1
Here are my current User Account Control settings. I'm running Windows 10 Pro, Anniversary Update.
Drew Neilson
Posted 2016-08-25T22:08:24.897
Reputation: 27
Is it secure to have only one user account--an account that has administrative privileges--with User Account Control set to default settings?
1This is the default configuration in Windows 10. Microsoft thinks it's secure enough. – Wes Sayeed – 2016-08-25T22:15:06.767
It's the default UAC settings but it's not secure to always be the administrator. Administrator users are vulnerable to malware the encrypts your files, a normal user is still vulnerable, but in less destructive ways – Ramhound – 2016-08-25T22:27:38.720
Ramhound can you explain why User Account Control's default settings aren't enough? Second, if it is not secure to always be the administrator, why didn't Microsoft, as part of the upgrade to Windows 10, strongly suggest that I change my account to a standard account and create a separate administrative account? Third, what did you mean when you said "a normal user is still vulnerable, but in less destructive ways." – Drew Neilson – 2016-08-25T22:38:52.783
@DrewNeilson Because malware payloads use every trick in the book to be activated. Always running as an Administrator is not the recommend practice, common sense to only run with the privileges you need, and only escalate when required. That basic practice is taught if you receive certifications like CompTia Security+. As an Administrator you can disable the shadow volume, which handles file history, in ways where a UAC prompt doesn't happen. As a normal user that's less likely to happen. – Ramhound – 2016-08-25T22:48:48.090
http://superuser.com/questions/695457/is-it-okay-to-use-an-administrator-account-for-everyday-use-if-uac-is-on?rq=1 – Ramhound – 2016-08-25T22:49:18.467
I would agree, UAC isn't a security feature, just like sudo isn't a security feature. Users permissions are, only running processes at your permission is, having to escalate that permission is a way to prevent escalation vulerabilies – Ramhound – 2016-08-25T22:50:44.977
@Ramhound "Users permissions are, only running processes at your permission is, having to escalate that permission is a way to prevent escalation vulnerabilities" <-- your comment is a bit confusing. Could you edit your comment? – Drew Neilson – 2016-08-25T22:58:31.147
No; I cannot comment, I don't see how the comment is confusing, a user in the User user group on Windows only runs a process at their permission level, they would have to "run as Administrator" to elevate the processes permissions. – Ramhound – 2016-08-25T23:28:40.757