Non-admin user for added security?

[deusexmachina]

I'm being forced into an upgrade because my last machine was getting old and slow and was infested with viruses.

One of my guys is recommending setting up a non-admin user account for the every day use of the laptop so that any undetected Trojans don't have admin rights if they embed themselves. Do you guys think this is even worth it? Or is simply keeping UAC turned ON, will be enough with an admin account?

Laptop
Win 7 64 Home
HP Fingerprint reader

 

[Saga Lout]

In my opinion, it won't matter much if you have a decent, strong resident looking after you. MalwareBytes is free to download from http://www.malwarebytes.com but a small amount of money buys you lifetime resident protection which is well worth having. Microsoft's own Security Essentials utility is as good as any of the current crop and the built-in Windows firewall in addition to your router firewall ought to complete the battlements for you.

I think leaving UAC on in an non-Administrative account will drive you mad in very a short time.

Opinions on this will, of course, vary considerably.

 

[deusexmachina]

Is there even any added security anymore with having a non-admin user since UAC will notify you anyhow? Or is most of the malware able to circumvent UAC?

 

[Gimp]

Personally i would keep UAC fully on it can make users aware of what they are installing, depends how security minded a user is, it can be circumvented no doubt but it may just save you.
You have to remember the firewall and anti virus are the last line of defence against malware, so education about security on safe surfing learning what services and ports are unneccessary and closing the holes.
Don't have more than two administrator accounts. Use a standard user account for everyday use and use runas administrator to run a particular program with admin rights rather than going onto admin account. If you need to go on admin acc do it in safe mode where possible rather than normal mode.
Add ons and programs like WOT, Rapport and browser defender can protect against fraudalent websites by blocking access to them.

Keeping your os up to date and programs will help make your computer more secure.

Hope it helps.

 

[deusexmachina]

Use a standard user account for everyday use and use runas administrator to run a particular program with admin rights rather than going onto admin account.

Gimp- this is really great insight! My problem with running a standard user was that the AMD catalyst drivers that allow you to switch between discreet and IGPUs works only when logged in as admin and continues to give failure messages. This will be the solution for making sure trusted programs are fully functional.

 

[Gimp]

Glad it's answered your question.