[KyadCK]

you shouldn't be taking anything i say as advice. i have many reasons for disabling updates. the biggest of which is the fact that they are huge these days, and if i left automatic updates on for all my computers it would eat my 20gig monthly transfer cap. i like to know when my machine is downloading something big, and so i just stick with the it distribution packs, download once use them many times. i also am not a web surfer. i have a few websites that i go to regularly, i do not use email, or social networking. so i am not at risk for viruses. i have old computers with disposable os installs around just for doing risky things online.

I figured there was a good reason, those that know how to fix it don't normaly make problems for themselves without one. Sadly some people actualy go "look! HE isnt doing it, why do I have to?" and that always leads to pain...

i'm definitely in this group. yes i do things im not supposed to do, yes i make incredibly dumb security decisions. but i can usually have it fixed in an hour or two when something goes horribly wrong. i backup my stuff regularly, and there is nothing on the c drive i would miss if it got wiped. 

And the fact you CAN fix it makes all the difference in the world. No other tech would care how bad you messed up your system either since you arent very likely to ask them for help, and even if you did atleast they wouldnt have to dumb it down. Not that most of that level would dare let anyone else use their main computer for risk of something being done that they don't know about.

[Nuke]

you shouldn't be taking anything i say as advice. i have many reasons for disabling updates. the biggest of which is the fact that they are huge these days, and if i left automatic updates on for all my computers it would eat my 20gig monthly transfer cap. i like to know when my machine is downloading something big, and so i just stick with the it distribution packs, download once use them many times. i also am not a web surfer. i have a few websites that i go to regularly, i do not use email, or social networking. so i am not at risk for viruses. i have old computers with disposable os installs around just for doing risky things online.

I figured there was a good reason, those that know how to fix it don't normaly make problems for themselves without one. Sadly some people actualy go "look! HE isnt doing it, why do I have to?" and that always leads to pain...

i'm definitely in this group. yes i do things im not supposed to do, yes i make incredibly dumb security decisions. but i can usually have it fixed in an hour or two when something goes horribly wrong. i backup my stuff regularly, and there is nothing on the c drive i would miss if it got wiped. 

And the fact you CAN fix it makes all the difference in the world. No other tech would care how bad you messed up your system either since you arent very likely to ask them for help, and even if you did atleast they wouldnt have to dumb it down. Not that most of that level would dare let anyone else use their main computer for risk of something being done that they don't know about.

definitely going to need to put a disclaimer in my tech advise, "this is what i do and it works for me, if you do it too you will probably break something". i grew up in the era where nothing was done for you. you did it and you did it right or you didnt do anything because your rig was in the shop. this kinda creates a learn or die environment which is perfect for learning essential skills. i took the time to read the dos manual for my 286 rig back in the day, people who didnt read it asked me for help. windows came and made everything easier at the same time as opening a new can of worms. of course now you got a generation of users that never experienced that kind of environment. perhaps your early linux adopters may have, linux is an easy os for a newb to break, and you can learn good habbits from it (i never liked it from anything but a dev standpoint myself). but anyone who started using windows with xp or later i find are rather sheltered from the way their computer actually works. my experience doesn't map well to the experience of the new wave of geeks, so my advice will always seem shoddy to them. i also have a less than healthy level of paranoia of both other users, software, and the internet that keeps me safe.

[S-99]

Amazing how doing a lot of tech support for those who don't listen inspires courage, isn't it?

I truly feel sorry for you in this respect. But, that attitude needs to be shaken eventually.

They can learn, but they have to want to first. You obviously -never- trip across the total ignorance of the average user who just wants it to work, and doesn't give the slightest damn how it works or how to stop it from breaking again.

Yes i have, but not so many times as you. I'm a nice guy, i treat them with respect, i also present myself as an understanding human being. This really helps with breaking the ice. If the ice can't be broken, then i make them listen to me. Or i don't fix their ****. I don't bend over for the user. Conduct yourself in a way that makes it obvious your worth the money and it really helps them to understand you.

