Windows is an operating system that has tended to normalize bad practices among users. For those of you familiar with Linux, macOS, and BSD, it may have occurred to you to use an administrator-type account by default.

Most Windows users use an administrator-type account to “speed up” the use of the operating system, however, it is more than well known that this practice represents, at the moment of truth, a whole highway for malware , which in case if executed, it will have access to all or almost all of the system, thus being able to cause enormous damage that will surely force a reinstallation.

On Linux, macOS, and Unix and Unix-like systems there is an account called root, which can be certified with the main Windows administrator. Simplifying a lot, using Windows with an administrator-type account is like using the root account in Linux for absolutely everything. That idea is a monstrosity hard for a Linux user to accept, but on Windows it’s something that’s become so standardized that even the system itself invites you to do that by default, possibly in part with the intention of keeping certain aspects related to the compatibility and to facilitate the use of those applications that require administrator privileges.

Using an administrator-type account for day-to-day tasks is a very bad idea, and the fact that hundreds of millions of people do it doesn’t make it a good thing. Improving on that front is as simple as migrating to a less privileged common user account to make it more difficult for malicious actors to attempt to damage the system, however it is important to note that user files do are exposed in this scenario (in Linux it also happens), so a ransomware that works as a portable program could encrypt personal files with catastrophic consequences.

The common user account provides more security compared to the administrator type, yes, but it does not eliminate or reduce the recommendation to make backup copies with some regularity as a precaution. On the other hand, malware has tended in recent times to be directed more and more against personal data and not so much against the system (ransomware is a clear example of this), and that is that the operating system and applications, usually In general, they can be easily recovered, but that is not the case with personal files and data, especially if they are not backed up.

Despite everything, gaining security is always good and using a common user account limits the scope of malware, so let’s delve into the basic types of accounts and their configuration in Windows.

Basic types of user accounts

Simplifying a lot and focusing on operating systems aimed at home environments, two types of accounts can be distinguished: administrators and common users. Windows administrators can be equated, at least in relative terms, with the root user one finds on Linux, macOS, BSD, and other Unix and Unix-like systems. If the operating system is mutable, they have elevated privileges that allow them to do, delete, and modify almost anything, including sensitive parts of the operating system and any user’s files.

All this power makes administrator-type users the ideal means to run malware on Windows because, thanks to their high privileges, they can write and delete a high percentage of the operating system, thus being able to cause serious damage that will force a reinstallation. , and that’s not counting personal files, which are likely to be affected as well.

The majority of Windows users in the world use an administrator-type account, a custom largely encouraged by the operating system itself because the first account created during the installation process is of that type. This forces having to carry out additional steps to use a common type, which would be ideal to have additional barriers that protect the sensitive parts of Windows.

Using a common user by default in Windows is highly recommended, so we are going to mention the steps to create one for better security.

How to create a regular user in Windows

First of all, or at least that’s the way it is in Windows 10, you have to open the operating system Settings from the Start menu (using the search bar will save time). Once inside, click on the Accounts section .

Once inside the account configuration, proceed to click on “Add another account to this computer” in “Family and other users” .

Then a window appears inviting you to create a new user account from a Microsoft (Outlook/Hotmail) account . Mobile operating systems have made something that should be voluntary almost an obligation, so we will be a little more ethical so that the account is limited, as much as possible, to being local, because with Windows 10 and 11 it is already You know that Microsoft has implemented many things to “ improve the experience ”. Because of that, in our case we have clicked on “ I don’t have this person’s login details ”.

The next step is to insist to Windows that we want to add a user without a Microsoft account, which is done by clicking on “ Add user without a Microsoft account ”.

And now yes, the system allows you to create the common user. In this step you will have to fill in the name, optionally the password and the three backup questions in case the user forgets the password, in addition to clicking on the Next button to finish the process. It is advisable to establish a password for the user even though that is little more than a barrier against the clumsy, since at first it is always possible to see the files with a live Linux session.

The common user is already created, but it doesn’t hurt to check that it really is that and not an administrator type. To do this, click on it in “Family and other users” and then press the ” Change account type ” button . Obviously, this also serves to convert an administrator type user into a common one and vice versa.

At this point it will not be necessary to explain how to log in with the new user, right? You just have to close the one corresponding to the running administrator user and go to the common one in order to reinforce the security that you get with Windows.

conclusion

Applying the “Linux perspective” when managing Windows users is a good idea, which is why we have already repeated several times in this post: improving security, especially when it comes to preventing sensitive files or parts from from the system end up being modified or deleted not only by malware, but also accidentally by the user himself.

On the other hand, this is not the great panacea against threats either, but that does not mean that administrator-type accounts are a wide highway that makes the task of malicious actors much easier.