The same advice I give for Windows users. Don't do day to day work with a privileged account.
In the Linux/Unix world, the user root is the "admin" user. In Windows, the user created when you install the computer is given administrator rights.
I tell folks to either make that a special user, such as super-eric and set up the PC, then create a regular user called eric and do your day to day work as eric. If you need to install a program, you can always run the installer as super-eric.
This blunts many threats as if they are run without admin rights, their access to your system is limited.
But most folks just allow Windows setup to give their user admin rights and never think about security. So if they click on the wrong thing, it runs with admin rights.
UAC (IIRC that's the name) helps prevent this. But how many times have you seen people just give permission to whatever is on the screen without thinking about it?
By running as an unprivileged user, you have to actually choose the privileged user account and give it's password in order for that program to run. Hopefully, that gives the user pause to consider why this program is seeking admin rights.
Ditto for the root account on a Linux/Unix box. You have to install the program as root. Either using sudo or some other means of authenticating as root.
It prevents non-root users from making significant changes to the environment.
On our home PC's, I've found that not giving the kids Admin rights or the Admin password has eliminated the need for me to re-install their computers every 6-12 months.
Originally Posted By: The_Eric
Originally Posted By: Rand
not the least of which you dont usually run as an admin account.
Would you explain please, why I shouldn't run as an admin?