Oh. So you really are saying that out of your list of antiviruses (when you only even need one) and CCleaner, you can run less. So you are suggesting that these antivirus programs are not needed then? You know, considering CCleaner is just a convenient tool and all... Great logic, amazing how not running in admin eliminates the need for that one anti-virus, I didn't know that. All joking aside, did you know that to run more then one anti-virus is to hurt your system? No two ever play nice, and it always drags the system down.

So enlighten me. What defense programs do you run only in admin mode that users don't need? And no, not tools like CCleaner. Those are used for convenience, not actual defence and are never required in the first place.

Again, we're on two truly different wave lengths here buddy. You did not understand what i meant. I'll put it simpler, do more with less.

When 90% of the work I do requires admin (including fixing other people's computers) guess what gets annoying real fast. Perhaps its the mini system lock out every 2 mins as I'm going through all the 'restricted' folders and programs to fix what broke. It is great for the normal user, it keeps them safe (kinda... most don't bother reading and just pass through it anyway) but it is just an annoyance for any true work.

Then change what is impeding you. Other than that it sounds lazy. It's all about productivity, efficiency, and security. Do what you need to be proficient. I just don't leave an admin account logged in 24/7, it's not the greatest idea. But, don't add so much security that it makes things impossible to do. That two minute folder lockout sounds like it impedes you. Like i said, try to change that. But, it also sounds like your main work computer runs as admin 24/7. When your firewall and virus scanner fail on your work station when you run as admin 24/7, that opens up a security hole to the network via your computer because you didn't have reduced systems permissions as a last defense. Don't **** up.

I don't think Windows handles cleaning up very well, theres no one-stop-shop to clean it all. You'll notice all the programs I listed do exactly what windows does, but faster and better. Why should I bother teaching the average user how to clean it the normal way? Even I don't do it by hand. There are better ways to do it.

I pretty much said earlier that i think windows doesn't clean itself up very well either. One of the big reasons i liked ccleaner. Quite frankly, cleaning up the registry by hand via regedit is not something anybody wants to do. Of course let ccleaner do that, it will do it better. I don't care about the apps you listed.  My point was don't forget to keep up with the changes with new versions of windows, because the moment you're without something as awesome as ccleaner or whatever, then you may not have known what's changed when you're forced to not use awesome programs like ccleaner. This leads to inneffectivity.

Its like saying install Linux next to windows and modify the fully capable windows MBR to recognize Linux as an option (which is a big pain in the ass), or just letting Linux install GRUB and have it recognize windows right away and can later modify with a text editor. Sure, I could learn the built-in windows bootloader... but why? It just doesn't do the job well enough.

It's sort of like saying that for you i guess. I'm not discounting the use of other programs specialized programs. Sounds like a third party windows mbr manager that detects other os installations would be great since ms is never going to support the booting of anything non windows officially from their mbr with the built in windows mbr manager.

Considering Nuke's stance and considerable knowledge in computers, I'm going to go out on a limb and say your generic 'patch windows to keep it safe' logic would have no effect. I explained why, which goes a very long way.

Now you're going back on what you said earlier.

Nuke's concept of 'don't download updates' is a horrible one too, and there is a very good reason why. The main target of any virus is windows loopholes and bugs, of course, we all know this. Interestingly enough, the vast majority of viruses are not made until after the patch is released, telling the virus makers exactly what to aim for. Not keeping your system up to date on security patches is the number one way to open yourself up. That's right, you can blame MS's annoying updates as the main reason your system is at risk.

Yup, you did go back on what you said earlier. And no, i said much more than just patching windows to keep it safe. I said it's a good idea to keep up with security updates, and it's a good idea to run as standard user all of the time. Great job on ignoring the usage of UAC by the way. You'll never find out because it's convenient for you to not.

