Scanning across user profiles in XP

[Ripley]

Still learning XP from using Win98 for so long.
These questions relate to computers set up with multiple user accounts in home edition including Administrator, Limited, or Guest accounts/profiles.
My assumption is that most, if not all anti-virus scanners when you select full system scan, scans all profiles.
If that's the case, is the same true for all anti-spyware scanners?
I know in AdAware there is an option under Tweak...Scanning Engine to check scan registry for all users.  If that is checked, then all user accounts/profiles are scanned regardless of what profile you are logged onto when you start the scan?
At another forum, someone stated that Spybot only scans in the profile that you are logged onto at the time.  Is that the case, and if so, should a Spybot scan take place in each profile?
And then my same questions extend to the other programs I am using like Counterspy and Ewido.
As I review scan logs from Ewido, a single log includes information from multiple profiles, but is it any more effective to initiate a scan in the administrator profile as opposed to a limited one?
And CCleaner...this tool needs to be run individually in each profile as far as I can tell.  Is there a way to run in once for all profiles at the same time?
And while I'm on the subject, should HijackThis always be opened, start scans, and "fix" things in the administrator profile or does it matter?
My brain is wanting to say that if a scanner identifies an infected file or some malware in one person's profile, then all additional scanning and clean up should be inititated being logged onto that profile and focused in that same profile, even if that profile is limited.  Or should you log onto a profile with admin rights? 
Obviously, still trying to understand this file sharing between profiles by reading all the microsoft support pages, but it's triggered these questions as to how these security programs are scanning when there are multiple user profiles.

[GR@PH;<'S]

ripley,

questions relate to computers set up with multiple user accounts in home edition including Administrator, Limited, or Guest accounts/profiles

I would say unfortunately not as Limited accounts holders can not remove certain files / Folders
but it is always good practice to scan with Administration rights.

GR@PH;<'S   :breakkie:

[Brynn]

Good questions  :)
I just set up a Limited User Account for the first time, and share many of your questions.  Or, I guess I'm still in the process of setting it up.  Anyway, I'm using XP Home, too, and I'll be interested to read any replies here.

Now see, I just ran all my usual scans for the first time since setting up the new user.  But I don't see any indication that the separate accounts/profiles are being scanned individually.  All the scans went through as usual.  I have not yet connected the new account/profile to the internet, though, so maybe that's why none of my programs seem to have recognized it.  Or maybe one must scan all accounts/profiles individually.  I just don't know :?

Ripley, would you mind if I list my security programs, here in your thread?  Since we're asking the same question, it might be easier for other members to reply in one place?

[Ripley]

Clearly it would make sense to to start scans in an administrator profile as GR@PH;<'S says so it has the authority to remove/clean, and it would reason that any HJT fixing should take place there as well.
But, scanning should be done in each limited profile as well?
In my case, AdAware shows no critical objects in the adminisrator profile, but finds critical objects in the limited, (which aren't cookies or MRU's) when profiles are switched and it's re-scanned in the limited profile.
Spoke to tech support at Counterspy/Sunbelt and it was recommended to scan in the administrator profile, but to also log on to the other profiles and scan there as well.

And Brynn, unless a moderator says otherwise, I have no problem with you posting your questions as it is the same topic.

[mitch]

have you tried to
in user

right click the user shortcut and select "run as " and select admin and password  and run aaw?

some programs install in all user, some in admin, some in where it was installed and you can't easly controll that ! ( you can look through the expanded windows folder and see

ewido works for all, but A2 is in admin only ;-(

but i still like being online as user as a bit more protection !
and to be realy safe i now do linux for 99% of online

[GR@PH;<'S]

mitch,

but i still like being online as user as a bit more protection !
and to be realy safe i now do linux for 99% of online

I agree

GR@PH;<'S   :breakkie:

[Ripley]

have you tried to
in user

right click the user shortcut and select "run as " and select admin and password  and run aaw?

I'm going to try this and remember this little tip.  I see it coming in quite handy in the future!  Thnx!  :thumbsup:

some programs install in all user, some in admin, some in where it was installed and you can't easly controll that ! ( you can look through the expanded windows folder and see

ewido works for all, but A2 is in admin only ;-(

I am going to be coming back to this comment after I spend more time reviewing my expanded windows folder.

[Brynn]

Thanks ripley  :)

If I'm understanding the replies thus far, there's no one answer.

