So I'm shortly going to have to reinstall vista from scratch, and I thought I'd take the opportunity to see if there's anything I should be doing to increase security.

I've been playing poker less lately then I have in the past, and it seems like a bit of a waste to have a really nice workstation set up that I only use occasionally. I think i'd like to starting doing some other things on this machine, but I'm worried about potentially increasing my security risk by doing so.

How good of a security measure is using multiple user accounts? Should I be doing this anyway? I'm thinking I'll have one non-admin account I'll use for things like photo-editing and maybe some games, and I'll have a seperate account that's just for poker stuff. How easily/well does vista sandbox stuff? If I were, theoretically, to download a 'demo' of photoshop that happened to include something malicious, would having multiple user accounts without root access make me safer?

As a bonus question, is there anything else I should be thinking about when I do this fresh install that will decrease my risk of compromise?

It's probably not neccessary to run several different non-admin user accounts for various things. Just use a non-admin account for most things, and only use the admin account for installing stuff like AV and Firewalls, stuff that generally requires you to use the admin account to install.


If you get a bad file, yes, installing it on a non-admin account would cause a lot less damage than if you installed it on the admin account.

Hi cmyr,

1. If you run a Microsoft O.S. go for the latest version i.e. Vista.
   
2. Have a seperate user for yourself for the day-to-day stuff. You can add this user to the administrator's group, but with UAC (user account control) everytime you or an application tries to write to the registry you will have to click to allow.
   
   (This can be very annoying during your initial setup when you are loading all your apps / doing a lot of configuration change, but it is only during this initial install phase that it is irritating, once you are setup and assuming you don't load / unload software regularly you'll forget about it.
   
3. Configure automatic updates to automatically download and install updates as they become available, check daily
   
4. Install and configure a decent freeware antivirus there are many but Avast is pretty good if you want a recommendation. Ensure said anti-virus has real-time monitoring enabled. Also configure at least a daily scheduled scan which will scan your entire machine, mine runs at 02AM every morning
   
5. An anti-spyware is also recommended
   

From your post you seem to want to segregate the 'sensitive' poker stuff from your day-to-day apps. Apps store info in the registry and although seperate user accounts will have seperate registries for the apps (depending on how the app was coded), confidential information stored in the registry would be encrypted (esp for security conscious software companies) and for all intensive purposes pretty useless to the villian.

What you should rather worry about are viruses / trojans or malicious apps (read key-loggers) that wil capture you entering confidential information and sending it to the villian.

This leads back to keeping the machine security as tight as possible. Seperate user accounts become meaningless if the administrator (un-intentionally) installed a key logger as a service which will now capture any key-strokes (even those made by non-admins).

thanks for the responses.

I've used vista, and don't particularly mind UAC.