Do I Need a Password for My PC?

Hi guys.. I got 2 questions for security:

1) Someone said I need to set up my PC with 2 accounts - one admin and another for day to day use - with 2 different passwords or I can accidentally invoke a malware online that may control my PC via Remote Access methods. He says the malware can't guess my password. But I dont have a password when I boot up my PC. It boots straight to the desktop without one. I'm the only one who uses my PC. Is this what they mean by having a password?

2) He also said that Windows Memory isolation and CPU guard in Windows Security Center provide the same difference as Sand-boxing but with the convenience of not having to run additional software. Is this true?

This would be done via "Application Control"... Core isolation only protects Critical and High security processes. But once enabled it will also protect the system from Drivers induced errors. This is not extending to every processes in Windows, but is a very good and permanent shield to avoid core processes memory injections.

Funny fact, is that OS2/Warp had a similar memory management model implemented system wide natively back in the 2ks...

Hello
If your concern about the password is only malware related, I would say you don't need a password. Regarding the two accounts, that is how the system is setup. There are user accounts and an admin account, admin does not show by default but can be activated. There is also a guest account you can activate to let friends or others use your PC , away from your account.

Yes but, the problem is not password related... But Privilege elevation related. A standard user will not be allowed elevation but an admin will, if a malware can use your account... Password or not. It will gain elevation... or not. Based on your group membership...

But many malware can elevate a process under any condition too. So this becomes soon enough more of a user tempering protection, than a malware / Virus protection.

But Once elevated... Core isolation will prevent the "Core" running system processes from being tempered with.

You can try a couple ram dll injectors if you want... The injection succeed With elevated privileges but the changes are just for this iteration of the program... All other processes using the same dll are left intact... Coolest thing there is only one copy of the dll in ram...

But when the code executes Windows blocks the "corrupted" instance to alter the system... Cheerful.

Thanks @cereberus, my point was, on a personal computer you don't need two accounts. There is an admin account that can be used if necessary. I was not aware of the lack of a guest account, it makes sense, Microsoft like to know who is using their software lately.

My laptop boots straight to desktop without requiring a password also. It's because I have deliberately chosen to set it up in this way. I, too, am the only user, and I do not use separate accounts. Using two separate accounts (one that is a standard user, one that is an administrator) just would be too much hassle for me, as I regularly run programs and tasks that require admin privileges, and, ever since I tried Windows Vista, I have been hating the UAC prompt with a passion. For my most frequently used programs/tasks that require it, I have set up a task in Task Scheduler with the "Run with highest privileges" checkbox checked, i.e. to effectively bypass this "User Aggravation Custodian" prompt each time when it would otherwise slow me down, reptitively during my workflow that also is characterised by my own personal need to be able to continuously focus my attention on things. So, I use an administrator account, simply because I consider myself more capable to administer my own laptop, that I myself have bought, and own, more so than anyone who works for Microsoft. If I want distractions, I'll watch an action movie with lots of gunshots, splosions and an epic car chase.

That said, I have turned off Core Isolation and Fast Boot. Romex Software Primo Ramdisk needs them to be off so that's why. One of the main important reasons why I use a Ramdisk with Dynamic Memory Management is because my 2TB Samsung 980 Pro's NVMe speed is limited to only 3400MB/s by my laptop's PCIe 3.0 bus. Primo Ramdisk really puts the "Plus" in Sandboxie-Plus:



As for your question of whether Core Isolation is the same as using a sandbox. Nah. Sandboxie-Plus offers two (or three or four or five) boatloads of extra features that put you wonderfully in control of what gets isolated from where (and when)─as opposed to the aggravation custodian from Microsoft and its pinheaded minions. lol