There's nothing to set up. You should increase the setting to maximum when you first install Windows 7, but other than that it has nothing to do with playing games online.
You should have a unique identifier (password) attached to authentication mechanism (UAC in Windows). So, Windows users should run as standard users. But, using a standard account in Windows causes issues with some software, such as some online games, that require admin accounts (or "run as administrator"; superuser) to function. Many online games on Windows 7 still require running as Administrator (superuser privileges) to function. This requires setting the "Properties" to allow "run as Administrator" or turning off UAC. This is risky as the games connect to remote servers and download content. Trojans are installed without authentication if accessed with superuser privileges. This example, using online games, shows the problem with how software is being written for Windows. This problem lead to
DLL hijacking exploits. You definitely need good antivirus software in Windows to more safely play games that require Administrator privileges.
The issue with online games found in Windows is not problematic on Mac OS X given that software for Mac is written following the guidelines of the
principle of least privilege more so than Windows software. For example, I have played online FPS games on my Mac with standard account privileges that require "run as Administrator" (superuser privileges) in Windows systems. Mac OS X is much better insulated from Malware.
Flash, Adobe, Java, etc. all have virtually identical issues under all three OSes. It's rare you see something that only affects one, unless it's a significantly different program.
Vulnerabilities in those components in Mac OS X are attributed as OS X vulnerabilities because OS X includes them by default so this artificially inflates the number of vulnerabilities in OS X when looking at vulnerability comparisons. These components have worse security in Windows. How these vulnerabilities manifest in Windows is through Internet Explorer.
Internet Explorer is worse because these components often have no security mitigations in Windows and disable the security of IE while these components only have lessened security mitigation in OS X. This problem with third party software in Windows is shown in this
article.
That article also makes it apparent that Windows does not have full ASLR given that a lot of software has DLLs that are not randomized. Mac OS X is criticized for not having full ASLR because the dyld is not randomized but dyld is directory of dylibs which are the Mac equivalent of DLLs. Luckily the
DLL hijacking issue in Windows is not a problem for Mac OS X.
Privilege escalation is required for virus install but browser exploits only allow for arbitrary code execution with user level privileges. Arbitrary code execution allows the attacker to take control over the vulnerable process with the level of privileges of the process which is usually that of the user (Safari has the current user's level of privileges). Privilege escalation is possible if a component (kernel or DLL) of the OS with elevated privileges is accessible by the compromised process but only if that component also has a vulnerability that is exploitable. Therefore, both the arbitrary code execution exploit and the privilege escalation exploit have to be linked together in a logical manner. This is the difficult part; finding a string of exploits. Given that such local exploits are rare for Mac OS X (only 4 in last 3 years and only 3 were in default components), the statistical odds of finding a working string of exploits for Mac OS X is not trivial; especially, when compared to the potential to find such strings in Windows, as shown by this
article and this
article..
Viruses, worms, and trojans that can be installed without authentication require privilege escalation. This is why malware on Mac is limited to trojans that require authentication.
