A very useful program when running as a limited user, is SudoWin.
(http://sourceforge.net/projects/sudowin)

As the name says, it behaves the same as Sudo on Linux.
Main benefit is that settings/data/... of a program running with SudoWin is stored in the user's directory. When using the RunAs... command, you can have many problems in that area, which make life difficult, which leads to users running as Admin.

The problem is that "basic" (restricted) user account is painful for the user, especially when he's not tech savy and 3h drive from you. I setup my mother's new computer that way and she complains endlessly about it as she cannot install anything she needs and I have to do it for her.

I've been running as non-Admin for well over a year now, with very few problems (I'm a C++/C# developer). This is on both my Windows 2003 box at work, and on my Windows XP (now Vista) box at home.

Being able to use Remote Desktop to log into the same PC with different credentials makes this relatively painless on 2003, if I really need admin credentials. At home, I use Fast User Switching. My administrator account is deliberately set to use colours that burn the eyes, so I'm not tempted to spend too long there :)

I've since replaced XP with Vista at home. I turned UAC off and log in with a non-Admin account.

Most things work fine like this. If something needs admin privileges to run, it gets uninstalled, unless I really need it. So far, the only two problem programs I've cared enough about are Exact Audio Copy and Steam. I tweaked the permissions slightly in their respective program directories to get them to work.

Have to say, i have been running as a normal user for well over a year, and only need to run as admin whne doing installs. I started to do this after reading Aaron Margosis' blog (and applying a lot of the suggested hint's and tips as well)
Ocasionally i have to "tweak" directory permissions after an install, but that is the fault of the software manfacturers.

Also using VMWare machines has made this *much* simpler, as i find i don't get as much cruft building up in my host OS (Windows XP).

I run as a limited user at home, but only because I rate my online safety far above my convenience. It's obvious that no one at Microsoft ever tests their software outside of an admin account. Random crashes occur everywhere, sometimes with a cryptic error message, sometimes without. Other vendors are even worse.

My pet hate: the "Run As..." menu option does not appear on the right-click menu of all objects consistently. It's stupid that the only way I can run certain things is to bring up an admin copy of Explorer and manually navigate the entire file system to run the link I wanted.

Roger, if you turn UAC off and log in as standard user, the file and registry virtualization is turned off too. You might want to leave UAC on so you get the benefit of this for legacy programs that write to restricted locations.

If you leave UAC turned on, programs that state 'requireAdministrator' in their manifests will pop up a credentials dialog in place of the 'Confirm' used for an administrative account. You have to supply an administrative account's credentials here - using your standard account password won't work. Those programs that state that they need 'highestAvailable' won't produce a credentials dialog - they will run under the limited token.

Jeff: the default for new users is indeed Standard User. The first user created on the machine by Setup is an administrator by default, true, but you need at least one administrator account in order to start setting the system up.

Mike is right that you do need one administrator account and that in Vista accounts created after that are by default normal users. Perhaps Microsoft could have made one minor change to drive the point home better: Force (or strongly suggest) the administrator account be named "Administrator" and THEN prompt the user to create their everyday account under their own name.

On the other hand, I personally don't mind the UAC thing at all. I actually think it's a nice compromise between backward compatibility and safety. You'd hope people would have at least a little common sense and would be able to disallow obviously bogus attempts to gain admin access. OK, stop laughing. But for power users, it's a convenient way to run. Maybe Microsoft should have made UAC a one-year stopgap solution that will be turned off in the first service pack so everyone could get their house in order before then.

One more comment: What's with this idiot PhD in computer science in the NYT that THREW HIS COMPUTER AWAY rather than clearing off the spyware? That's about the stupidest thing I've heard. If he didn't want to clean it, he could have wiped it clean. If he didn't want to bother reinstalling, after wiping it he could have at least donated it to a charity or something. And doesn't he have any self-respect anyway? Seems like a classic case of the academic type who can't deal with the simplest real-world situation...

