Windows it is an operating system that has tended to normalize bad practices among users. For those familiar with Linux, macOS, and BSD, it may have crossed your mind to use an administrator-type account by default.
Most Windows users use an administrator-type account. to “speed up” the use of the operating system, however, it is more than known that this practice At the moment of truth, it represents a whole highway for malwarewhich, if executed, will have access to all or almost the entire system, thus being able to cause enormous damage that will surely force a reinstallation.
On Linux, macOS, and Unix and Unix-like systems there is an account called root, which can be homologated with the main Windows administrator. Simplifying a lot, using Windows with an administrator-type account is like using the root account in Linux for absolutely everything. That idea is a difficult monstrosity for a Linux user to accept, but in Windows it is something that has become so normalized that even the system itself invites you to do that by default, possibly in part with the intention of maintaining certain aspects related to the compatibility and to facilitate the use of those applications that require administrator privileges.
Using an administrator-type account for day-to-day tasks is a very bad idea, and the fact that hundreds of millions of people do it doesn’t make it a good thing. Getting better on that front is as simple as migrating to a common user account with less privileges. so that malicious actors have it more difficult when trying to damage the system, however, it is important to take into consideration that the user’s files are exposed in this scenario (it also happens in Linux), so a ransomware that works as a portable program could encrypt personal files with catastrophic consequences.
The common user account provides more security compared to the administrator type, yes, but does not remove or reduce the recommendation to back up on a regular basis As a precautionary measure. On the other hand, malware has tended in recent times to be directed more and more against personal data and not so much against the system (ransomware is a clear example of this), and it is that the operating system and applications, at In general, they can be easily recovered, but this is not the case with files and personal data, especially if they are not backed up.
In spite of everything, gaining security is always a good thing and using a common user account limits the malware’s radius of action, so we are going to delve into the basic types of accounts and their configuration in Windows.
Basic types of user accounts
Simplifying a lot and focusing on operating systems aimed at home environments, two types of accounts can be distinguished: administrators and common users. Windows administrators they can be equated, at least in relative terms, with the root user one finds on Linux, macOS, BSD, and other Unix and Unix-like systems. If the operating system is mutable, they have elevated privileges that allow them to do, delete and modify almost anything, even on sensitive parts of the operating system and files of any user.
All this power makes administrator-type users the ideal means to run malware on Windows because, thanks to their high privileges, they can write and delete a high percentage of the operating system, thus being able to cause serious damage that will force a reinstall , and that’s not counting personal files, which are probably also affected.
Most of the Windows users in the world use an account of type administrator, a custom encouraged largely by the operating system itself because the first account created during the installation process is of that type. This forces you to take additional steps to use a common type, which would be ideal to have additional barriers that protect sensitive parts of Windows.
Using a common user by default in Windows is highly recommended, so we are going to mention the steps to create one for better security.
How to create a common user in Windows
First of all, or at least that’s how it is in Windows 10, you have to open the Setting of the operating system from the Start menu (using the search bar will help save time). Once inside, click on the section accounts.
Once inside the account configuration, proceed to click on “Add another account to this team” within “Family and other users”.
Then a window appears inviting you to create the new user account from a Microsoft account (Outlook/Hotmail). Mobile operating systems have made something that should be voluntary almost an obligation, so we will be a little more ethical so that the account is limited, as much as possible, to being local, because with Windows 10 and 11 it is already You know that Microsoft has implemented many things to “improve the experience.” Because of that, in our case we have clicked on “I don’t have the login details for this person”.
The next step is to insist to Windows that we want to add a user without a Microsoft account, which is done by clicking on “Add user without Microsoft account”.
And now yes, the system allows you to create the common user. In this step you will have to fill in the name, optionally the password and the three supporting questions in case the user forgets the password, also click on the Next button to finish the process. It is recommended to set a password for the user even though that is little more than a barrier against the clumsy, since in the beginning it is always possible to see the files with a live Linux session.
The common user is already created, but it does not hurt to check that it really is that and not an administrator type. To do this, click on it in “Family and other users” and then press the “Change account type”. Obviously, this also serves to convert an administrator type user into a common one and vice versa.
At this point it will not be necessary to explain how to log in with the new user, right? You only have to close the one corresponding to the running administrator user and switch to the common one in order to reinforce the security obtained with Windows.
Applying the “Linux perspective” when managing Windows users is a good idea because of what we have already repeated several times in this post: improving security, especially when it comes to preventing files or sensitive parts from the system end up being modified or deleted not only by malware, but also accidentally by the user himself.
On the other hand, this is not a great panacea against threats, but that does not mean that administrator-type accounts are a wide highway that makes the task of malicious actors much easier.