A Best Practice for XP and 2000 PC's is to use non-administrative accounts to surf the web with. Since adware, spyware, viruses, trojans, and worms all must update the Windows registry, a limited rights account (e.g., power users) can keep viruses from infecting a PC
. BEST PRACTICES: Safest way to surf with IEset up "limited" 2000/XP accounts http://inetexplorer.mvps.org/data/prevention.htm
Many IT professionals and users can't use limited access accounts. Administrator rights are needed anytime the Windows registry if updated. For example, this can occur when you install software, defrag, and even for some applications to work.
Still, if all you're going to do is surf the Internet and process email, a second "limited access" account will greatly enhance your protection against spyware, adware, hijackers, trojans, viruses, worms, etc. It only takes a few seconds to LOGOFF and switch accounts.
At home, parents could use administrator accounts with full rights while providing their children with their own accounts that have limited rights. This way if children accidently process an infected email or hostile web site URL, they will avoid extensive and sometimes expensive repair work.