Protect your computer with this one simple trick

There's a single simple trick that will make your PC or Mac much more secure from malware and malicious hackers. It doesn't involve buying antivirus software or dropping into the command line.

This treasured secret? Create a limited user account for yourself. Use that limited account for all your daily computer activities, including internet and office tasks.

Make sure everyone else who uses that machine is on limited accounts as well. Save your administrator account for administrative tasks, including installing and updating applications and other software. Using this system will prevent or limit most malware infections, both on PCs and Macs.

The only thing you'll be giving up is the ability to immediately install, modify or delete software, no questions asked. But on today's operating systems, all you'll need to do so is type in an administrative user's username and password. The security you'll gain will be well worth the minor inconvenience.

How limited accounts protect you

This account-segregation system works because, unlike administrator accounts, limited accounts can't install, update or remove applications and other executable software.

As a result, malware — viruses, worms, Trojans, rootkits, ransomware and so on — that tries to infect the machine through a limited account often won't be able install itself and won't get a toehold. If it does manage to infect the limited account, it will normally affect only that user's files, folders and user-specific applications. The malware usually won't be able to get to the operating system or to other user accounts.

A Microsoft Vulnerabilities Report from British security firm Avecto, released in February 2017, was clear: "93 percent of Windows 10 vulnerabilities could be mitigated by removing admin rights ... including 100 percent of the vulnerabilities affecting the latest browser, Edge."

We don't have similar numbers to cite for Macs, but Mac antivirus maker Intego recommends using limited or "standard" accounts on Macs for the same reasons.

How to create limited accounts

Microsoft and Apple used to set up each new user with administrator accounts by default. But in fact, you need only one admin account per machine — and every user should have a limited account for daily use.

You'll need to be using an administrator account to do this, but the steps in each current version of Windows are similar.

In Windows 7, go to Start --> Control Panel --> Add or Remove User Accounts, or User Accounts --> Create a New Account. Type in the desired username, select the Standard User button and click Create Account. Then click Create Password and enter the desired password.

In Windows 8 or 8.1, tap the Windows key and I key at the same time to bring up the Settings menu. Select Control Panel, then either Add or Remove User Accounts or User Accounts depending on your Control Panel viewing options. Select Create a New Account. Type in the desired username, select the Standard User button and click Create Account. Then click Create Password and enter the desired password.

In Windows 10, go to Start --> Settings -- Accounts --> Family & Other Users. Click "Add someone else to this PC." Then select "I don't have this person's sign-in information" and click Next. (Ignore the prompt to enter the user's email address or phone number.)

On the following screen, select "Add a user without a MIcrosoft account" and click Next. (Windows 10 Home and Professional editions may not display the previous two steps.) On the next screen, type in the desired username and password and click Next. (We've got an illustrated guide here.)

Why this solution isn't well known

So why don't more people do this? I think most people don't know about limited accounts, or, if they do, they only think about them as a way to control the activities of a child or guest user.

Another reason is that, up through Windows XP, using a limited account was terrible. Most applications assumed that a user would have full admin rights, and many didn't work properly under a limited account. If a limited user encountered a process that required authorization by an administrator, he or she would have to switch to an administrator account to move forward.

That changed with Windows Vista and the introduction of Microsoft's User Account Control, which smoothed out the process. Software developers were required to give maximum functionality to limited accounts, and if administrator authorization was needed, a dialogue box popped up asking the limited user for an administrator account's username and password.

I've been using this system on all my Windows PCs for several years, and I've never found it to be much of a handicap. When software needs to update, I get the pop-up box and enter the admin credentials. On both Windows 7 and Windows 10, Windows Update runs without a hitch. I rarely need to log into my separate administrator account for anything.

What using limited accounts can't do

This precaution won't prevent or mitigate all malware infections. Some malware can "escalate" its system privileges and give itself powers that a limited user doesn't have. But regular, run-of-the-mill malware, which is what most people face most of the time, doesn't do that.

Nor will this stop social-engineering attacks meant to fool you into giving up sensitive information. If a phishing email asks you to log into a phony Facebook or Gmail web page, a limited user account won't help. If rogue software asks for your administrative username and password so that it can install itself, providing those credentials will erase the benefits of having a limited account in the first place.

The truth is that only you can stop social-engineering attacks. But limited user accounts can stop almost everything else.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Read more
A person typing on a computer while hackers use phishing to steal a file from their computer
It's Safer Internet Day – here are 5 tips to help you be safer online
Malware
New macOS malware uses Apple's own code to quietly steal credentials and personal data — how to stay safe
Black and white photo of a woman, with her eyes obscured by pixels
It's Data Privacy Day – 4 ways to protect your info online
Facebook, Instagram, YouTube, Pinterest, X, LinkedIn, Reddit, TikTok, Threads apps on an iPhone
Why you need to review your app permissions now
A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.
The best Mac antivirus software in 2025
Holographic login above laptop keyboard
Yes, you can use your browser's password manager – here’s how to do it safely
Latest in Online Security
Windows
240 million Windows 10 users are vulnerable to six different hacker exploits — protect yourself now
Victims of Identity Theft
FTC says Americans lost $12 billion to scams last year and these were the worst ones — here's how to stay safe
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Latest in Opinion
A person plugging a coaxial cable into the wall
I finally added internet to my kitchen and all it took was my old cable TV wiring — here’s how
Apple Intelligence on an iPhone screen
Apple analysts sound alarm on Siri delay — here’s why
samsung galaxy s25 edge mockup at galaxy unpacked
Galaxy S25 Edge is overhyped — I want Samsung to make this phone thinner instead
Dyson V7
I tried this DIY vacuum cleaning hack — and it solved one of my biggest problems
Adam Scott and Britt Lower in "Severance."
'Severance' season 2 episode 9 sets the stage for an epic season finale — here's why
Cyberpunk 2077: Ultimate Edition
I just saw Cyberpunk 2077 running on a Mac Studio — and I couldn't be more excited
  • velocityg4
    As I saw this article from the forums. I was sure it was going to be a spam post, based on the title.
    Reply
  • JoshRoss
    The almost click bait was too real. Titles like these are discouraging. But I do agree with the posts point. Admin accounts for admin stuff and keep it that way. Unfortunately, I need to constantly work with files, permissions and such, I do not have the luxury of not having an Admin account, but for a common user, that should be a go to choice!
    Reply
  • Saga Lout
    I homed in on this thread with all guns blazing on grounds of the title but it's fine if our Managing Editor is behind it.
    Reply
  • Paul Wagenseil
    20086162 said:
    As I saw this article from the forums. I was sure it was going to be a spam post, based on the title.

    But you clicked on it, right?.....:)

    Reply
  • mdd1963
    I was half-expecting a "Use Linux Mint 17.3 or higher "-tutorial/coach! :)
    Reply