• all should be run in admin account, as usual
• when scanning in admin, most programs also scan other user accounts
• some programs don't, so scans must also be run in the limited user account(s)
• Ad-Aware does not scan other user accts, so must be run separately in each user acct

(A2 is Ad-Aware?)

So mitch, are you saying that a security program scans where ever it was installed?  Oh...then I will not list all my programs, but instead, like ripley, check the "expanded windows folder" first.  If I can't figure it out from there, then I'll post my programs.  Only problem, I don't know what the "expanded windows folder" is, or where it is.  I would much appreciate if someone could let me know, please?

[mitch]

my thoughts


using different users can be a "black art"


click on
start/all programs/accessories/windows explorer


and on the left side click the "+"
on my computer
drive C
windows
documents and settings

and you will find settings for all users, the admin, the users

so one can be blocked from another user

and you can install a program in ADMIN and it will not show up in user at all !

on anti-crapware i usually give the user admin powers before i download the program ( say aaw) and install in the admin account and give it a shortcut

then i install it
then change user back to limited
then run the program
if troubles, right click on the shortcut and select "run as" admin !
REMEMBER in a limited account you can't get to everything, some are restricted

but i can run a scan in limited as limited and still clean out most things ;-)
ccleaner doesn't care and will work fine in limited my way ;-)

spywareblaster requires admin to update, but that's it

the original version of ms anti-spyware would do horrible things to me if it didn't have admin to run !
i don't know of any hard and fast rules but

1. if it doesn't run in USER then you will need admin powers ;-)
spybot runs in user but requires admin to update

so you won't find a list of easy rules or what will and wont run


but that" problem" is what is keeping you safer when you are on the web playing !


using USER for online
ie and oe set up for security
several FREE anti-crapware programs
good firewall ( sorry MS)
and common sense and not clicking to open everything


i have had one bad cookie in about the last 2 years


yep i have shown several bad things, but usually wait and find that the anti-crap ware program made a big bobo
even spybot S & D called my site bad news with c1 lop for about 6 months till they finally listend to me
aaw has called my site bad with their ad-watch
so no anti-crap program is 100 per cent right, if you get a hit on a bad thing...look around,post before you start killing good programs ( such as ace HTML editor) as you might not be able to get the program back and working again !

and do backup your total system !!!!! as your last line of defence!
i have had to use my backup three  times
1. when my hard drive died
2. microsoft had a "critical update" that killed win XP for me
3. a program killed my ACE html editor and deleted critial "infected files" and that version is not available anymore

and i do not like the joy of installing XP from scratch, doing all the updates ( sp-1 and sp-2) and others, trying to download and install all my programs
and remembering who is in my address book and all the filters on my spam software, and all the lost jpg's and gifs that can't be relpaced !

i can do a full backup of the drive in less than a hour and restore in less than a hour so i do a backup once a month or
before and after a critical update or install of a program !

sorry for being so long winded
mitch

i am not the big tech geek ! but have spent a fair amount of times on forums and have seen people like Spy Die,the gun and several other "big kids
work a HJT log for days and use several other programs to try and get a system clean again. and the one thing i figured out real quick
if i can keep the stuff off my system then i can spend more time in the loung area , my BP under controll, and playing and not working trying to remove junk !

[Ripley]

my thoughts

Actually, it nice to hear your thoughts and those "in the know" on these subjects.  It's helpful.

sorry for being so long winded

There are those that are in a learning mode that relish the long winded replies that I for one can appreciate.

I personally have to added learning XP to my list but it's coming along.  I don't know how long I bounced between the documents and settings folder trying to figure out the difference between "computer settings" and user settings.

For instance,

some programs install in all user, some in admin, some in where it was installed and you can't easly controll that ! ( you can look through the expanded windows folder and see

ewido works for all, but A2 is in admin only

I have Ewido Security Suite and when I look in all users, admin, and my limited account docs & settings folders I don't see Ewido at all.  That's what thru me, but when I look at an Ewido log I can see multiple profiles scanned, thank goodness.  Which is what I'm trying to ascertain.

And "default users" well, that's for another thread, but what the heck is default user??

