Les Mikesell wrote: > On a single-user computer there's not a whole lot of value in > preventing yourself from being able to destroy other user's > work - which is what you get from the effort of not having > admin privilages all the time. This is a common misconception. First of all, you are not prevented from screwing up other users, you are prevented from accidentally screwing up the OS. Even windows tries (lamely) to protect you from deleting C:\Windows or C:\Program Files. Second, most systems nowadays are connected to the Internet, which exposes the system to all sorts of cracking attempts. The more processes you have running with administrative privileges, the more processes are available for an attacker to circumvent. On a single user system, losing user data is on the same level as using the OS, but a process acquiring a unprivileged user access has much fewer ways of using the system to do bad stuff then a process with admin access.