Running as standard user was never about being paranoid, it's about another great layer of security like firewalls and virus scanners that i find someone in your profession strangely hates. It's another layer of security, that you call paranoid. Go ahead and uninstall your virus scanner and firewall since they're pretty darn paranoid too. I mean, who's to think that someone would actually hack into your computer that paranoid you would meticulously need to maintain which programs and ports have outgoing and incoming traffic allowed.  Or someone who'd send you a virus in an email or lace into a website. ROFL What are the odds? lulz

And yes, nuke has his own way of running computers, like he said, he's pretty old school. He seems to believe in the "if it isn't broken, then don't fix it" concept. That, bandwidth, and other things.

I offered fine advice. You're too easy to stir up. You're an unintentional troll.

[The E]

One more thing about the whole "Do your business in a limited account" thing. It doesn't actually work anymore. Ever since Vista, malware writers have been doing their homework and figured out how to code their stuff to ruin your day even without admin privileges, or using social engineering to trick you into opening the doors for them. The only reason to have separate admin and user accounts is when your computer is regularly used by people you do not want to give the opportunity to do stuff you don't like.

[KyadCK]

What The E said. Also, I completely fail to see how admin mode would disable the firewall or antivirus, or any other security measure. You have also failed to list anything admins need to run that users do not.

The sole purpose of user mode and UAC is to restrict the normal users from doing stupid things. Nothing more.

[The E]

Also, I completely fail to see how admin mode would disable the firewall or antivirus, any any other security measure. You're eating up the MS propaganda.

I don't think MS has ever said anything about AV or firewalls not running in admin mode

Yes, I know that wasn't what you meant. The thing about the "Use a separate Admin account" advice was that, for a time, it actually was genuinely good advice. Now, it only serves as an example of the dangerous cargo-culting that happens in IT, especially consumer IT.

[KyadCK]

Also, I completely fail to see how admin mode would disable the firewall or antivirus, any any other security measure. You're eating up the MS propaganda.

I don't think MS has ever said anything about AV or firewalls not running in admin mode

Yes, I know that wasn't what you meant. The thing about the "Use a separate Admin account" advice was that, for a time, it actually was genuinely good advice. Now, it only serves as an example of the dangerous cargo-culting that happens in IT, especially consumer IT.

I dunno, i think its a good idea to put people who don't know computers in limited user groups and leave UAC on. Even if it doesn't stop malware, it will stop them from harming their own C drive sometimes.

[Mongoose]

Nuke, I think your main problem is that you need an ISP that isn't still stuck in the 20th century.

Oh, and as a living example of how "Limited user accounts fix everything!" doesn't work all that well in practice, the family's Vista machine has been hit with a couple of drive-by Java browser exploits over the past several months, the sort of things that even a fully-updated MSE won't be able to catch.  Nerfs the Windows Security Center, tries to convince you to buy some shady-ass "security" software, the works.  Hell, it happened to my dad the other day just by opening up Yahoo's home page.  And every account on the computer besides the admin account is a limited user.  (It's happened to me a few times too, but I run XP, which means I'm pretty much forced to use an admin account if I want to be able to do anything on a daily basis.)  The only upside is that these exploits tend to be easily fixed by running System Restore, but the issue still remains.  Even with limited accounts and UAC, a third-party piece of software can still have security vulnerabilities that let crap in.

(Now what I need to figure out is why the Catalyst drivers are generating some sort of error, and even more puzzlingly, why my dad's account is the only one getting the error message...)

[The E]

I dunno, i think its a good idea to put people who don't know computers in limited user groups and leave UAC on. Even if it doesn't stop malware, it will stop them from harming their own C drive sometimes.

Oh, I agree completely. Turning UAC off is something one should only do when doing major install work, like an OS reinstall or something.

[S-99]

What The E said. Also, I completely fail to see how admin mode would disable the firewall or antivirus, or any other security measure. You have also failed to list anything admins need to run that users do not.

The sole purpose of user mode and UAC is to restrict the normal users from doing stupid things. Nothing more.

