Generally, two types of accounts are used to log a user on to a computer's operating system. One has nearly unlimited rights, often called an administrator account, the other has limited rights, often called a standard user account. Standard user accounts permit some tasks but prohibit others, such as installing an application or altering the computer's system settings. Administrator accounts, on the other hand, generally permit most if not all tasks.
Not surprisingly, many users log on to their computers with administrator accounts so that they may do nearly whatever they want. But there are significant risks involved in using administrator accounts. Malicious code may perform whatever tasks are permitted by the account currently in use, such as installing and deleting applications and files—potentially highly damaging tasks. This is because most malicious code performs its tasks while impersonating the current user of the computer—thus, if a user is logged on with an administrator account, the malicious code may perform dangerous tasks permitted by that account.
To reduce these risks, a user may instead logon with a standard user account. Logging on with a standard user account may reduce these risks because is the standard user account may not have the right to permit malicious code to perform many dangerous tasks. If the standard user account does not have the right to perform a task, the operating system may prohibit the malicious code from performing that task. For this reason, using a standard user account may be safer than using an administrator account.
If a user is using a standard user account he or she may still perform tasks requiring higher rights by elevating his or her rights when needed for a particular task. Assume, for example, that a user wants to install a video card on his or her computer. To do so, the video card needs to run an installation wizard. This wizard uses two tasks, each of which requires administrator rights. To allow the wizard to install the video card, the user will typically need to elevate his or her rights for the first task and then elevate his or her rights again for the second task.