User Accounts

By default Windows is installed on a PC with one account and that account is an Administrator. An Administrator is all powerful and can do anything they wish on that PC. So if an Administrator account becomes infected with a malicious program then that program is also all powerful and can do anything it wants including erasing all your files.

Microsoft tried to reduce the risks by introducing the UAC (User Access Control). The UAC is that annoying pop-up that appears when you try to do something. It darkens the screen and brings up a little pop-up asking you if you wish to allow this action to happen.

Unfortunately the UAC is still not the best protection against malicious programs performing dangerous actions on your PC. A much better method is to create additional accounts that are not Administrators.

In the Control Panel under User Accounts and Family Safety then User Accounts you have the ability to add additional accounts. It is advisable to add an account for each user of the PC setting a password for each. For example you can set a user account for each child that wishes to use the family PC. Each child can set their login picture, name and password but they are unable to install any software. They can surf the internet and create files using the software already installed, but if they wish to install new software they need to ask the person with access to the Administrator account.

Creating non-Administrator accounts for daily use is a great way of reducing the chance of virus or malware infection. I've lost count of how many family PCs I've been called out to that were riddled with malware because everyone was using the Administrator account.

Windows Password Protection

While setting a password to log into Windows is a great idea it should not be relied on to protect important information stored on your PC. The Windows user account password should be thought of as similar to those metal contraptions people used to put on the steering wheels of their cars to prevent theft. A good car thief is not deterred by such a contraption.

Windows passwords only prevent login to Windows. If you took your hard drive out of your computer and placed it in a hard drive docking station connected to another PC you will be able to read the whole contents of the drive.

In order to prevent this it is worth using a version of Windows that supports hard drive encryption known as bitlocker, or to use a third-party drive encryption tool. Alternatively you can download a free file encryption tool such as omziff that will allow you to encrypt your important files so that if your PC is ever stolen you can rest safe that your important files are not accessible to the thief.

One last point regarding Windows passwords is that they are stored in a couple of files on your hard drive and that there are tools available that you can write to a CD or memory stick and when you boot from them they allow you to change the Windows passwords on your hard drive to whatever you want, or remove them completely giving someone access to your login and everything installed on your PC without having to remove the hard drive.

Reduce attack vector and protect your files

Using your PC as a non-Administrator is one of the best ways of reducing the attack vector, or point of entry, for computer viruses and malicious software. Only use the Administrator account when you need to install new applications or update Windows.

To protect your most important files make use of encryption.

Last updated: 16th May 2016

Click here for more information on how to secure your PC