It Really Is Simple

I have seen a host of difficulties described by others on many help and support sites that most likely would have been prevented if my favorite tool had been in use.

I'm talking about User Accounts. One should never, ever run routinely under an account in the Administrators Group. It's the equivalent of giving a thief the key to your front door and posting a sign on the door telling him when you won't be at home.

XP Professional requires at least two users in the Administrators Group (and it's a good security practice to implement this strategy in XP Home). One is the default Administrator, and the second is you, if you have not setup a third account for normal use. If you don't setup an account when you install XP, that second one in the Administrators Group is usually called Owner. On my machines, I have the default Administrator, another account I create and usually name Admin in the Administrators Group, and at least another account in the Power Users Group that I logon for normal computer use.

From "Help and Support:"

"Password reset disk overview

To help protect user accounts in the event that a user forgets the password, every user should make a password reset disk and keep it in a safe place. If the user forgets his or her password, the password can be reset using the password reset disk and the user will be able to access the computer again.

For information about creating the password reset disk using the Forgotten Password Wizard, or for information about using the password reset disk and Password Reset Wizard to gain access to the computer, click Related Topics."

My DSL runs through a Router/Switch with hardware firewall. I only log in as Admin when I'm doing updates, doing malware scans, or other maintenance chores that require Administrator privileges. On my desktop are 5 accounts (not including the two in the Administrators Group) and one is my 16-year-old son who loves gaming and has never seen a gaming URL he didn't like. I run IE8 on Medium-High Security level, Microsoft Security Essentials as services for all user accounts.  I run a manual scan with SUPERAntiSpyware free edition from time to time. 

I have no malware problems. I don't have Windows crashes, no BSOD's. Everything just works


You must be logged on as a member of the Administrators Group to make these changes, but then you can upgrade your security simply by logging off the Administrator account and logging back on as a member of the Power Users Group.

And remember, never open an email attachment unless you are expecting to receive it. If in doubt, reply to the sender and ask what the attachment is, and why it was sent.