The Computer Paramedic

One of Vista's more prominant features, User Access Control, has gotten a bad wrap in the blogging community as an obnoxious annoyance in the computer experience.

Even rival Apple has gotten a few digs in with an admittedly humerous commercial that is arguably true, albeit overstated.

I cannot even count the number of times I have been asked how to turn it off. My answer is...don't.

I'm not interested in making your computer go faster. I don't care that it takes 46 seconds instead of 41 seconds from the time you hit the power button to the time you can run Doom3. And I'm not losing sleep at night if it doesn't look cool.

The things you find here are about making administering, maintaining or repairing windows easier or safer. If there are other benefits, so much the better.

You won't find a whole lot of utilities in here--there are enough favorite utilities features on the Internet (I even have my own). I'll try to stay away from those and focus on things that you can do with just the OS Bill Gates sold you.

And it's not an all inclusive list, not by any means, but I hope most of these will be a little less common than what you normally find. So, on with the show.

Install the Recovery Console

Sooner or later, almost every windows xp user is going to need access to the Windows Recovery Console. You can access it with your Windows CD, true, but what if you've misplaced it, or you're not near wherever it is stored? Short of a catastrophic hard drive failure, Microsoft included a way to install the recovery console to your hard drive so it could be run without the CD by accessing a text boot menu.

When you use the Windows Recovery Console, you have limited access to the NTFS file system, FAT, and FAT32 volumes without starting the Windows graphical user interface (GUI). You can use, copy, rename, or replace operating system files and folders; enable or disable service or device startup the next time you start your computer, repair the file system boot sector or the Master Boot Record (MBR), and create and format partitions on drives.

Installation is simple: insert your windows xp cd and close any installation routines that start up, then:

start > run, type

X:i386\winnt32.exe /cmdcons

<enter>

where X is the letter for your CD-ROM/DVD-ROM drive

If you do not have a windows cd, you can sometimes still install the recovery console since many PC manufacturers include the windows setup files on the hard drive. Search for an i386 directory, and if it exists, install using the above command and the appropriate path. For example, if the i386 directory exists as a sub folder to in the default windows xp installation folder (c:\windows\i386), then type:

start > run, type

c:\windows\i386\winnt32.exe /cmdcons

<enter>

This will install the Windows Recovery Console and add an entry to your boot.ini file

PC Users with multi-boot systems are familiar with this menu, but many single boot users find the default time of 30 seconds too long; this can easily be changed to reduce the time the menu is displayed by the following procedure.

start > run, types

sysdm.cpl

<enter>

Choose the ADVANCED tab, choose the SETTINGS button in the startup and recovery section, and reduce the DISPLAY LIST OF OPERATING SYSTEMS FOR XX SECONDS setting from 30 to about 5.

Five seconds is generally enough time for users to select the RECOVERY CONSOLE if they choose by using the cursor keys; doing nothing results in the default operating system booting. Hitting the enter key during the five second delay results in the default operating system booting immediately.

Safe Mode the Easy Way

If two menu choices are good, perhaps three are better? Well, maybe not, but since we're going to have the text boot menu anyway, why not even make it more useful?

Safe mode is windows with a minimal set of drivers and it can often be used to get windows up and running when a driver installation goes awry, or it can be used to start Windows so that you can modify the registry or load or remove drivers. Like the recovery console, most users at one time or another are going to need to use safe mode so why not make life easier?

Safe mode can always be accessed by tapping the F8 key during boot up, but there is only a small window of opportunity to enter safe mode and more than a few frustrated users end up missing it, or tapping F8 so many times they lock up their machines before entering safe mode. It is so much easier to simply add it to the above menu so it is always available.

To add safe mode to the boot menu, do the following:

start > run, type

notepad c:\boot.ini

<enter>

This will open the boot.ini file which controls the boot menu, the contents of which look something like this if you followed the above advice:

[boot loader] timeout=5 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

To add a windows safe mode option, copy the line for the normal windows boot option and then edit it.

The content between the quotation marks (" ") is what is displayed in the menu.

Commands preceded by a back slash (/) are switches, the most important for our purposes being: /safeboot:minimal

Other useful command switches are:

• /sos, which displays each driver as it loads and
• /BOOTLOG, which write a startup log of the boot to the file %SystemRoot%\NTBTLOG.TXT

Thus, in the above example, we want to add the following line to the bottom of the boot.ini file:

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional safemode" /safeboot:minimal /sos /bootlog

The entire boot.ini file then looks like this:

[boot loader]

timeout=5 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional safemode" /safeboot:minimal /sos /bootlog

Save the boot.ini file (File > Save) and then exit notepad. Rebooting will now result in an option for a windows safe mode boot.

Install Service Pack 3

I am frequently amazed at how many people turn off automatic updates. Don't be that person. Automatic updates are there for a reason. They are mostly security related and sometimes stability related, but they are always a good idea. They protect you from bad things happening.

Enable DEP

DEP stands for Data Execution Prevention and that handy label means almost nothing to most people. DEP helps protect your computer against the insertion of malicious code into areas of computer memory reserved for non-executable code by implementing a set of hardware and software-enforced technologies called Data Execution Prevention (DEP). If you have a relatively new Central Processing Unit, you already have hardware DEP, which was implemented by Intel and AMD for some CPUs, but Micrsoft added software DEP with Windows XP SP2, that is designed to reduce exploits of exception handling mechanisms in Windows.

You've heard of buffer overflows?

Well, DEP tries to corral that problem.

DEP technologies are not designed to prevent harmful programs from being installed on your computer, but instead monitor your installed programs to help determine if they are using system memory safely. To monitor your programs, hardware-enforced DEP tracks memory locations declared as "non-executable". To help prevent malicious code, when memory is declared "non-executable" and a program tries to execute code from the memory, Windows will close that program.

This occurs whether the code is malicious or not. And there is the problem. Because of this, by default, DEP in SP2 only applies to core operating system components and services.

Some programs, particularly games, will cease functioning or behave oddly.

DEP is not an all or nothing proposition.

You can actually enable DEP for all programs, and then add exceptions to the list for those programs that behave badly, and then, should your computer become infected with some type of malware that exploits buffer overruns, windows will shut these programs down.

Enabling DEP is fairly straight-forward, albeit tricky to find.

Right click MY COMPUTER, choose PROPERTIES, choose the ADVANCED tab, choose the SETTINGS button in the performance area, then choose the DATA EXECUTION PREVENTION tab. Choose TURN ON DEP FOR ALL PROGRAMS AND SERVICES EXCEPT FOR THOSE I SELECT, then add programs to the list that misbehave for safer, more secure computing.

Get Easier access to the Command Line

There is actually a way to edit the registry and add this functionality, which allows you to right click a folder and choose OPEN COMMAND WINDOW HERE. Even if you do not use the command prompt regularly, this is very useful if for no other reason then it can help you get rid of files that are hard to delete using normal methods (del *.* from the command prompt will often delete files where other methods fail.)

The manual method is to:

start > runregedit

<enter>

then navigate to HKEY_LOCAL_MACHINE/Software/Classes/Folder/Shell

Then right click on the right, choose new key and create a new key called Command Prompt. For the default value, enter whatever text you want to appear when you right-click on a folder...for example, Open Command Prompt. Create a new key beneath the Command Prompt key called Command. Set the default value to Cmd.exe /k pushd %L.

Microsoft added a powertoy to save you the trouble, though, so you might as well use it (as well as availing yourself of other XP powertoys.

Link to XP POWERTOYS

Disable Automatic Rebooting

The infamous Blue Screen of Death (BSOD) screen is one of scarier things a typical windows user faces in his or her computing day, so Microsoft opted to quietly log windows failures and reboot the PC since most users have a difficult time deciphering such problems and the information is not exactly helpful most of the time. The idea was that a more technically savvy person can come along later and call up the log later.

Sounds good in theory; in practice, not so good. In the best case scenario, a more technically savvy user may not be around for some time, and in the worst case scenario, the PC is completely unusable. Users who want to troubleshoot the problem themselves are left confused, frustrated or angry.

Disabling Auto Rebooting will not make the PC start; instead, it results in a Blue Screen of Death that provides a jumping off point for troubleshooting and perhaps even lead a user toward solving the problem his or herself (or with a little help).

To disable auto rebooting, type:

start > run, type

sysdm.cpl

<enter>

Choose the ADVANCED tab, choose the SETTINGS button in the startup and recovery section, and uncheck AUTOMATICALLY RESTART. DO NOT uncheck anything else.

Curb Windows Built-in Compression Support

If you ever use compressed files (and who doesn't), windows finally added support for them in windows xp, but Microsoft's solution is, well, lacking. While it at first seems great that windows users can finally open a ZIP file without installing a third party application, there are a couple of drawbacks to Microsoft's solution.

The first is not that critical--there are a lot of people who never need to actually make a zip file and that's fine. For those people, it would seem that Windows lack of ability to create an archive is not such a big deal (until you need it). For those people, downloading an archive program like winzip, zip genius, powerarchiver (for my current favorite archive program, please click here), or another program later is not that big of an inconvenience.

However, the second reason, especially for people who use zip archives extensively, is critical: the built-in support has a number of flaws, including the fact that is slows searches to a crawl because the Windows search engine insists on searching within ZIP files.

To disable the Windows XP built-in ZIP feature

start > run, type:

RegSvr32 /U %windir%\system32\ZIPFldr.DLL

<enter>

You’ll see a success message from RegSvr32.

If you decide later that you want to re-enable the built-in ZIP file support,

start > run, type

RegSvr32 %windir%\system32\ZIPFldr.DLL

<enter>

Get to Tools Easier

In an effort to keep things out of users way, Microsoft like to hide a lot of tools that make administrator's lives easier--or if not hide, then at least move them out of the way--sometimes too far out of the way.

Administrative Tools is a good example.

Administrator Tools are some of the most powerful features in the Windows XP arsenal, but they are often overlooked because they sit buried in the Control Panel. Tools utilities like the Computer Management console give you direct access for managing all of your hardware devices, user accounts, performance logs, disk defragmenting, drive letters, and shared drives and folders. So why not make them more accessible?

Right-click the Start button and choose Properties. In the Taskbar And Start Menu Properties window, click Customize and select the Advanced tab. In the Start Menu Items box, scroll to the bottom of the list to find System Administrative Tools. Click the radio button labeled DISPLAY ON THE ALL PROGRAMS MENU AND THE START MENU and click OK.

Special bonus advice: while you're at it, scroll back up the list to the Control Panel section and click the radio button labeled DISPLAY AS A MENU, too.

Now click OK again to enable the change. Administrative Tools will now appear on the top level of the Start menu and as a menu on the All Programs list. Also, the Control Panel icon will now have a arrow to its left to scroll out the various control panel applets.

Kill the Search Assistant

I have yet to find a person who actually likes the Microsoft Search Assistant in Windows XP. Oh, it's cute enough the first two times you use it, with the sweet little dog wagging its tail and doing whatever the heck it is doing, but pretty soon, you just want to freaking find a file!

The first thing you need to do is kill the assistant and restore "classic search."

This is a fairly common windows tweak and it can be accomplish with the Microsoft Windows XP tweakui powertoy (...you have downloaded the powertoys, right? Of course you have. I'm sure you went to www.google.com and typed in "windows xp powertoys" and it took you right to the download page). In case you're wondering, the USE CLASSIC SEARCH setting is under the EXPLORER section...scroll down to the list near the bottom.)

Visit Windows Update

OK, OK, here's another one of those "obvious" ones that you find everywhere, but I just cannot ignore it when I see dozens of machines a month still sitting with a released-to-manufacturer version of Windows XP.

Windows makes it very easy to update with automatic updates. In pre-service pack 2, windows would notify you when there is a critical update. Post-sp2, it will even do it all automatically in the background if you let it. There is simply no reason not to update.

I see a lot of people who shut off automatic updates, and that's fine. A lot of people don't want their computers chugging away in the background on tasks that are taking away system resources required elsewhere. It is incumbent on those people, however, to make updates part of their computing routine. Use the first day of the month as your update windows day, for example.

Microsoft goes to great lengths repairing security holes and patching the OS--do you think they would do that if it wasn't necessary? These are real problems that require real changes to your OS. Ignore them at your peril.

If it will make you feel any better, think of it this way: what other product do you buy that the manufacturer keeps working on? It would be like an automobile manufacturer coming to your door and asking you if they can add a passenger-side airbag two years after your bought your car.

Are you going to say no?

Of course not. If you really want to get yourself worked up, convince yourself you already paid for the updates and if you don't use them, you're getting ripped off.

Whatever. Just update.

Here's a link. Go. I'll wait.

Backup Your Data

When I began this little feature, I was torn between including what I consider "obvious" things people should do RIGHT NOW to make their lives easier and leaving them out. I've read hundreds of similar articles and they all include the same, repetitive advice and at first I wanted to leave them out since I figured that how obvious do I have to be?

And then I got a call from someone who lost three years of his kids' birthday party pictures.

OK. So I will not belabor this point, but I just would feel....dirty, if I didn't say a couple of these things. I don't care how good you are with computers, backing up your data is never something you should take for granted. Honest, if you cannot afford to lose it, it should be in two places because odds are you are going to lose it.

What's even more frightening is that I am seeing uninformed users or even direct from the factory systems set up with RAID level 0 (Redundant Array of Independent --or Inexpensive-- Disks) storage setups and they have no idea how vulnerable they are.

So, Back up. Back up now. Why are you still reading this and not backing up?

Back Up That Registry

It seems a growing number of windows startups can be directly attributed to registry corruption.

Why and when the registry gets corrupted is a complex question, maybe unanswerable, but in fairness to Microsoft, Windows remains a remarkably complex Operating System. Your computer is ALWAYS reading and writing to the registry, whether you are aware of it or not, and with the growing avalanche of of sloppy and invasive programming found in malware, it's a testament to the code that Windows is stable at all.

So, what do you do if you're registry is corrupted? Well, if it is a simple corruption, tapping f8 during startup and then choosing LAST KNOW GOOD CONFIGURATION from the options presented just might get you out of a jam and back on your computing feet again.

If you're lucky.

If you're not lucky, are very careful and well versed in your old DOS commands, you can sometimes recover from a corrupted registry this way:

http://support.microsoft.com/?kbid=307545

To which most people say....ugh.

A better and easier solution is provided by a third party alternative. I have tried to stay away from third party programs in this article, not because they are bad, but the idea here is not to review utilities, but to either make Windows more usable or safe.

While recovering from a corrupt registry is certainly possible without third party utilities, reading the above Microsoft Knowledgebase article should be enough to convince you that this is a better way.

So, WHILE Windows is working properly, do yourself a favor and download the Emergency Recovery Utility NT from

http://www.larshederer.homepage.t-online.de/erunt/

install and run it.

A VERY GOOD idea would be to set it up to run automatically.

That way, you will have multiple backups (as many as 30 days).

That way, you can restore the back up from the Windows Recovery Console should the need arise.

To restore an earlier registry using the Emergency Recovery Utility NT from the Recovery Console (which you installed earlier, right?)

Choose the recovery console from the menu at boot up

Type in the number of the Windows installation you want to repair (usually 1), then press <enter>

Type in the Administrator password (leave blank if you are using Windows XP Home) and press <enter>.

At the command prompt type

cd erdnt (or whatever you named your restore folder) then press

<enter>

If you enabled automatic registry backup on system boot during ERUNT installation and want to restore one of these backups, type

cd autobackup

If you created subfolders for different registry backups (for example, with the different creation dates), type

dir

<enter>

to see a list of available folders, then type

cd foldername

<enter>

where foldername is the name of a folder listed by the dir command, to open that folder.

Now type

batch erdnt.con

<enter>

to restore the system registry from that folder.

Now type

Exit

<enter>

The system will now reboot with the restored registry.

Hardening Default Accounts (and that one with your name on it, too)

Simply put, in order for someone to access an XP system, he or she must have a username and password. Since Windows supplies the username, if you don't require a password it's like opening the front door to the house and going on vacation.

Many people do password protect their user account, which is good, but forget about windows default user accounts: Administrator and Guest.

Renaming these accounts is usually a good strategy, especially if your PC is directly connected to the Internet since hackers traditionally target both accounts. And giving these accounts passwords is also wise (just make sure you do not forget the password). Windows XP Home users should be especially wary, since the administrator account for Xp Home is blank by default.

And finally, there are a couple of extra good reasons to add passwords: first, windows cannot encrypt files for a user unless the account has a password, and two, if you choose to use the task scheduler to schedule tasks, the scheduler requires passwords.

But, back to the Administrator and Guest accounts.

You can configure the Administrator account as follows:

1. Log in as Administrator.
2. Go to the Control Panel, double-click Administrative Tools, and then Computer Management.
3. Open Local Users and Groups.
4. Click the User folder.
5. Right-click the Administrator account, and choose to rename it. Make it a less obvious name.
6. Right-click this renamed Administrator account and select Set Password.

You can configure the Guest account as follows:

1. Right-click the Guest account, and choose to rename it. Make it a less obvious name.
2. Right-click this renamed Guest account, then select Set Password. p.s.--For security reasons, the Guest account in XP is disabled by default since enabling the Guest account allows anonymous users to access the system. Even if no one sits down and logs in as a guest to your system, the account is used. For example, if you share a folder, the default permission is that everyone has full control, and because Guest is included within the built-in Everyone group, a hole is opened. Therefore, if you are going to share a folder, it is a good idea to remove the share permissions from Everyone.

Install (and update) Firewall, Antivirus and Malware Removal Tools

More "obvious" ones...I know. But as reluctant as I am to even add them to the list, any list about 10 things you should do "right now" would be remiss if these were not included. If it counts for anything, I am at least rolling these all into one area.

OK, firewall. Windows has a firewall. It works OK. It does not monitor out-bound traffic. Why is this important? Because a number of malware programs call home or otherwise attempt to communicate with the Internet FROM your computer after they are installed. Does that mean you're safe. No. Why? Because any malware programmer worth a dime is going to write his code to walk right around your firewall. As long as you have Internet Explorer on your PC, and it is a trusted application by your firewall, an outbound filtering firewall is no better than inbound-only firewalls like Windows built-in firewall. So why bother? Because not all malware programmers are worth a dime.

Put this in the category of better than nothing (and it is).

There are a number of good, free personal firewalls, including Sygate Personal Firewall, and Kerio Personal Firewall. Zone Alarm is also very popular (though I have a hard time recommending it since it seems to be causing more stability problems lately.

There are also another of commercial products available, which typically add more functionality, but are not necessarily better firewalls. Google is your friend.

AntiVirus programs are good. You should have one. But almost as important as having one is UPDATING it. Almost as important as updating it is RUNNING it. That seems obvious to me, but there are hundreds of thousands of PCs out there right this very second that were bought with six month trial offers from McAfee or Norton antivirus products that are expired. Many of them were never even updated.

Since new viruses come out DAILY, you should be updating regularly. Some antivirus programs come with automatic updating, some do not. If yours does not, make it a point to update at least once a week.

And RUN a system scan once a week.

Many antivirus programs monitor your system all the time, but I have seen many cases where a person gets a virus, then updates the antivirus definition, but never runs a manual scan and the virus remains.

Yes, memory resident antivirus is a great thing; but you still need to run manual scans, too.

There are a number of good, free antivirus programs, including AVG Antivirus and Avast Anti-virus. They automatically update. Both have memory resident functionality. They monitor your email accounts.

There are also another of commercial products available, which typically add more functionality, but are not necessarily better firewalls. You will often read that programs like Norton are bloated and take up too much memory, but it is still a darn fine antivirus program. McAfee is good. If I personally had to pick one antivirus program and my life depended on it working, I would use Nod32 or Kaspersky.

Malware. Shiver. Somewhere in the not-too-distant past, malware in its many varieties--spyware, adware, rootkits--eclipsed viruses and spam as the number one problem facing computer users. If current estimates are to be believed, as many as 80 percent of all computers are currently infected.

And it doesn't look like it's going to improve anytime soon. Virus, worms and trojans are typically developed and set loose by individual programmers or small groups. Malware has become a commercial enterprise. Malware is big business.

How these businesses can rationalize a right to install software surreptitiously on your machine and actually have the moxie to threaten companies and individuals for removing their garbage is a thought process so bizarre it rivals the notion that governments can spend more than they take in.

Whatever. End of rant. The purpose of this article to tell you what you should do right now, not turn you into a malware removal expert. So. Get a malware removal program. Get two. Shoot. Get three. Get them right now.

Just like there is no antivirus program that will catch every virus all of the time. There is no anti-malware program that will remove every malware program all of time. In the past a combination of two venerable antimalware stalwarts--Spybot Search and Destroy and Ad-awareSE personal edition--were a good strategy and they still are. Since both are free, there is no reason not have them.

