From: Gregg N 

Geo wrote:
>
> Ok try to follow this reasoning.
>
> User has a certain access level, this level gives them access to their data,
> and the capability to create, change, and delete their data.
>
> If the user runs at a low level but this low level still give him full
> rights to create/change/delete his data, why in the world would you consider
> this more secure than running as admin? Because he can't load a driver to
> compromise the machine? I can format and reload the machine, it's my data
> that can't be replaced.
>

It is true that for a single user machine, it is less important (although
many households have more than one user on a machine). However, even for a
single user, it can be advantageous to run with less than administrative
permission. If the malware has administrative permissions, it can do far
more insidious damage, such as installing a root kit that prevents you from
knowing it is present. It can also access the network in ways you might
ordinarily limit yourself (e.g., raw sockets).

Gregg

--- BBBS/NT v4.01 Flag-5