a time when you need to do something as administrator, you can always give yourself admin priveleges (I forget how to do this easily), but for most operations, this is not necessary. Now this sounds like a good idea in that a non-administrator can't install new programs or update drivers and other system files, and I believe can't munge with the registry. But since windows is generally a single user OS (although it allows for multiple logins), people are used to doing things as administrator, to the point where the boundaries are blurred. It's really funny discussing this on the various programming lists I'm on. Most people who know anything about systems and programming, know that windows is quite full of holes, if you know where to look, but on the one list where there are Microsoft employees, the tone is much different: they don't deny there are holes, but they say it's only because there are so many users that virus writers target windows systems. But that being aside, windows is used much more by people who aren't savvy technically and only use the computer for end user applications and don't want to deal directly with security. So they run as administrator, not even knowing such a thing exists... and the details of what is happening is hidden from them (on purpose, since windows is intended to be simpler to use), but this means that a hacker knows how to sneak in and the average user doesn't know how to protect against it. Sorry state of affairs. But it is quite interesting. Windows is different from unix in that unix/linux separate the operating system from the applications, whereas windows tries to integrate everything together. Well, this is the result... Off soapbox. Hope I haven't confused the issue. Since I tend to be a tech nerd, having been a professional programmer, I like to know what is happening on my windows system, and so experiment with settings and look at log files and the like. And I am (blush) still running as administrator, since as I said, I have to switch so often to doing admin-related activities that I don't want to have to type in a password several times a day. But the option is still there to separate activities. I should try it to see how it affects operation of the apps I'm running. Actually, large corporate and government organizations do run many windows clients with logins in restricted mode, so it is done in practice, but again, the home user often never bothers with such things. Take care and let me know if you find any good spyware removers. I ran one a while back and was amazed how much had been installed on my system without my knowledge -- logs of activity in my temp folder, programs that monitored things, adware, etc. The logging and spyware programs scare me the most as I don't want things like my paypal password being swiped. Now that would be a pain--having some spyworm logging and transmitting your passwords who knows where... Take care. --le ----- Original Message ----- From: "Scott V" <scott2089@xxxxxxxxxxxxxx> To: <guispeak@xxxxxxxxxxxxx> Cc: <helpneededlist@xxxxxxxxxxxxxxx> Sent: Saturday, January 08, 2005 11:38 PM Subject: [guispeak] adaware Is there a way in ad personal co to block the ads from coming in the first place? Thanks ** To leave the list, click on the immediately-following link:- ** [mailto:guispeak-request@xxxxxxxxxxxxx?subject=unsubscribe] ** If this link doesn't work then send a message to: ** guispeak-request@xxxxxxxxxxxxx ** and in the Subject line type ** unsubscribe ** For other list commands such as vacation mode, click on the ** immediately-following link:- ** [mailto:guispeak-request@xxxxxxxxxxxxx?subject=faq] ** or send a message, to ** guispeak-request@xxxxxxxxxxxxx with the Subject:- faq ** To leave the list, click on the immediately-following link:- ** [mailto:guispeak-request@xxxxxxxxxxxxx?subject=unsubscribe] ** If this link doesn't work then send a message to: ** guispeak-request@xxxxxxxxxxxxx ** and in the Subject line type ** unsubscribe ** For other list commands such as vacation mode, click on the ** immediately-following link:- ** [mailto:guispeak-request@xxxxxxxxxxxxx?subject=faq] ** or send a message, to ** guispeak-request@xxxxxxxxxxxxx with the Subject:- faq This Message has been scanned for viruses by McAfee Groupshield. ** To leave the list, click on the immediately-following link:- ** [mailto:guispeak-request@xxxxxxxxxxxxx?subject=unsubscribe] ** If this link doesn't work then send a message to: ** guispeak-request@xxxxxxxxxxxxx ** and in the Subject line type ** unsubscribe ** For other list commands such as vacation mode, click on the ** immediately-following link:- ** [mailto:guispeak-request@xxxxxxxxxxxxx?subject=faq] ** or send a message, to ** guispeak-request@xxxxxxxxxxxxx with the Subject:- faq ** To leave the list, click on the immediately-following link:- ** [mailto:guispeak-request@xxxxxxxxxxxxx?subject=unsubscribe] ** If this link doesn't work then send a message to: ** guispeak-request@xxxxxxxxxxxxx ** and in the Subject line type ** unsubscribe ** For other list commands such as vacation mode, click on the ** immediately-following link:- ** [mailto:guispeak-request@xxxxxxxxxxxxx?subject=faq] ** or send a message, to ** guispeak-request@xxxxxxxxxxxxx with the Subject:- faq