Posted in Security Windows

Basic security rules under Windows

June 16, 2006 - No comment

- Run your session as a “user”, don’t ever run your session as “administrator” if you don’t need it
- Read your emails as plain text, HTML emails could contain bad code (and write as plain text as well, I cannot stress this more : emails were not designed for HTML !! Screw you with your incredimail and the like !!)
- Run a firewall and antivirus on your workstation
- Regularly try to download the test virus from eicar.org to see if your antivirus software is still running (viruses usually take over protections on your computer)
- Use Mozilla Firefox and Mozilla Thunderbird instead of Internet Explorer and Outlook Express
- Don’t forward emails with your 50+ recipients disclosed… dang, please use BCC (this rule also applies to a 10 recipient forward eh)

By just running your session as a user, you’ll stop 99 % of the viruses of spreading across your machine.
Working as power user doesn’t help, 90 % of viruses will still get through.

Playing games as well as some programs may require administrator privileges to run properly.

Who is to blame ?
- Microsoft for not stressing the principles of administrator vs user privileges for the sake of ease of use
- Poorly designed software requiring administrative privileges while it could run without
- Script kiddies (e.g. : boyfriend spying on her girlfriend with a keylogger, this is so lame)

Leave Comment

Please consider visiting the partners below if you enjoyed this article :

If this post saved you time and money, please consider checking my Amazon wishlist.

Before submitting, some rules :
- Is your comment related to the article ?
- You're having a problem ? Have you checked Google, other howtos, docs, manpages ?
- You're still having the problem ? Have you raised log verbosity, checked traces, ran tcpdump ?
- Have you checked your configuratoin for typo ?
Unless your comment is providing additional info or respect the rules above, DON'T comment.
If you don't understand what you are doing, I urge you to read the documentation, I'm not your free Level 1 helpdesk guy.