Privilege Deescalation with Firefox
or, Using Runas to get Limited User Credentials Instead of Administrator Credentials

For those of you regularly running Limited User Accounts on Windows, good on you for taking the right step towards keeping your machine from becoming a spam zombie.

Here's a handy trick I use to deescalate the privileges of Firefox whenever I'm running as Administrator:

Let's say you have two accounts, 'admin' and 'normal':

Using PortableApp's version of Firefox, create a shortcut to the Firefox application.

Now prepend the following to your shortcut's command line:

runas /user:normal ...

Now when you start the app, it will run using your Limited User credentials. This will be somewhat annoying, because it will ask for your password. However, running the App as a Limited User means that it is sandboxed against accessing or modifying files belonging to the system or to Administrator users. It cannot install applications and therefore, your risk of falling victim to a drive-by browser attack is limited.