ItsGeekToMe.co

Q:  I just read your issue about running in administrator mode (Geek Note: I.G.T.M. #655, February 9-15, 2020). I am the only person in my household and no one uses my computer except me. Do you suggest that I create two Microsoft user accounts (one administrator and one non administrator) and use the non-administrator account at all times unless asked for administrative authority on a particular task?

 Also, I tried to look at feedback on this issue and saw “no comments” on all of the issues. I also tried to register on your website to be able to comment on issues but never received the confirmation email that my registration was accepted. Have you disabled that portion of your website  I like and appreciate your column.

 – Brad B.
Odessa, Texas

A:  As I wrote in the issue to which you referred, Brad, the use or non-use of administrator accounts has been largely made moot by the way Microsoft has implemented security in newer versions of Windows.  I imagine that broad statement requires some further explanation.

These changes started after Windows XP, and persist in current versions of Windows 10.  Among the most impactful of these changes is that even when you are running an account that is set up to have administrator privileges, you really aren’t running in administrator mode until a gatekeeper known as User Account Control, or UAC, obtains credentials to validate your right to access the machine in this privileged mode.  To that end, it’s theoretically fine to run an account with administrator privileges full-time, because it doesn’t have those privileges all the time.  It only has the potential to do so.

If that was the entire scope of the issue, that would be end of the answer to your question.  But time and experience have taught me to be more cynical when it comes to computer security.  Though I’m not aware of the existence of such a capability, I wouldn’t put it past some brilliant hacker to come up with a way to programmatically respond to the UAC query and silently flip on the administrator mode switch when you’re not looking, giving it the ability to have its merry way with your computer.  If the day comes when such a capability exists, running a non-privileged account would be the first line of defense against it, since in such an account there is no administrator mode to enable.  With that in mind, the answer to your question is yes; having two accounts is exactly what I’m advocating.  The one for everyday use should be a standard user account, and only the one for performing actual administrative functions should be configured with administrator privileges.  Aside from the security aspects already mentioned, such an arrangement forces you to be more aware, and therefore more careful when installing software or making other changes to your computer, rather than doing it on the fly, as if it’s not a risky process.

To answer your other issue, the intent is to still have the ability for people to sign up on ItsGeekToMe.co (for free, of course) to leave comments.  As the site administrator, I seldom see it the way a regular user sees it (See?  There’s that administrator privilege again!).  If there was a problem with the sign-up, I wasn’t aware of it until you mentioned it.  So, thanks for the head’s up.  As for the lack of comments on articles, well, I guess an archive of my columns isn’t enough of a draw to bring in the thronging hordes of geeks that I’d love to see using my site.  I’ve got a few ideas for new content, but little available time to get them running.  Watch this space though, because you can bet I’ll let my readers know when something new is up.  Meanwhile, like and follow column’s Facebook page.  The occasional posts there are an eclectic combination of tech humor, security warnings, and relevant stories from other sources.