Understanding User Accounts

Starting with Windows XP, Microsoft began to push PC-based user accounts to consumers. That’s because XP, unlike previous consumer-oriented Windows versions (such as Windows 95, 98, and Me), was based on the enterprise-class Windows NT code base. NT originally was developed in the early 1990s as a mission-critical competitor to business operating systems such as UNIX. Previously, consumer Windows products such as Windows 95 and Windows Me were based on legacy MS-DOS code and provided only the barest possible support for discrete and secure user accounts. That’s because those systems were originally designed for single users only.

Eventually, however, Microsoft began moving the two products together. Windows XP, released in 2001, was the first mainstream NT-based Windows version, and this product marked the end of the DOS-based Windows line. Windows Vista, like Windows XP, was based on the NT code base, which means that Microsoft marketed separate versions of Vista to both individuals and businesses. Additionally, Vista retained—and even enhanced—the paradigm of all users having their own user account for accessing the PC.

As an updated version of Windows Vista, Windows 7 offers an evolution of the user account capabilities from its predecessor. That said, some of the changes dramatically alter the experience of using and protecting user accounts. Therefore, it’s worth discussing how user accounts have changed in Windows 7 compared to both Windows XP and Vista.

First, however, a short review may be in order. When you installed or configured Windows XP for the first time, you were prompted to provide a password for the special administrator account and then create one or more user accounts. Administrator is what’s called a built-in account type. The administrator account is traditionally reserved for system housekeeping tasks and it has full control of the system. Theoretically, individual user accounts—that is, accounts used by actual people—are supposed to have less control over the system for security reasons. In Windows XP, that theory was literally a theory. Every user account you created during XP’s post-setup routine was an administrator-level account, and virtually every single Windows application ever written until fairly recently assumed that every user has administrative privileges. This resulted in an ugly chicken-or-egg situation that has caused several years of unrelenting security vulnerabilities because malicious code running on a Windows system runs using the privilege level of the logged-on user. If the user is an administrator, so is the malicious code.

In Windows Vista, everything changed. Yes, you can still create user accounts, and hopefully, you create accounts with strong and secure passwords. (Microsoft still doesn’t require this is in Windows 7, for some reason.) And you would still log on to the system to access applications, the Internet, and other services, just as you did in Windows XP. But in Windows Vista, user accounts—even those that were graced with administrative privileges— no longer had complete control over the system, at least not by default. Microsoft, finally, was starting to batten down the virtual hatches and make Windows more secure. Although there were (and still are) ways to counteract these preventive measures, the result was a more secure operating system than previous Windows versions, one that hackers have found and will continue to find more difficult to penetrate.

Microsoft’s approach to user account security in Windows Vista was hugely successful.
According to the software giant, Vista users experienced 60 percent fewer malware infections than did XP users. Windows 7 continues using the infrastructure Microsoft created for Vista while adding a few changes at the requests of its customers. The following sections look at what has changed.

Source of Information : Wiley Windows 7 Secrets (2009)