Together, they will remove about....oh, 50 to 70 percent of all malware. Given the number of malware threats, that's not as bad as it sounds. Much of the rest requires manual intervention of some sort, or at least a greater understanding of malware and how it starts and functions.

To make matters worse, companies that produce this software are taking legal action against malware removal program makers--and worse still, malware removal programs are either buckling, or worse, perhaps even getting in bed with them.

Previously, I had strongly recommended Microsoft Antispy, but recent word Microsoft is considering buying one of the longest existing purveyors of software that loads pop ups on your computer gives me great pause. It's a shame since Antispy offered very good prevention and protection. Now....well, will Microsoft Antispy protect you from all spyware or just non-Microsoft spyware?

That said, users should include at least one antispyware or intrusion detection program that monitors your computer in realtime as well as during manual scans. Free products that include this are Spybot Search and Destroy and Microsoft Antispy. Commercial products that offer it include Spysweeper and Counterspy. Other programs offer some, but more limited realtime protection.

Another good free program to add to your arsenal is SpywareBlaster from Javacoolsoftware, which blocks spyware, though not in realtime.

Finally, another interesting program that does prevent some malware from being installed is called PrevxHome (free) or PrevxPro (commercial). It does not quite fit into the category of malware removal, because it does not remove anything, but it does prevent malware from loading in many cases. Prevx

Finally, like antivirus programs, malware removal programs need to be updated to deal with new and more virulent threats. So if you have an anti-malware program, update it...right now.

Defrag and chkdsk

Yet another should be obvious but probably is not. Well, once again, I am grouping them together so it doesn't seem as if I am padding. Honestly, when was the last time you defragmented your hard drive?

As you use your PC, you are constantly writing and deleting files. The end result of all of this activity is that gradually parts of your files are scattered all over your hard drive. When your computer needs to access a file, the drive heads need to do a lot of racing around to assemble all the pieces.

Defragging puts all the pieces of files near each other, leading to better access times.

Some people defrag as often as once a week, which is probably excessive, but a once a month defrag should be part of your normal computer maintenance schedule.

While we're on the topic of monthly maintenance, you should also consider running chkdsk at least once a month, rather than waiting for trouble to arise and then running it.

To do this

start > run, type

chkdsk /r

<enter>

This will result in a command line appearing and a notification that Windows cannot check the volume because it is unlocked. Windows will ask if it should check the volume the next time you reboot. Reply yes (y), and reboot.

There are several switches to use with the chkdsk command, but the two most relevant ones are /f and /r. Think of /f as a simple check, and /r as a simple check plus. The /r switch will take a much longer time to check the disk. The list of switches is:

• /r : Locates bad sectors and recovers readable information. It implies the /f switch (see below). The disk must be locked.
• /f : Fixes errors on the disk. The disk must be locked.
• /v : Displays the name of each file in every directory as the disk is checked.
• /x : Use with NTFS only. Forces the volume to dismount first, if necessary. All open handles to the drive are invalidated. /x also includes the functionality of /f.
• /i : Use with NTFS only. Performs a less vigorous check of index entries, reducing the amount of time needed to run chkdsk.
• /c : Use with NTFS only. Skips the checking of cycles within the folder structure, reducing the amount of time needed to run chkdsk.
• /l[:size] : Use with NTFS only. Changes the log file size to the size you type. If you omit the size parameter, /l displays the current size.
• /?: Displays help at the command prompt

You Don't Need to be an Administrator

I know, I know.... I can hear you thinking, "It's my computer, I should be the administrator and be in complete control!"

The problem is, when you are and administrator, so is everything else you are running. That means programs you run have a far greater ability to jeopardize your system.

When the programmers at Microsoft sat down to design Windows, they intended the computer administrator account for those who need to make systemwide changes to the computer, install software, and access all non-private files on the computer.

Most users do not need this kind of access/ability. They simply need to RUN the programs and access the resources. In the Linux world, the notion of signing on as an administrator all the time is so alien, the linux mavens practically have a stroke when working on a Windows system.

In Linux, it is almost unheard of for users to access the administrator account in day to day operations, and the same should be true for Windows XP users. Unfortunately, some programs require administrator access so you will need to keep both accounts handy (it seems that games are the greatest offenders of this rule), but put simply, you should always create a new. limited user account and use that for everyday computing and you will be in a far more secure computing environment.