A recent article in the Washington Post resonated with issues I have with several of my senior clients. What privileges should the owner of a computer have? Most of my clients now have XP and the default when making new user accounts is to grant full administrator privileges. This can be dangerous for two reasons: them and us. “Them” are the outsiders who might invade the computer for malicious purposes, and “us” are the clients themselves.

When I log onto a client’s computer as administrator and botch something up, I can almost certainly recover everything quickly – after all, I’m a professional! Right, that will get you a long way. However, curious clients who are logged on as administrators can accidentally cause a computer to stop working like they expect. The problem can range from trivial to serious, but all problems are serious to a user who suddenly can’t use familiar functions and doesn’t know how to fix it. I have one client who routinely calls me because he accidentally hits the INS key and doesn’t remember how to get out of it. Imagine the trouble he could get into if he had full administrator privileges on his own machine.

To me, this is the main reason to ask clients to allow me to set them up with limited access accounts until they feel comfortable. (BTW, I always ask and explain. These are adults, and they deserve to be part of the process.) At the same time, I install myself as a user with administrator privileges. At the risk of confusing them or giving them information they don’t really need, I try to explain quickly the difference between the various levels of permissions and why they would want to limit themselves at first. I do this without dwelling on the “them” aspects. Trying to explain to a nervous senior client who is just getting familiar with computer functions that there are ways that their computer can become a zombie is likely to do more harm than good. People worry far too much about security issues because they don’t understand the relative risks. An analogy is the way some people are afraid to fly commercially but have no problem driving to the airport in rush hour.

This is not to say that you should ignore security in setting up a system for a client, on the contrary, I just think everyone is happier if you do it quietly. I would rather concentrate on instilling good habits in surfing at first and then later show them the various security methods. Besides, rational writers of other postings in Lockergnome argue the merits of using anti-virus software at all, and I doubt that we would get a consensus from regular readers of what is the best security software.

The Washington Post article had a new twist. Microsoft offers an interesting tool, DropMyRights; I didn’t provide the link here because, following the author’s suggestion, I entered “DropMyRights” in Google and got a surprising result. You might want to check it out for yourself. The first entry turned out to be authentic, but sure looked like a phishing expedition. You have to be brave to go there. I make no recommendations. You’re on your own. However, assume you do get to the right location one way or another and install this nifty little tool. Then you can selectively limit your client’s rights without giving up all the administrator privileges.

As you navigate through the Microsoft screenshots during installation and setup, you might notice that one of the examples has a directory named “warez.” Hmm, I wonder where that came from?

Finally, you might wonder why a person from Southern California reads the Washington Post. The answer is simple: I scan the interesting sections from several online newspapers every day and read those that look interesting. The Technology section of the Post has interesting articles more often than some of the others. Don’t you just love the Internet? Speaking of which, I just received a security notice email from Chase Bank. They need to confirm my account number and some other things. That’s strange because I don’t have an account with them. Now if I just click here…

Click here to read about my new tutorial on helping seniors. The new version has grown considerably over the original. It has more topics and anecdotes, and fewer typos. While you’re at it, check out my expanded tutorial on decision theory.

[tags]administrator,phish,anti-virus,user,senior computing,us and them[/tags]