What I find terrifying about this, is that you just don't know things are bad until they really are _bad_.

I use a mac and kinda keep my head in the sand as to what is out there waiting to pounce because everyone (every mac user I know) assumes that this can't happen to them becuase they have a mac.

I would have loved to have run as a limited user in my XP days. But, the most used program on my system (besides my browser) is Quicken and it won't run properly under a limited account. I imagine an awful lot of personal machines are similarly stuck. Since no one thought of security back when XP came out, I don't blame Microsoft. I blame the application writers. People like me have been complaining to them for years to stop requiring Administrator privileges to run their applications. With the introduction of Vista, Microsoft took the first true opportunity they had to force the issue. To me, UAC is a decent compromise. However, I do agree with Bob, above: Microsoft should have forced some kind of Administrator name on the first account created and then forced the user to create a standard User account of their own. That way, UAC would lock the system down tighter.

A different Chris wrote:
-----------------------
My pet hate: the "Run As..." menu option does not appear on the right-click menu of all objects consistently. It's stupid that the only way I can run certain things is to bring up an admin copy of Explorer and manually navigate the entire file system to run the link I wanted.
-----------------------

Hold Shift and right-click the exe. Should show "Run as..." as the second menu item.

"I'm trying to imagine what my mother or father would do if this happened to them. They'd probably have to buy a new computer."

You mean to say that you did not persuade your parents to buy an Apple Mac ?

I have a question. It is weird, but it must be asked. We know the companies that produce spyware. At least some of them we do. We know them, and we could track them down if we really put some effort into it, so why no one yet did it? Why no one sued them, had them closed and their owners arrested? They certainly broke enough laws to give us justification for doing so. Is it THAT hard to track them down and shut them off?

I'd love to do it "right"; we tried, here at work, when we switched to a new development environment. However, when running as non-admin under 64-bit Windows 2003, Visual Studio 2005 crashes CONSTANTLY. After this effect was confirmed by multiple developers, we're changing policy and going back to admin accounts :(

So blame Microsoft; if their developer tools can't run properly as regular users, don't expect to see developers to start noticing the problem in their own software.

Why are you acting like you had a huge revelation? :b The issues of running as admin/root are well known.

Interesting thing though, on Windows XP I was able to go years without being infected just by having automatic updates on, keeping Firefox updated, running questionable things in virtual machines, and always preferring open source over closed source. Of course, a normal user wouldn't do that.

However, it sure is annoying in Ubuntu having to enter the root password again and again all the time. >_<

I consider myself to be a fairly savvy computer user. Although i don't get much into the hardware side of things, I've been developing asp.net applications for the past 5 years. Last summer i reached my boiling point with my home computer constantly becoming infected and was tired of my wife asking why she can't install something (a room planner for instance). So i got a mac. And life is great! Seriously, that one decision has changed our life (no more getting home after a long day of work to "fix" the computer for two hours).

What are you doing that requires the root password that often on Ubuntu...?

I run Windows as an Admin - So the programs I use do not crash ..

... I run as an ordinary user under Linux ... and they don't ?

.. Oh and sudo works ... UAE doesn't

"programs that state 'requireAdministrator' in their manifests.." So not backwards compatible then ...?

Jaster

The magic of running Linux and Mac does not come from account separation. As an experiment, trying running an _unpatched_ Linux box as root, and see how long it takes you to get infected with malware. Quite a bit longer than the Windows box, if at all, even though it's just as vulnerable.

The problems of home machine security and multi-user network security are fundamentally different. Limited accounts are absolutely vital to the second, but I predict that they won't make a huge impact on home security, even as they become more common.

Limited accounts are no panacea to home security. A operating system is easy to replace. You can reinstall from the CD that you get with your computer. Most machines have only _one_ user account, even for home machines with multiple users. There are no other accounts to protect.

I'm not saying that it isn't smart to run as a limited user, I'm just saying that anyone looking for the root cause of the Windows security nightmare needs to look elsewhere.

