Every new account created on a Windows XP PC is a full-blown Computer Administrator account. Some people think that you shouldn’t use Administrator accounts for everyday work, that most users only need a limited user account. Many Windows XP experts suggest that you create two accounts for each user:
- An Administrator account that you can use to install hardware and software and make major changes (such as adding a new account)
- A plain, limited account for everyday work
The rationale is straightforward: If you’re using an Administrator account and you accidentally run into a virus (or a Trojan horse, worm, or the next big, scary security threat), that bad program automatically inherits your authority. So if you’re using an Administrator account, the bad program can wipe out your hard drive or do just about anything it likes. In actuality, though, the level of protection afforded by running as a limited user isn’t all that great. Malicious programs that can crack Outlook’s address book, for example, can certainly attack the address books of all accounts on the computer, whether they’re Administrator accounts or limited user accounts. And any program that deletes My Documents can get all the My Documents folders on the machine, guaranteed. Anyway, your antivirus software should be looking for malicious programs and protecting your entire machine. That’s simply not the job of an Administrator account. Of course, if you’re using a limited account and you bump into a virus, Trojan horse, worm, or some other form of sniveling scumware, the program can’t do as much damage. Because malware inherits your authority (and limited user accounts don’t have much authority), you may be slightly better off. Slightly. After all, you still have a virus infecting your machine.