Brynn and Mitch, this was still the best quote of this whole thread

have you tried to
in user

right click the user shortcut and select "run as " and select admin and password  and run...(whatever program needs admin rights)

As currently I am the only person using this computer, but I am boogled by reading the stories of infected computers which are actually parents with kids/teenagers, that have MULTIPLE user accounts. And the associated computer management issues with this.  So many of the infected computers I'm reading about often contain knowlegable parents who just don't have the time or the know how to place contols on a system with multiple user accounts.  :soapboax: I haven't frequent them but I'm sure there are forums out there that have dedicated forum categories/threads to parental controls.
Getting back to my topic, I chosen to create multiple user accounts,
#1 Based on Mitch's suggestion, and that it's "safer" to surf in a limited user account(less chance of baddies getting in), especially if you are using Internet Explorer as your primary browser.
#2 For me, to learn more about XP.
#3 Because SO many of the poeple I know have created multiple accounts and yet are floundering when it comes to computer security of those multiple accounts.

I guess it comes back to age old story of the computer saavy dealing with the computer naive...and for those of you in the know, all I can say is you have the "patience of Job" and how appreciative us newbies are of the advantage of forums like Landzdown.

In honesty, the reason I started this topic was cuz I'm lazy.  Now that I've created multiple user accounts, and I had an idea that I had a good computer security plan, I read stuff like

so you won't find a list of easy rules or what will and wont run

I wanted easier answers.  But what I'm figuring out is that better computer security depends on MY taking alittle more time to come back to this subject and learning something like

so you won't find a list of easy rules or what will and wont run
but that "problem" is what is keeping you safer when you are on the web playing !

Brynn A-2 is here http://www.landzdown.com/index.php?topic=237.0
and AdAware is here http://www.landzdown.com/index.php?topic=235.0

[mitch]

ok one other thing i have discovered as a admin/user person ;-)

yes i have admin and user and i am the only person here outside of bobby ( and he can't type with his paws)
i have a folder called "stuff"
and use it occasionaly for logs and such. if i put a aaw log there i can view that log in admin ( if created in user) and such , it is a easy way for me to exchange data between user and admin if needed )

having something sitting on my desktop of user is hard to go surfing my drive to find it when i am logged in as admin

i don't think it is too hard to figure out the user/admin thing

set up the user for surfing and mail and the good security in admin ( but installed in user so i can go there and run and clean easly if needed)

and when i say right click the shortcut and log in as admin...well it still needs admin name and password ! so if you have a secure password little people arn't going to crack it ;-)
and you do have your admin account with a password?
and backed up on a floppy ?????????
hint...
http://members.accessbee.com/mitch/small_documents/XPRecoveryDisk.html

[Ripley]

Hey Mitch, or anybody,

your admin account with a password?
and backed up on a floppy ?????????
hint...
http://members.accessbee.com/mitch/small_documents/XPRecoveryDisk.html

Can you create an XP Recovery disk on on CDROM?
Or can it only be a floppy?

[mitch]

sorry but all the looking i did was for floppy

i always still get a floppy on my computers as still usefull for a few things

now you MIGHT be able to use a usb floppy but i am not sure if the usb drivers are loaded yet at that part of the boot?

and my last trick is i have a admin called "ghost" with no password on my system for in case someone has messed up my admin password i can get into "ghost" and correct things ;-)

[Brynn]

Wow mitch, thanks for all the great info!
Sorry I've been a bit scarce, since my last reply in this thread.
Like ripley, I'm so grateful for the help and support of the more savvy and experienced members (geek or not!); I really treasure every comment I read from such professionals.  And I also must admit to wanting a list of rules (simple or not), although I can't really say it comes from laziness, for me.  However, this does shed some light on something that's been both confusing and frustrating for me, regarding the internet and tech support in general.

I don't know, maybe I'm just "old school", as they say :wink:  I've only had a pc and internet access for a few years, but I've been aware of, and understood the general idea of computers and the internet since college (in the late '70's).  :idea: Yeah, or maybe "old flower child" :flowers: would be apropos :mrgreen:  LOL!  Because my understanding of the original concept of the internet (or www?), as a medium, or tool, for facilitating the uninhibited free-flowing exchange of information, is very much like the idealism that I associate with the 60's generation....or maybe the concept of 'community', at its most basic, ie -- give whatever you can, take whatever you need, everything will balance out in the end.  (I realize that many folks consider this to be a naive perspective....so call me naive :roll:, and read on :lol:)

So when I first came to the internet, I expected an abundance of websites and forums whose goals are to help people.  And not just offering computer classes and technical support, but educational content for everything imaginable.  I expected people to be offering these things out of the goodness of their hearts, simply because they want to help others, and asking nothing in return!  Once I managed to learn how to work my computer, and I got to the internet, I was shocked and dismayed at the blatant commercialism!  Instead of teaching everything imaginable, people are using the internet to sell everything imaginable!  (as I said...call me naive :roll:....)