Look at the list of problems that are mentioned in the article:

* install kernel-mode rootkits and/or keyloggers (which can be close to impossible to detect)

Keyloggers can still be installed on your user account, which is just as bad for most home users. Root kits are hard to detect -- but 95% of users with malware problems have a problem with malware that would be very easy to detect and uninstall, if they only knew how. Making malware easier to detect is only going to help the minority of people who are computer savvy.

* install and start services

Most bad things, sending spam, stealing your identity, infecting other computers, can be accomplished with a standalone app that runs on login, instead of a service.

* install ActiveX controls, including IE and shell add-ins (common with spyware and adware)

Yes, the malware writers are more limited in how they get their spyware and adware to the users, but it's still trivial once they've owned the user account.

* access data belonging to other users

Indeed, limited users are absolutely necessary for multi-user security.

* cause code to run whenever anybody else logs on (including capturing passwords entered into the Ctrl-Alt-Del logon dialog)

Ditto.

* replace OS and other program files with trojan horses

But if the user account has already been taken over...

* access LSA Secrets, including other sensitive account information, possibly including account info for domain accounts

Something that only affects machines that are connecting to a, presumably, multi-user network.

* disable/uninstall anti-virus

Now this is actually the best point against what I'm saying. If you have effective anti-virus that runs as super user, taking over a limited user account doesn't buy you nearly so much. But effective is the operative word.

* cover its tracks in the event log

Won't matter to most users.

* render your machine unbootable

Versus having your user account rendered unusable? 6 to one, half dozen to the other.

* if your account is an administrator on other computers on the network, the malware gains admin control over those computers as well

Again, limited user accounts do make sense for network security.

Jeff: I'm thinking you have a 'no endorsement' policy because although you credit Webroot Software as being one of the good guys, you don't go so far as to endorse SpySweeper. I just recently let my subscription to SpySweeper lapse, but after reading this blog I think I will renew. I'm sure I could figure out how to switch back and forth between 'user' and 'Admin,' but it would be much easier to let SpySweeper check everynight for malware.

Ouch, I apologize for the typos above. It's my day off, so I'm being lazy with editing.

The problem is when there are applications that you absolutely need, that are so poorly designed that they cannot be run by non-administrators, for no reason whatsoever.

How well does a default installation of Vista protect itself from such sites?

I think it's important, even with other systems to follow this simple advice. I run Mac OS X and whenever someone asks me for tips when switching, the first thing I say is to set up a separate admin account from their user account. I have always run this way not just for security, but to protect yourself from, well, yourself. The last thing you want to do is delete a folder or file needed by the system.

"Perhaps Microsoft could have made one minor change to drive the point home better: Force (or strongly suggest) the administrator account be named "Administrator" and THEN prompt the user to create their everyday account under their own name."

There should never be an account named Administrator as that if there is a system scan done, it tells the attackers what account to crack.

Amen to this article. I've been running as a limited user for years and have had no problems. I used to have to clean my in-law's computer up at least once a month but haven't had to at all since switching them to a limited user account (and that was two years ago with Win 2000).

Sure, nothing will protect you compltetely. But you need to use defense in depth. And that includes running as a non-admin. And those who claim that they can't just aren't trying hard enough.

I also agree that Micorosoft blew it with Vista. But here is what I think they should have done.

1) Require the user to create an admin account on installation. BUT... inform the user that it will NOT be their standard user account so they don't name it something that they want to use later. Be very clear about the intention of the account.

2) Force the user to create a separate standard user account and like above, explain what it is for.

3) Do NOT show the admin account on the login screen. Instead, have a separate link titled "admin accounts" that you must click at the bottom of the screen to see a list of local admin signon's. If there are no standard user accounts to show on the login screen then it should show a message telling the user that they should create a standard user account for normal use.

4) Every time someone logs in as an admin, put up a huge warning dialog that warns them not to use the account for anything but administration.

5) Add installation options and group policy settings allowing companies to revert back to the "standard" way if absolutely necessary.

The whole point is to make this issue apparent and start educating users. UAC is a wonderful technology and goes a long way. But the only way to get the point accross is to continuously bombard users and programmers until they get it into their thick skulls. I am constantly amazed at how many programmers I find who don't know the least little bit about running as a non-admin. And therefore, they don't know how to program for us running as non-admins either.

It really isn't that hard people. If you are making excuses then it is time to take a good hard look in the mirror. You are part of the problem instead of part of the solution. Get with the program.

"Hold Shift and right-click the exe. Should show "Run as..." as the second menu item."

But not on .msi files which is a real annoyance!

Quicken can run as a limited account just fine - as long as you're dedicated to tracking down all the stupid registry locations it wants to write to, grumble grumble. (Or just use a runas/sudo solution...)

I've tried certain runas replacements on xp, and so far none have worked well enough to use a limited account daily. I'm constantly installing and updating software for my projects, partly to test the latest and greatest in the field so I can help others; some of that can be taken care of with enough file/registry hacking for the main ones, but it's impossible to know all in advance.

I'll give sudowin a shot.

People are so scared now a days.....

I been running 3 computers (xp-32, xp-64, vista) for over two years without any problems (except the vista one ofcourse). Haven't had any bugs, loggger or nasty things in them..... but how? simple let windows patch up when needed and ... Avoid dodgy websites -> yes! you know which ones i'm talking about (porn, porn, porn , etc)...

I used to work at a competitor of WebRoot (I'll decline to say which company), and we always tested our software against SpySweeper with depressing (for us) results. If you're going to pay for anti-spyware software, SpySweeper is a good way to go.

Or just run as a normal user.

I think more energy needs to be focused on teaching people how to prevent problems in the first place and not expect that the OS should find some way to protect them in every single instance. The more hand-holding that takes place, the most a user thinks they are safe and will do more unsafe activities.

I'm sure microsoft will eventually take a page from the *nix community (sudo, gksudo).

They'll do it by slimming down those accept/deny popups in vista.

Then replace the accept/deny with an administrator password prompt.

It needs to be a community effort. While MS can do better and really they have been, there is a lot the 3rd party software community needs to do as well. A lot of desktop apps will not run properly unless the user is part of the administrators because they assumed certain rights to local folders and registry keys.

the poor admin is stuck. implement restricted users and have lots of stuff broken or make everyone an admin and move a long in a semi productive way.

Wow. Interesting stuff. I use firefox and don't run it as admin and I use the web developer addin to turn java and javascript off. I also use other addins to stop videos and flash from automatically playing (just in case I get thrown to some odd site).

Jeff or anyone who can do this justice, how about a very detailed post on how a layman can go about securing vista (IE etc). I would be interested to see how that would turn out. Maybe a "List" like Scott Hanselman has for software but for security would be really cool.

Cheers.

Regarding a Vista "Administrator" account, try creating a new account named "Administrator" in Vista. Suprise...it's already there, because Vista *does* create a hidden "Administrator" account.

At least, that's what Home Premium does.

:)

Any solution that requires users to be educated so they change behavior is seriously doomed.

Software needs to be designed with security in mind from the beginning and Windows clearly wasn't. I suspect that the backwards compatibility issue is the millstone around Microsoft's neck. They just can't afford to upset anyone by breaking aging software, breaking badly written Active X intranet applications, or by breaking any of the crapware that comes pre-installed from PC makers.

This doesn't make sense. Your problem was running an unpatched five year old operating system without any virus protection, and your conclusion is that all users should run as standard users.

Have you tried running XP as a standard user for an extended period of time? My kids run under a standard user account, and pretty much nothing works. Simple learning games, installed while running as an administrator don't work, Flash sites don't work, etc. Sure, a developer can hack their way around it - at a much bigger productivity cost than just running anti-virus - but a "standard user" account just won't work for standard users.

How about just running an updated, patched operating system?

I would have thought microsoft needs to do two things,

1, make sure *everything* they write thats intended for an ordinary (non system admin) user to work under a limited user account, nothing the user does short of software installation should *need* an admin account, there needs to be a way for the user to run a program as admin, with an admin account username and password. there should be *no way* for a program to do this behind the scenes, sort of popping a request box up (for admin accoutns just ask for the password, OS X has this _almost_ right, it forgets to tell you whats requiring the info, and what its doing).

2, make the normal everyday programs *refuse* to run under an admin account, thus if you want to use office you will be using a standard account, and thus finally software may be tested to run this way.

personally I'd restrict the ability to use the windows logo or trademarks *anywhere* on a program or its packaging unless it can run as a standard user, have a different logo for things that can only be run as an admin.

Oh and as an add on I'd disable various bits of the admin account, e.g. follow the KDE route of having fixed wall paper, and turning some of the eye candy off...

with a bit of thought this should not be hard.

and to cope with legacy programs, a 'sandbox' inside a limited user account, in effect a virtual machine, making it obvious which programs don't work. probably with a dialog saying the program requires an admin account, prompting for a username & password, or offering the choice to run int eh sandbox in one go.

the only other way i can see is to make standard users always run in virtual machines, thus spyware etc can trash the users account, but no more. a boot menu allowing 'root' access.

I use OS X, its better than windows at this, but not perfect, nor is linux, all current operating systems seem to have been built with the assumption that the nasty spyware people etc are not really there, hence the ability to write a BHO for internet explorer that can do undesirable things in the pack ground

------------
Simple learning games, installed while running as an administrator don't work, Flash sites don't work, etc.
------------

What Flash sites are you using that they require administrator priviliges?

I'm using a limited user account for half a year now without any problems. Photoshop wanted admin rights, and RunAs.. didn't cut it, but that was solved with SudoWin.
Most games run also fine from SudoWin, you should really try it.

Btw, I don't have anything to do with SudoWin except being a happy user.

It is possible to get the galloping crud (worms, viruses, spyware , rootkits, etc...) on your system without having admin privs. (It is harder, but it is possible even with the current patches and all the protection software.) It is getting to the point were we are going to have to create a Chernobyl OS image (A protected VMWare image of the OS that is "encased in concrete") and restore it to a working image that can be used to "go online".

Great Post!

I'm a little confused by some of the comments though.

On Windows Vista, does Administrator w/ UAC == User w/ UAC? What are the differences from a risk perspective? Won't UAC trump the current permissions be they Admin or not?

Administrator w/ UAC == User

Vista with UAC is the best decision at this time. Anyway, there are many margin for improvement like securing the Win32 API, partial trusted unmanaged code.

I *bought* my parents an Apple Mac (Mini). The persuasion consisted of "I will buy /this/ for you, okay?"

It's up to the kids to take care of the parents.

I've made a few initial attempts at running as a standard user and always come up a brick wall in that, as part of my stability measures, I have Documents and Settings junctioned to a folder on another drive. It works fine when running as an Administrator, but when I try to run as a standard user the junction seems not to work. I guess I could try and set up the user profile to map to a drive, but it's such a pain.

I see a lot of people around the internet moaning that Vista should require a password to elevate. The truth is that you can do this by setting yourself up as a standard user with UAC (or something like that). The argument is more about defaults.

I am completely aligned with this post. I'm not so sure I would be as kind to Microsoft as you are. It's not just the admin default install account (although that is really poisonous), it is the fan-out from that which taints many applications, including ones from other Microsoft business units. I have some ranting about that on my kyte.tv channel as the "Clueless #1" episode: http://kyte.tv/orcmids_flying_kyte.
Iit is an 18 minute video and I am embarassed about how self-indulgently I wander all over the place, repeat myself, and so on, but I think you can get the point if you skip ahead to where I hold up the box of my Microsoft LifeCam and discuss my experience with it.

A new personal computer is needed -- one for parents and grandparents, etc. It surfs the web with little danger; it can do more than Wordpad but less Word; spreadsheets would be good to have, and picture and sound utilities.

I tried to install Ubuntu on an old PC. It failed. Plus it still has too many versions and such with silly names. More simplification is needed I think before people will move towards Linux derivatives.

I cannot speak to Apple, but a Vista PC is wayyyy too much for most users. Howabout a streamlined OS that just works? One that doesn't have too many "flavors", or wondering if I need Kermit or Gnome or neither?

> Administrator w/ UAC == User; Vista with UAC is the best decision at this time.

> Roger, if you turn UAC off and log in as standard user, the file and registry virtualization is turned off too. You might want to leave UAC on so you get the benefit of this for legacy programs that write to restricted locations.

Well, minus the performance penalties of all that virtualization. Security, particularly fake Administrator security, isn't free:

http://www.codinghorror.com/blog/archives/000803.html

Hi Jeff,

Glad to see you tried my suggestion for running as admin thought I'm a little disappointed in your "loss of enthusiam" reason for continuing to run as admin. Microsoft also failed to set VB's Option Strict to On by default in Visual Studio 2005, but that's no reason not to turn it on yourself. Whether it's XP or Vista, once you've installed it and logged on for the first time, go create a standard user account.

I've being developing as non-admin myself under XP and Vista for the past two years with no major complaints. The entire dev team at work has gone non-admin now too. I also setup all my less tech-savvy family and friends with a default non-admin account (in XP) and with a few tips, they can and do work happily with it.

This is all just a sign that the terrorists are winning.

As for the problem of having non tech savvy parents a considerable drive away, I use VNC and a free domain from a dynamic DNS service. That allows me to remotely help my relatives with computer problems, even though they are a day's drive away.

Thanks for the eye opener... It never dawned on me NOT to run as admin on Windows. In the Linux world, I hardly, if ever, ran as root. Is pretty much the same thing. If you want to trash your PC, why no login as SYSTEM? Get the job done quicker I say!

Now to run home, boot up, login as Administrator, and create me a new login. Then comes copying settings over. But that's not to big of an issue.

Thanks again, Jeff!

And Chris VB, gonna try that SuDoWin, even if I don't really have to!

Dont run with sizors. LOL

Office 97 did not run on NT4 for users without Admin access. It wanted write access to the registry, System32, etc, especially for the first few runs.

I am surprised your unpatched PC didn't get totally hosed even with the Limited account, because of privilege escalation vulnerabilities. In other words it is possible to get admin account access and bypass any limitations.

I lose a lot of time helping friends and family with Windows-related computer issues. I managed to get my sister set up with a Mac running OS X and at least one of my friends set up with Linux. For people who just want a browser, office suite, and a few free time-wasters (games), I can set them up with OS X or Linux, Firefox, and OpenOffice, show them where to click and I'm done (until the hardware dies, at least).

If they insist on sticking with Windows, my time investment is longer up front with cleanup and anti-spyware installs, and longer in the long run due to the inevitable infections, blue screens, corrupted files, etc. The upside is that I occasionally get "free" beer for helping them.

Nathan Bowers> Any solution that requires users to be educated so they change behavior is seriously doomed.

I disagree. I think that anyone who intends to operate sophisticated machinery (ie. computers) needs to be educated in proper use. You need a license to operate any sort of gas powered vehicle (or any vehicle capable of traveling certain speeds), hunt, fish - and a number of other things.

I don't see it as being a stretch of the imagination to require knowledge about operating and maintaining a computer when people manage their banking, billing and other personal information online. It's just plain lazy to think otherwise imo.

I agree with the limited user account by default.

Last year I bought a new laptop, and reformatted the drive on my old one and installed Windows XP, and gave the laptop to a friend of mine (a single mother who didn't have a PC at home). I just did the default XP installation.

A few months later, she mentioned that the computer was taking a long time to start up and seemed to be running slower than usual. She also mentioned a couple of "messages" that kept showing up.

I had her bring the machine in to my office so I could check it out. Wow! It was so loaded with spyware and adware that, after three hours of working on it, I decided to copy off the limited data that she'd accumulated and reformat the drive again.

I then created the default admin account with my name and password, and created a limited-privilege account for her, and installed Avast. It's been about a year now, and with two exceptions (a problem with wireless networking and a software installation that required admin for install only) the admin account has never been needed. I just took care of the wireless problem a couple weeks ago, and took a look at the machine while I had it; it was clean as a whistle.

I'm behind several layers of firewall protection here (working for a state government as a programmer) and run with an admin account (policy here for developers), but I test all applications I develop using a limited-privilege account before it goes to our testers.

I'm curious as to why SiteAdvisor doesn't flag GameCopyWorld.com as a dangerous site...

I'm always an admin, using firefox for the web. I have ad-aware, spybot, cwshredder and AVG (which, btw, scans by itself by default every day, nice, but slow, so I do it manually)

I've never gotten an infection I couldn't clean up, I rarely get one, and I must say, for me constantly using the SVN builds of various programs I would be a little tortured to use a limited account.

on linux of course, I know I can mess up the machine easily with root. On windows, it doesn't let you. I would once in a while LIKE to be able to fool around with the innards of windows. alas, I cannot, even with the highest privileges it gives you...

I wished people responsible for intruding our PCs would be made responsible for their actions.
I have not heard of any case where that happened.

In real life, you cannot just use other people's things without authorization, on the net you can.

It shows one thing to me: many people are mentally sick in our society - and that is tolerated because we cannot handle them.
Why ? Because they outnumber us by far.

One word to anti-spyware:
An example for incompetence and persistant, evil nagging even after unistallation is McAfee.

Talking with many others, frequently resulted in SpySweeper to be the best protection you can get.

Thanks for reading this.

Fantastic blog you have here. :) I've read a few posts and I really enjoy it.

Keep up the good work,
Peter

Nowadays there are many security risks that may be cause for data loss. When I run my computer with Administrator rights there are many internet related stuff that need to be patched to close various security holes. But even if I'll download all patches over the Internet, install them, there will be one of the program I'll forget to patch, or I'll have no information about security risks related to this program. And this program will be my security hole. There are many cases when I can lose my data if I have only one security hole and using or not using of Administrator rights is not the matter. 10 years ago there were other risks to lose data by using computer and computer software, the army of spyware, trojans, root kits, was not so big. But I loosed my data accidentally or not one time per 1-2 year and that was very important data for me. The only thing that helped me to guard myself from data loss was the company that I owned (http://www.munsoft.com/). When I worked several years with data recovery I find out many things that I must perform to feel myself guarded from several spywares, trojans and so on. Now when I accidentally or not lose my data I know exactly what I need to do to get my data back. And not antivirus software, backup software or anti-spyware cannot help me to guard or get my data back. I believe that everyone at first need to be confident that he knows steps he needs to perform to recover lost data and then spend his time to install various types of software to close security holes.

Well... all complaints about software 'not running on user/limited account' sort of prove the point - Windows has not been designed with security in mind. Had it been - this crappy software that needs admin rights would never run and no one would buy it - so it would have been re-designed to run on unprivileged account.

I want to tell something about webroot sofotware...
I submitted *.exe file to Virustotal and the results are here http://www.virustotal.com/analisis/eaa2611583f6b1a50424ebda80525644
. This software contains malware/virus. You’d better spend additional $20 and buy History Killer Pro ( http://www.historykillerpro.com ). It is more professional, user-friendly, contains no malware. I’ve even found the educational 40% off coupon for HKP: EMER-G91X-RMEN.