Author Topic: DavidR was right all along!  (Read 9043 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
DavidR was right all along!
« on: February 11, 2008, 12:16:14 AM »
Hi malware fighters.

The majority of users, even here on the avast web forum choose to log in using a full admin rights account on their computer, but to log in with limited rights brings you a lot of benefits. Roger Grimes, that snarled once at the protective actions of Windows Vista's UAC, now mentions four large benefits working with limited user rights.

One -  you are protected against 90% of to-day's malware. "Miscreants can code around this if must be, but loads of malicious programs cannot run on a machine with limited rights.

Second - It is much, much harder for malware to make changes to your system that way. Even in user-mode malware can do quite some form of damage, but not being able to manipulate the system offers a form of added protection that users with full admin rights have to go without.

Third - It is harder for malware to hide for av-software and forensic experts and malware fighters. "Malware that has full access to the OS can hide as a rootkit, hide in memory more easily or use other obfuscating techniques."

Four - So using  limited rights helps malware fighters to take care of the rest of your defenses better, that is why it is desirable and necessary to follow this practice. The castle with four gates is less easy to be defended as one with just one single gate to watch.

polonus
http://members.cox.net/ownt/unite.jpg
« Last Edit: February 11, 2008, 04:03:44 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48611
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: DavidR was right all along!
« Reply #1 on: February 11, 2008, 12:24:08 AM »
Full information on how it's done are available at:
http://forum.avast.com/index.php?topic=16849.msg241232#msg241232
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89215
  • No support PMs thanks
Re: DavidR was right all along!
« Reply #2 on: February 11, 2008, 12:28:33 AM »
I have my moments ;D
I recognised this prevention of malware inheriting the permissions of your account, either elimination or limiting potential damage.

For those without Vista and UAC there is DropMyRights.

You might also consider proactive protection, in order to place files in the system folders and create registry entries you need permission. Prevention is much better and theoretically easier than cure.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can't put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP. Check Bob's post, for setup instructions and importantly the dropmyrights.msi file needed as MS no longer promote DMR now Vista is out.

But if possible run as a limited user in preference to using an account with administrator privileges.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: DavidR was right all along!
« Reply #3 on: February 11, 2008, 12:35:27 AM »
Hi DavidR,

When I got the computer that I write this posting on now, I thought of your advice, and this is what I did. I created two accounts on this machine, one with full admin rights with SafeXP just to do my patches and updates, and a second one with normal user rights (so limited rights) and SafeXP for my Internet Activities etc. Believe me, I would do it again,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Go Pack Go

  • Guest
Re: DavidR was right all along!
« Reply #4 on: February 11, 2008, 11:17:39 PM »
I have my moments ;D
I recognised this prevention of malware inheriting the permissions of your account, either elimination or limiting potential damage.

For those without Vista and UAC there is DropMyRights.

You might also consider proactive protection, in order to place files in the system folders and create registry entries you need permission. Prevention is much better and theoretically easier than cure.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can't put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP. Check Bob's post, for setup instructions and importantly the dropmyrights.msi file needed as MS no longer promote DMR now Vista is out.

But if possible run as a limited user in preference to using an account with administrator privileges.

So are Vista users protected who have UAC enabled on an administrator's account?  And when malware would try to install, would that envoke a UAC elevation prompt, or would you not even know it happened?

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89215
  • No support PMs thanks
Re: DavidR was right all along!
« Reply #5 on: February 11, 2008, 11:48:56 PM »
UAC is supposed to limit permissions even in administrator accounts I believe. The problem being we are still seeing lots of Vista users getting infected, so unless they all have UAC disabled, it isn't as good as it is made out. Unless UAC doesn't protect accounts with administrator permissions.

So a limited user account wouldn't have permission by default even if the UAC didn't work. That is my understanding but I don't use Vista.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: DavidR was right all along!
« Reply #6 on: February 11, 2008, 11:56:12 PM »
The main problem I have come across with Vista is - and I quote" I got fed up with that uac pop up thing so I turned it off ".  Hmm wonder how they were infected 

Go Pack Go

  • Guest
Re: DavidR was right all along!
« Reply #7 on: February 12, 2008, 12:00:06 AM »
The main problem I have come across with Vista is - and I quote" I got fed up with that uac pop up thing so I turned it off ".  Hmm wonder how they were infected 
So would malware envoke a UAC prompt, or would you not know it tried to install?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: DavidR was right all along!
« Reply #8 on: February 12, 2008, 12:02:58 AM »
It will invoke the UAC and if you see one pop up when you surf it does stop you in your tracks, but of course there is still the PBKAC.  Click happy   

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48611
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: DavidR was right all along!
« Reply #9 on: February 12, 2008, 01:37:19 AM »
UAC draws your attention to anything new happening to your system.
Pretty much the same WinPatrol does.

If you simply allow the new process or installation without knowing exactly what your allowing.
UAC or WinPatrol or anything else you use to alert you is useless.

The user is still his/her worst enemy.  :'( :'(
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89215
  • No support PMs thanks
Re: DavidR was right all along!
« Reply #10 on: February 12, 2008, 04:47:18 PM »
<snip>
The user is still his/her worst enemy.  :'( :'(

As essexboy said PBKAC, there are so many things within the users control, unfortunately most don't really know what response to give when one of these pop-ups appear.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: DavidR was right all along!
« Reply #11 on: February 13, 2008, 12:03:11 AM »
You mean DavidR can be wrong??  :o  :o  NO Way!! I've learned a great deal from him.

What bothers me is when you go to some Vista forums the first thing some of the regulars tell new people is to turn UAC off, making Vista even less secure than XP.
« Last Edit: February 13, 2008, 12:05:03 AM by marc57 »
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: DavidR was right all along!
« Reply #12 on: February 13, 2008, 12:16:06 AM »
Hi marc57,

And that is why the situation at hand (very, very profitable for some) will continue to exist, you have seen yourself that without the free possibilities for system change and an updated Sun Java version (older versions manually removed) we would not have the "virus and worms" flooded with Win32:BHO-KD and Win32:TratBHO infections as well as the latest vundo malware, where av-vendors can detect but not offer any full remedy, and essexboy, oldman, mauserme and little old me have their hands full with cleansing routines. If users would use secure, safe practices we could go back to crap cleaning and deleting temporary files,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89215
  • No support PMs thanks
Re: DavidR was right all along!
« Reply #13 on: February 13, 2008, 05:03:11 PM »
You mean DavidR can be wrong??  :o  :o  NO Way!! I've learned a great deal from him.

What bothers me is when you go to some Vista forums the first thing some of the regulars tell new people is to turn UAC off, making Vista even less secure than XP.

How do you think I learn, by making mistakes, learning from them and try not to repeat them.
But, I wouldn't go so far as I am never wrong, it happens to everyone and I'm no different ;D
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Lusher

  • Guest
Re: DavidR was right all along!
« Reply #14 on: February 17, 2008, 01:05:41 PM »
DavidR invented the The Principle of Least Privilege and UAC?? Impressive..  ;D.