Every Windows machine (and OS/X) ships with a very powerful, well thought out system of “user accounts” and security. Unfortunately, by default they ship with that security essentially turned-off: you “automatically log in,” without a password, to a user with Administrator privileges. And I am now going to try to persuade you that this is not a Good Thing.
The reason: viruses and malware.
Any program that “you” run, or that runs in “your” session, runs as “you” with the full rights, powers, and privileges of “you.” That includes any virus, malware, nasty script or what-have-you. If you are running as an Administrator and a nasty bit of rogue code tells the computer, “Shoot yourself in the foot!” … hold your ears … ka-BLAM! No questions asked. :o
These same systems define different levels of privilege: Administrator, Ordinary or Limited user, and further Restricted users.
For ordinary purposes, other than actual system maintenance, you should be running as a “Limited” user. You can easily get there from here like this: - As your powerful self, create another user who is an Administrator. - Log off, then log on as that user, and from that user revoke Administrator status from your regular account. Also make sure that all of your accounts have non-trivial passwords, and that no “automatic” logins occur. - Log back on as your previous, now-limited, self. You can, of course, set up as many “Limited” accounts for yourself as you wish: files owned by each of them will be neatly protected from one another… and this protection will actually mean something. No one, not even a virus, can defy it.
Viruses and malware are strictly opportunists: theytake advantage of the fact that, out of 10,000 randomly-chosen systems, more than 90% of them might prove to be defenseless. (Not because they should be; certainly not because they have to be; just because they are.)
If your account is limited, and if you never respond to any prompt for an administrative password (you log-on instead), then there is nothing that any virus or any program can do to affect any “global” registry-entry or application file. Or, any file not owned by them whose owner has not expressly given permission. It doesn’t matter how the malware was concealed, or how it got into your system … the moment it tries to do something nasty, ZZZZZtttt! It just hit the proverbial super-bug-zapper and it’s dead.
I advise that you should not run a “Guest” account; and that you should remove it. No one should be able to use your system, in any capacity whatsoever, without a password or as a “guest.” If you find that guest-access is appropriate (say for your visiting nephews), its name should not be named “Guest.”
A better choice for your nephews would be a Limited user with further restrictions placed upon it … programs they can’t run, sites where they can’t go. (I mean, you can love the little rug-rats without trusting them with the crown-jewels of your machine.) These restrictons will “stick.”
You should do this. You should do this now.