Surfing on Adminstrator Account

[RFOUR]

I've been reading that you shouldn't surf the internet using an Adminstrator account in XP because it is potentially harmful to your computer in the form of viruses, trojans, etc. How dangerous is it actually to surf as adminstrator? Is it the same vulnerability as say, using Win9x and surfing around or worse? Its because i find it sometimes too restrictive using a "limited account" when i modify files, install, or uninstall programs. I'm not too familiar with these types of user accounts because i havent used Win2000 before, so XP's user features are new to me. If anyone could point out a good guide or faq about user accounts, it would be much appreciated.

[Jon]

It really depends how secure the rest of your system is.

Take McAfee Virus Scan 4.5.1 for example.

It will scan all downloads, emails, webpages, activeX components, used files etc for known exploits, trojans, virus's, the whole load.

Change the administrator accounts name drastically, and choose a dam hard to carck password.

Make sure the obvious stuff is turned off, like file+print sharing (it can be bound to a NIC, just not to the internet's interface, ie:modem, cable, blabla).

Then, assuming there is know way any one can gain access to the local machine via the admin account, accross the net, you should be fine.

Its not advised generally by security people, but it depends on your level of knowledge.

I've used an adimin account for everything since win2k started appearing, and never had a problem.

Before you ask, I dont believe 'personal firewalls' will give you any more benifit over a good virus scanner.

Jon

[configure Veteran]

Dude, why risk? Do you really trust that all those software would 100% protect you? I don't. Not only web surfing, any thing else internet-related shouldn't be done by Administrator. If I were you, I would just create a normal user account and use that unless I really have to login using Administrator because I need to get some task done, then I would. Just my opinion..

and choose a dam hard to carck password.

It's still crack-able(it is? :p), just hard to guess that's all.. :D

[Jon]

I said dam hard to crack.

Did I say uncrackable? Didnt think so.

Run LC3. It will pickup something like mypass05 very quickly, with a dictionary check.

Then it has to trawl through with a brute force check.

If your in native mode, meaning windows2000 only, not NT4, you are using only Kerberos authentication, not NTLM. This makes the hashes a hell of a lot harder to crack.

So, your on a dynamic IP, you're in Native mode so there are no ntlm hashs to help bad guys out.

Wheres the problem there, unless you specifically p*ss someone off.

Jon

[Jon]

I guess you wont know what native/mixed mode is.

It refers to a networked environment, and you could say how complete the transition to win2k is.

If you need serices like WINS for old stylie name resolution, because nt4 clients are connected, then you need to stay in mixed mode.

When you can catagorically say you've only got win2k machines on the network, and dont need wins (+ ntlm, pdc emulation etc).

Soo, you switch to native mode. But you'd better make sure you want to, coz theres no going back!

Anyway, for the sake of this arguement, native mode means NTLM isn't used.

Loftcrack exlpoited a flaw in NTLM, which is why it works so well.

Unless there is an NTLM hash stored, it struggles to find the password.

Hope that clears things up a little after my last post....

Jon

[configure Veteran]

Did I say uncrackable? Didnt think so.

Sorry 'bout that, I must have missed out that part.. /me going blind.. ;) :p

[Spyder Veteran]

the account i surf the net under is an administrator account. Its exactly the same as if you were surfing on any Win9x/Me system, so whats the big deal? I'm aware of the risk, but I tried using my PC as a Power User and only logging in as an Administrator when I needed to but it was just a pain in the ass, so I fly by the seat of my pants now :D :D ;)