Hi gang! First of all a very important disclaimer: (computer) security is not a product. It's not something you can simply install after which you'll immediately be a whole lot safer. Even if you were able to install the best virus scanner in the world (so: an imaginary piece of software which knows about new virii the very moment they have been designed). Sure this program would keep your computer a bit more safe from nastiness. But it will never be foolproof. Say you get an e-mail telling you how an Arabian prince has lost his precious Llama and is now willing to pay you 20,000 rupees to go look for it, all you have to do is click the link in the e-mail and fill out your personal details. And on said webpage it also asks for your credit card number so that they can sent you the money. Even the best anti virus in the world won't not protect you from this nonsense. If you decide to actually give them your creditcard number then yeah; expect bills instead of money to come in soon. A large majority of all computer breaches and "hacks" and what more could only be accomplished with the direct help of the victim. That's not hacking, that's tricking people into doing stupid things. So... this tip can definitely help you to secure your Windows environment a bit more, but as with all things it's effectiveness heavily depends on how your're going to use it. Don't use Windows as administrator 'Standaardgebruiker' is Dutch for 'regular user'. Windows is a multi-user environment. Meaning that multiple user accounts can be created and you can basically have multiple desktops for multiple people. In order to make it as easy as possible your new account will automatically be set as an 'administrator' account, meaning that you can easily install & remove software, mess with system files (remove stuff from c:\windows) and so on... Fact of the matter though is that you don't need any of this. Maybe if you adapted to some specific habits such as creating a data directory somewhere on C (c:\data) and then messing around in that. That could require a bit more work to set up because Windows expects you to limit your stuff into c:\users\<your name>. That is the unrestricted area no matter what. And if you need to install something? Simple: then any modern Windows version (7 and up) will simply ask you to "elevate" your permissions. In other words: temporarily become an administrator. It somewhat looks like this: ... but it will also contain a password prompt if you have the administrator account secured with a password (something I strongly recommend!). It doesn't even have to be a massively strong password, as long as it isn't something you can "just" click away (as the example above). So how does this work? Simple: If you check your Windows control panel then you'll most likely have an option in there which allows you to manage your user accounts, see also the earlier screenshot. Start by checking if you have multiple accounts, so: if there is already an administrative account. This should be there by default, but a lot depends on the way your system was configured. If such an account is there then edit your current account and tell the system that you wish you change the type from administrator to a regular user. You may need to reset the system and after that you can no longer perform destructive actions "just like that" without having to type a password (or if you didn't set a password then you'll have to click 'ok' on a dialog screen as shown above). For more (technical) information about creating (and editing) user accounts please check this Microsoft Windows support webpage. The advantage of all this should be obvious: software can no longer perform any changes to your system without you knowing; you'll get a security prompt the very moment it happens. And yes, I know that Windows by default can alert you for stuff like that. The major difference here is that you don't get those alerts out of convenience: you get alerts because without you giving your permission (so: without logging on as an administrator) then whatever action is currently running will not be able to continue. That program which easily updates itself in the background? That will most likely no longer work because it cannot update the Windows installed software repository. So you'll get a prompt after which it will be able to update itself. Trying to run a script which tries to infect several files in c:\windows to hijack your computer? Yeah, good luck with that: Do not try this if you're an administrator! The last part is an important one because this setup even has the potential of blocking viruses from infecting your computer. After all: normally software gets installed in c:\program files, and guess what: you no longer have write permissions in there. But what if I need to do admin stuff? Let's say you need to move some directories in c:\program files around, and with this setup you can no longer easily do this. Now what? Simple: run as.... Find the program you want to run, then right click on it and find the option "Run as administator" in the pop-up menu. Once you clicked on that you'll be asked to confirm (or type a password) after which the program will be started as the administrator. Here I'm trying to start 'Verkenner' ("Windows Explorer") as administrator. This works for pretty much every executable there is. And if you need to change your Windows configuration then there's also no reason for concern because Windows fully supports this way of working, every option which would normally be unavailable to you is now marked and will require you to either confirm or to type your password: Notice the yellow/blue shields in the screenshot above? If I click on one of those then Windows will ask me to provide my admin password before it allows me to continue. So even though I'm normally not an administrator I can still perform specific changes to the system if I need to. The main difference... I need to take an extra step. Either by confirming my decision or (in my situation): enter an administrative password. Seems complicated? No need to worry too much... The way this might affect your way of work heavily depends on how you're using Windows. If you have a ton of folders stuffed away in c:\ (such as c:\data) then yeah: you may need to change the way you work (move those to c:\users\<your name>) or change the permission settings on those folders (which would be a guide in itself). It's definitely doable, but it might require you to change how you use Windows. But for everything else... If the most you do is play games, browse the Internet, hang out on Discord and write some emails then you probably won't notice much difference. Until you try to install (or remove) some software of course It's definitely not for everyone, I know some people who tried things this way and hated it just as I know several who are still using it today after I told 'm about this many years ago. "Your mileage may vary" as the saying goes Hope this can be helpful for some of you.