I didn't say how admin mode would disable the firewall or antivirus or any other security measure. I was saying for the event when running as admin 24/7, that you rely on two things for security. One is your firewall. Two is your virus scanner. Time and time again, virus scanners and firewalls do eventually crash. In an admin 24/7 environment that leaves you with no extra layer of security. This is why it's stupid to run as admin all of the time. This is simple. This is why it's smart for administrators to not run as admin 24/7.

It's more than that that you don't see about how handy standard user accounts are. What The E said does not negate the use of standard user accounts effectiveness. It is still inherently more secure to run your computer through a standard user account. It's not just for stupid users. It's great for damage control. And of course, yes, rootkits can run in standard user accounts, but it's still stupid to say "well i should go back to admin" which is an even less secure environment where you malware and rootkits can all run rampant as opposed to just the rootkit risk.

The E, social engineering is a different subject. And i disagree. Standard user accounts are still very effective.

An approval by approval basis for admin privileges lets you run the computer how you want to run it. Running as admin becomes the opposite if a virus gets through and doesn't get taken care of. In which case i liken an admin account to a retard with a shotgun. The retard says yes to everything (yes trojan please access the rest of the system as you want because admin accounts have no permission limitations, or at least not many), and only shoots what you tell it to shoot, but that you may not catch everything that needs to be shot (like that virus that got past you when that virus scanner crashed).

Running as standard user using UAC to temporarily grant whatever you needed admin privileges for lets the retard with the shotgun say yes to only the things you want yes to be said to, and of course still retaining the ability to tell it to shoot whatever you want it to shoot.

It's not about protecting you from yourself on the computer, telling you how to run it, or being paranoid which is being stereotyped lately. It gives you more control over your computer, it also really helps in making viruses have no lee way unless you give them that lee way on purpose (great if virus scanner crashes, viruses wont be able to do crap anyway). It also gives hackers who break into the system a lot less  things to do (if firewall crashes). Aside from people running tight ships for their computers, relying on only a virus scanner and firewall is not a good idea (time and time again one or the other or both crash). So i don't like running as admin 24/7 and never will. I also don't need to worry about people hopping on my computer and installing crap i didn't want on there.

This is not hard to understand. Telling me it's about paranoia, the computer telling you how to run it, or even protecting yourself from the computer is not good reasons for why you shouldn't run as standard user. Everyone has thoughts of UAC being useless. I will point out again, that UAC is only useful when running as standard user.  When running as standard user UAC is not different than gksu or kdesu in linux.
It's a ****ing password prompt for god's sake. In a standard user account, this is a big upgrade over xp's runas window.

In the end, it's not a good idea to run as admin 24/7. Linux and unix have this as a basic foundation of their security. Since vista and the vista rerelease windows 7, people can finally replicate the same security in windows easily. You can do more with less programs in a more secure environment, have a lot less down time, efficiency will raise, mistakes wont matter so much, and it's much less volatile. You cannot tell me running as admin 24/7 is a good idea.

Run your computer the way you want, but telling me i'm offering bad advice when people can tell me nothing more to the contrary than "it's about protecting you from yourself", "telling you how to run the computer", and "it's paranoia". None of those responses tell me how it's bad advice. Those are called emotional responses. Just get your case over with by simply saying "hi i'm kyadck, i like to run as admin, that's my preference". Giving me emotional responses didn't get much done and only showed me that people didn't know what i was talking about.

Kyadck changes and twists what he says, he offers no more than preference, loads and loads of pissy emotion, and lies. Just say, "hey, i don't know what you're talking about". Kyadck either still doesn't understand me, or he does and proves it with twisting what i say and twisting what he says. I've talked about it enough without anybody understanding to know that the audience is stupid and kyadck is an obvious mischief maker who can only concert himself as a liar who's much less valuable than he knows (he just flames people and trolls).

