Until today, I NEVER noticed the Run as... option on the Explorer context menu. (Ok, so I'm not very observant.) Selecting Run as... opens a dialog box with a check-box to "Protect my computer and data from unauthorized program activity"
So I googled this and from what I gather, this option should not be selected by default. In fact, the dialog box includes a warning that using this option could cause problems with some programs since it limits registry access to read-only and other restrictions. Seems like something one might use on an 'as needed' basis.
As it turns out, every exe file I checked on my system, and my wife's laptop, has this option selected. How can this be?
NOTE: both computers are set up with a single user profile, and that profile naturally has admin privileges.
I am sorry but is there a question in all that. Anyway it sounds like you stumbled into something that should not be cause for concern.
On these newer OS'es (windows seven, vista) the uac asks you if you want to allow installs
this is probably activated when you click yes. This would protect you if a trojan program or malware tried to access the registry and change the system.
I believe I understand the intent of the option. My question was "how can this be?"
In other words, with this option is checked for every exe files, it doesn't make sense that I wouldn't have encountered problems.
If indeed this option blocks registry writes, then this option must be non-functional on my computer, or there's more to it that I don't understand. I'm just trying to understand what doesn't make sense to me.
I found plenty of examples in a google search of programs that won't function with this option checked. Outlook Express is one I recall that is said not to even open with this option checked. But use OE without any problems.
When something doesn't make sense, that usually means I don't have all the information.
One thing that would be helpful to know is if others who run XP have found this option is checked by default on all exe files. At the present, there's no way to know if this option was selected when I installed the OS or if some program did this without my knowledge.
Thanks for any information anyone can provide on this.
...In other words, with this option is checked for every exe files, it doesn't make sense that I wouldn't have encountered problems.
If indeed this option blocks registry writes, then this option must be non-functional on my computer, or there's more to it that I don't understand....
I'm not sure what you're seeing if you think checking "this option" that says "[x]Protect my computer and data from unauthorized program activity" would automatically cause problems. Remember it says "...but selecting it (that account option) MIGHT cause the program to function improperly"
The option allows the file to run with all permissions granted to a given user account, and you have signed-on under that account to begin with. As long as the user account has permission to do what's needed, there is no problem for a properly installed program. AFAIK, the anti-malware option is designed for programs that try to do an end-run around the process.
When you first install a program, it may offer you a choice to install ONLY for "this user", or for "all users", although sometimes an installation program might assume one or the other and take the decision out of your hands. But either way, "authorization" is inherent in the installation process. And, when you go through the installation process, a record is kept of the fact...which "unauthorized" programs will try to either avoid or try to spoof.
So I could see that when you check that option, there is a more thorough validation process and if a program's installation didn't follow all the right protocols, it might be more inclined to fail and therefore "function improperly".
At least that's the way I see it.
Or, maybe I too misunderstand exactly what it is you're asking.
I checked with a couple of friends who run XP and it appears that all EXE files default to having this option checked. Apparently this option only causes problems for users that aren't logged in as Admin, which doesn't apply in my case since I only have one user account defined. Thanks for engaging me on this.
...Apparently this option only causes problems for users that aren't logged in as Admin, which doesn't apply in my case since I only have one user account defined....
It's more likely you'd have the same situation for any user account that has Admin privileges...e.g. not having to be logged in as the literal Admin user account.
BTW, it's usually a better operational security practice to NOT use the WinXP default Admin account as the only account on your system, esp because the default password during installation is that there is no password.
So whether you do or not, make sure your Admin account has a rigorous password.
But I recommend creating a separate account with the privileges you need, and NOT routinely running everything under the Admin account.
When you're logged in as the Admin (esp. with WinXP and below where the default password is BLANK when you install Windows) it leaves your system much more exposed.
While anti-malware,etc. still works, always using the Admin account is just not the very best security practice.
After WinXP (WinVista and later) Microsoft took a significant step in improving Windows operational security by stopping the practice of creating the Admin account as the default account (that previously was made even worse with a blank password as the default).
An Admin account with a blank password is a major security risk.
Even if you're the only one with access just consider if someone steals your PC or gains access via an online connection (spyware/malware/zombieware/etc).
While just using an Admin password won't stop a concerted effort to gain access, it does make it more difficult and time consuming to do so.
Of course, even better data access protection is obtained by using system encryption like freeware TrueCrypt.