These spyware prevention and other malware prevention tips and ideas are designed for a Home PC running Windows XP Professional and certain tips may apply to small home network running Windows XP Professional, as such some of the

recommendations may not work for other versions of Windows. As always, it is recommended to back up the data before making any changes to your computer.

Out of the box Windows installs with certain dangerous defaults which when left alone will prove to be the biggest bottle neck when you set upon to secure your system against malware and hackers.

Use a Non-Admin Account 

If there is one magic silver bullet Malware prevention solution to prevent against installation of Malware, it is using a non-admin account AKA a LUA (Least privileged User Account)AKA a limited user account when performing normal day-to-day tasks such as writing documents, browsing the Internet, reading E-mail, instant messaging etc and use an account with administrator privileges only for specific tasks that require them. This will drastically limit your exposure to Malware.


If the exploit happens to be written so that it requires admin privileges (as many do), just running as User stops it dead. But if you are running as admin, an exploit can:

  • install kernel-mode rootkits and/or keyloggers (which can be close to impossible to detect)
  • install and start services
  • install ActiveX controls, including IE and shell add-ins (common with spyware and adware)
  • access data belonging to other users
  • cause code to run whenever anybody else logs on (including capturing passwords entered into the Ctrl-Alt-Del logon dialog)
  • replace OS and other program files with trojan horses
  • access LSA Secrets, including other sensitive account information, possibly including account info for domain accounts
  • disable/uninstall anti-virus
  • cover its tracks in the event log
  • render your machine unbootable
  • if your account is an administrator on other computers on the network, the malware gains admin control over those computers as well
  • and lots more


So why not everybody run as a limited user ?

The downside to running as a non-admin user is that not everything works like it should. Check out this MSKB article, Certain Programs Do Not Work Correctly If You Log On Using a Limited User Account

Why does least-privilege computing break applications?

Because of programmers who write everyday applications that require them. Why do they do this? Because using admin rights made it easier to write certain programs. It also didn't used to be a big deal. This type of development, however, encouraged all user accounts to be set up with admin privileges by default, opening the door for some of the malicious code we're fighting today.'Least Privilege' Can Be the Best


Use Effective Passwords  

A weak password will not offer protection against determined hacker. So when you choose a password, don't pick one that is obvious like your name, your spouse's name or your pet's name.

  • Select a password that is atleast 8 charecters long. Windows accepts passwords upto 127 charecters in length!
  • Use a mixture of uppercase and lowercase letters, numbers, and other characters such as *, ?, or $.
  • If you have multiple systems, do not use the same password in all.
  • Never, ever write your passwords down or send them in unencrypted e-mail messages.

More tips on selecting a strong and easy to remember passwords Ten Windows Password Myths


Use a BIOS/Bootlevel Password

Once set, the bootlevel bios password is required every time your system is started. It protects your system by completely disabling it until a password is entered. Normally you can set a bootlevel password by selecting the option in your bios setup. While you are at it, also consider setting up a password for accessing the bios setup itself to prevent an unauthorized user from changing the bios settings.


We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.