[Nuke]

Nuke, I think your main problem is that you need an ISP that isn't still stuck in the 20th century.

this is a typical rural internet connection. it sucks, but its not like we have other options.

[KyadCK]

And I'll make the TL;DR version for you... You are pissy because no one here has agreed with your 'advice'

I have told you how those in the final catagory run systems, and I have been backed up by others who do the same. You are not in that last group, and it is understandable that you would think us nuts for doing what we do.

And yes, UAC is exactly about protecting you from yourself. As The E said, malware now hides in seemingly legit programs, so as far as the user knows, random program A really is a song downloader. Either way, tough **** if you allowed it, cause now its on your system... with that temp admin rights you allowed. Some of them even get your admin password from UAC when you allow it. Guess what two programs are your actual line of defense. Antivirus and Firewall, just like admin mode. And if they are crashing on you, you better get defensive programs, because the ones you use are obviously ****.

You STILL haven't told me what programs admin mode has to run that users don't to follow the 'less is more' theme.

[Klaustrophobia]

funny, from here it looks like YOU are the one flaming and trolling S-99.  you seem to be on a crusade against those who would disable UAC.

[KyadCK]

funny, from here it looks like YOU are the one flaming and trolling S-99.  you seem to be on a crusade against those who would disable UAC.

Na, I disable UAC because for what I do it gets in the way, however, for the standard user it does provide a good enough warning along the lines of 'are you sure you want to touch that?' which makes at least some people think twice.

If in his first post, he did not end with "And people are certainly dumb to reject my advice on this matter." I would have left it alone.

EDIT: Where in the hell did you get this idea, based on my stance, that I would damn anyone who turns it off? The closest I came to that was "it is for the stupid", which it is.

[Klaustrophobia]

funny, from here it looks like YOU are the one flaming and trolling S-99.  you seem to be on a crusade against those who would disable UAC.

let me rephrase that given the post-ninja

S-99, from here it looks like YOU are the one flaming and trolling.

i personally found UAC to be of no merit whatsoever.  it wants to block EVERY goddamn thing i do on my computer.  YES i'm sure i want to install that.  otherwise i wouldn't have ****ing run the installer.

[Mongoose]

What I really love is when Vista triggers UAC when I'm trying to delete a goddamn desktop shortcut, just because it happens to be shared across all users.  Yeah, I could really screw up my system doing that, totally.

[ssmit132]

Yes in Vista UAC blocked almost everything, but in 7 it's more reasonable.

[KyadCK]

funny, from here it looks like YOU are the one flaming and trolling S-99.  you seem to be on a crusade against those who would disable UAC.

let me rephrase that given the post-ninja

S-99, from here it looks like YOU are the one flaming and trolling.

i personally found UAC to be of no merit whatsoever.  it wants to block EVERY goddamn thing i do on my computer.  YES i'm sure i want to install that.  otherwise i wouldn't have ****ing run the installer.

Ah, sorry for misunderstanding you.

I do have to slightly disagree though, UAC does have benefits... just not to anyone who understands computers well enough not to break it on accident.

[Klaustrophobia]

you may be right, but i tend to think that if someone is bad enough with computers that they are about to break something that UAC would catch, they aren't going to be stopped by one additional nag window.  i know for me, nag windows have gotten so tiresome i click through it automatically, even if it IS something i did accidentally (delete the wrong file for example). 

[S-99]

You all would hate linux with a passion then.

Na, I disable UAC because for what I do it gets in the way, however, for the standard user it does provide a good enough warning along the lines of 'are you sure you want to touch that?' which makes at least some people think twice.

If in his first post, he did not end with "And people are certainly dumb to reject my advice on this matter." I would have left it alone.

It's standard user account not as you say now "standard user". I've only been talking about running UAC in a standard user account for a while now. I was in no way talking about running UAC in an admin account like you are. You're actually talking about something different than i am.

And you didn't need to react like you did to my rejecting advice comment like that. It's been nothing but twisting details and arguments for you the whole time. You're a troll.