Browse here to view the paper titled “Applying the Principle of Least Privilege to User Accounts on Windows XP” – it give a good explaination of how to reduce the amount of time both you and your users need to be logged in with Administrative privileges. I think it’s pretty well accepted that running as admin is generally a bad idea from a security perspective as any code you run (either deliberately or accidentally) will also run with privilege – this is often the route that malicious software uses to exploit machines.
Think about Browser Helper Objects (BHO) for a moment. These are effectively ActiveX style extensions that can be installed into Internet Explorer to provide additional browsing features and interface richness. IF YOU’RE running with admin privileges BHOs can be silently installed on your system – there are plenty of malicious BHOs out there. If you visit a site that has malicious (or safe) BHOs then they’ll fail to install if you’re running as a regular user.
This approach of running with less privilege will get much easier with Windows Vista but in the meantime it’s important to learn how to adopt the principle of least privilege for Windows XP.
Work with your in house developers to encourage them to develop with least privilege too as that way the code they write is more likely to be able to operate with least privilege too.