Vocal Voices

[Suff]

Aggers, thanks for the compliment. I try to make it interesting. It can be a very dry subject if a bit of humour and humanity is not injected.

The problem is it's all still a bit wild west out there and the privacy laws of countries, designed for very good reasons, tend to protect the perpetrators.

I must admit that every tom dick and harry can't access my computers. In fact the only times I've had trouble with that, have been when I've disabled my own protection and invited it in.

There are two simple ways to protect your laptop. The first is obvious. A comprehensive and capable AV and firewall suite which blocks all such access. I don't include McAffee in either competent or comprehensive no matter how many stars they get.

The second one is quite obvious but few people (least of all me), actually do it. That is to have more than one account on your computer. One, for installing software, has full rights (Administrator account). The other, which you use for day to day things, is simply a user who does not have the rights to install software or bugger up the system.

When you are not an administrator, your account cannot mess your system up. Therefore any software using your account also can't mess it up. It is quite obvious but Microsoft has been very loathe to implement it because most people simply don't want to understand why they can't do things and learn how to do those things safely.

A bit of a chicken and egg scenario. If Microsoft enable the security they drive away users. If they don't users are infected. In either case it is always Microsoft who gets blamed.

This is highlighted by the way I do my media streaming. The accounts used by the various devices which stream the music and video's only has read access to the files. No matter how bad a virus is on the system, it can't impact those files because it can only read them. My PC, on the other hand, which I use for ripping and organising the media, has full access.

On the other hand the 650 million Apple Computers which were compromised and co-opted into a botnet represents a far bigger security threat (given the relative numbers of computers our there), than Microsoft software. I don't see Apple getting the same grief over it...

Speaking as someone who has both been burgled and had a house fire, I am not quite so confident that my physical library is so safe. My digital copies on the other hand live in several different locations in different copies. I keep them safe from attack and from damage.

Books degrade, fall apart, lose their ink, decompose. Digital media, with a bit of common sense and moving constantly to newer media, will be as good on day 1million as it was on day 1. The trick is to put that protection in place which means regular procedures and processes followed religiously. A bit more work that putting dust and light covers on the library, but, still, a better result in the end.

[Workingman]

There are two simple ways to protect your laptop. The first is obvious. A comprehensive and capable AV and firewall suite which blocks all such access.......

The second one is quite obvious but few people (least of all me), actually do it. That is to have more than one account on your computer. One, for installing software, has full rights (Administrator account). The other, which you use for day to day things, is simply a user who does not have the rights to install software or bugger up the system.

That's me, still old school. I have a password protected Admin account and a different password protected User account, for me. I have Windows auto log me in to my account so the the Admin option is not shown.

[Aggers]

I have a password protected Admin account and a different password protected User account, for me. I have Windows auto log me in to my account so the Admin option is not shown.

You've lost me there.
I'm out of my depth and can't swim.

[Workingman]

Aggers, a scenario for you - to help you at least tread water.

Most of this you will have done at some time.

When you buy a new computer or install a new version of Windows you are asked to create an account during setup. The default is Admin and you can use that name and give it a password. However, most people change the name to something they know and set a password. For this let us call the main account Homer and set a password

On the next boot the welcome screen presents you with a dialogue box with the account you created (Homer) and asks for the password before you get into Windows. If you do nothing this happens every reboot.

So, you boot, Homer is there and you give it the password and off you go into windows.

If you now go to Control Panel>>>User accounts you will find that Homer is the user account, that it is an administrator and that it is password protected. In other words you as the user of Homer can do whatever you like to the computer, but so can anyone who is using the computer or gets in by a back door. If you go to Manage another account you will also see a Guest account and that should be turned off.

Below the two default accounts you will see Create a new account. If you click on that the new window allows you to name the account, say Homer2, and to set its account type - it should be as a Standar user. Once the account is created it will appear in User accounts. So you will now have Homer (Admin) Homer2 (Standard) and Guest, turned off. If you click on Homer2 there are options of which Create a password is one. A password should now be set.

At next boot you will now get the option to login to either Homer or Homer2.

Homer2 is the safe account and is system restricted - this should be the default for normal use. You can still get to Homer by going to the Start button and then Switch user and be presented with the Welcome screen again. However, if you want to get to Homer's files from Homer2 using My Computer/Windows Explorer you will be asked for the Homer password. This stops people and malware from messing about with your system.

It is not as long-winded as this post, believe me.

What I have done is make my computer auto-login to the safe account so that when the computer boots it goes straight to that account without asking for passwords.

[Aggers]

Thank you Frank.

A very lucid explanation. I will have a go at it sometime.

[Workingman]

Thank you, John.

Many families set their computers up as above so that mum, dad, son and daughter all have their own accounts separated from the main Admin account.

I wasn't suggesting that you do anything, it was more of an explanation of how things work. Having said that, and if you want a play, why not set an account for W to use? She could make the account the way she likes it: wallpaper, sounds, colours etc.

[Suff]

This is what I do with the Kids/Grandkids on Mrs S laptop. They don't get into my machine, end of story.

I used to have Mrs S as a normal user on Windows NT on her old (very old), PC, after she kept having issues on Windows98. It worked very well but with XP there was so much changing all the time and she was asked for the password so often that I made her admin again.

WM's suggestion is very good. Also it gives Mrs A the opportunity to customise it for herself. For instance on Mrs S laptop I have an Admin account (for the obvious reason). I use single click (an acquired taste) and she uses double click. So if you log into my account it's all single click as I like it. If you log into hers, it is double click...

[Workingman]

I had thought that the user accounts thing was normal practice, but no.

When I was doing the network training there were times when no courses were running so I had a sideline decluttering and disinfecting people's computers. It amazed me the number of homes I went to where everyone and the dog used the same (Admin) account. So there would be Johnny flying round the internet, downloading and installing goodness knows what, and when mum or dad came to use it it was infected to the nth.

People are so trusting it is unbelievable.

[Suff]

People are so trusting it is unbelievable.

In some ways it's the industries fault. We tell them it's all easy and just go use it. In fact it is a discipline like any other. The less disciplined you are, the more pain you will face.

How they deal with automated FB logins, twitter, Google, Mail, etc I have no clue. That is what user accounts are all about, segregating the automatic services per user. Not something the industry pushes. People who do not work in a corporate environment where they see multiple people using the same machine with different accounts probably have no clue the ability even exists. The majority of OEM setups don't even push et even though the MS base setup does ask if you want more than one account in terms people understand such as "Who will use this computer".

[Workingman]

When this came up I got to wondering about how many people secure their phones to "read/listen only" mode for calls and texts. I mean secure enough so that at least a pin or facial recognition is required to use apps and make outgoing communications.

I have asked a few people and have not met one as yet.