One of the problems with Windows XP that’s been changed in Windows Vista is that the default settings for the main user account give it administrator status. That means the user can change anything on the computer, delete anything and install anything.

Running in an administrator account all the time is one of the reasons XP was more vulnerable to things like spyware, viruses, trojans and other attacks. Because the user is an administrator, those things had pretty much free reign over the computer.

In Vista, the main user account is more limited and you have to enter a password every time you do something that needs administrator access.

Whether the way Vista handles it is the best way is another topic. Those constant prompts asking for your password can get annoying, but that’s the price you pay for higher security I suppose.

If you’re running XP, you can still set up a limited user account which will help prevent some of these things from infecting your computer.

Whether you’re on Windows XP or Vista, it’s never a good idea to use an administrator account all the time. Do the bulk of your work in a limited account and only switch to the administrator account for things that require it.

Yes, that means having two separate accounts even if you’re the only person who uses the machine.

Here are some more strategies for user accounts on Windows:

• Each user on the computer should have their own account
• Don’t store any private files in the “Public” shared folder - all users on the computer can access it
• On Vista, you should turn on parental controls as appropriate for any children’s accounts (XP doesn’t have parental controls built-in)
• Don’t share the administrator account password with anyone, and make sure it’s strong enough that it can’t be guessed

I’ll be posting more details on how to do these things over the next few days, but to get all the information in one place take a look at my Online Security Toolkit.