However, despite all the commercial pollution, up until the last few months, I still believed this free educational content must exist, and that I have just not found it, or learned enough to find it yet.  But I was becoming increasingly frustrated at the apparent lack of content and support for beginners.  I definitely find plenty of educational info available (witness LzD)...just precious little designed to assist rank beginners.  But given my belief that such content and support are inherent aspects of the internet, my frustration has lately been changing to anger....until now.

I don't think I can really verbalize entirely how this belief began to change for me.  Part of it is the realization that I'm no longer a mere novice, but perhaps have reached the level of an intermediate- or advanced-beginner...all on my own, without yet having found the educational material which I thought was part and parcel of the internet.  And mitch's and ripley's comments in this thread have really gelled this new concept for me -- it's not just this limited user account for enhanced security, for which there is "no list of easy rules" or instructions.  Indeed, I'm beginning to think it's more the exception than the rule, that any given computer issue will have clear-cut rules.

So, talk about long-winded!  Anyway, it's just...when you hear things like "it's all ones and zeros", and you begin to understand the concept of "digital"...well, maybe not "you", but I think, everything about computers must be very structured, regimented, and ultimately, clear and understandable...ie - rules and list for everything imaginable.  But mitch's and ripley's comments in this thread have really reinforced for me the notion that information, educational content and/or tech support are not necessarily available for every issue that one might encounter, in teaching oneself computer literacy/proficiency.

And why am I posting this discourse?  Partly to explain myself.  Not so much an apology, for everyone has their own learning curve ;)   But just to shed some light on my original motivation here at LzD.  This new understanding of the nature of computers and internet, will undoubtedly affect my use of all support forums -- hopefully resulting in more thoughtful requests for help...more patience with complex, yet helpful, replies...to name a couple of potential adjustments.  And partly in case there may be other members who might benefit from reading/hearing my thoughts, perceptions, and experience.

And finally getting back to the topic of this thread:

"using different users can be a "black art""

I hope by this, mitch, you mean that not many people actually use the limited user account as a security measure, or that it's not widely understood as such...as opposed to there being something dark and unnatural about it?

Oh, Windows Explorer, yes I know what that is.  I just have never heard it called an "expanded windows folder".  I normally make fairly heavy use of it, and not sure it will help me understand, since I may have moved a program to another folder, besides where it was installed.  ...or am I still missing your point?  In my C drive, I have Owner (the admin), Brynn (the new limited user), and All Users.  But all the security programs are in All Users.  Is that what you would expect?

Well, the bottom line, I do understand, is that I have to dig into each program's documentation, to find out how it treats the limited user accounts -- not just in regard to what it scans, or from where; but also in regard to dl-ing and installing.  And I do understand that they are all different in this respect, or mostly different.

"on anti-crapware i usually give the user admin powers before i download the program ( say aaw) and install in the admin account and give it a shortcut"

2 Qs on this comment:
---  I'm not sure what you mean by "...give the user admin powers...".  Are you talking about a different process than switching users, or in other words, a different process than logging out of user and logging in to admin?  Oh!  Or is this the "right-click > Run as admin" trick you mentioned?
---  "...give it a shortcut"  Give it a shortcut...from the limited user account?

Ok then, for whatever it's all worth, end of reply :D
Thanks for your patience,
especially mitch and ripley, and also everyone else who reads all this!

[Ripley]

Brynn,
Quite alot said here...your

thoughts, perceptions, and experience.

One comment came to mind with

there is "no list of easy rules" or instructions.  Indeed, I'm beginning to think it's more the exception than the rule, that any given computer issue will have clear-cut rules.

If there were 2 exact computer systems that started w/ the same exact software, but 2 different users, over time those systems would operate differently.  Maintained differently, organized differently, etc.  The variables are endless if you add internet, new peripherals, or any of the thousand options available to users.  Thus the rub for a goal of clear cut rules.  And the difficulty for a newbie to learn about maintaining/operating their computer, because it just takes time & attention to your computer, and it's hard to find the time to learn all ya want to know.  But it would appear that you've gained some insights here at LzD, as have I.

And then you read some threads in these forums...and you are reminded all that you don't know!  :tease: