Author Topic: Nice link for DavidR............. (Read 7387 times)

polonus · « **on:** March 21, 2008, 01:55:57 AM »

Hi malware fighters,

For those who want to run their XP account as nonadmin:
http://nonadmin.editme.com/

The facts:
    Total    Processes     Files     Registry
Windows 2000 SP4
User     1     0     1     0
Administrator     19     3     503     2,500
Windows XP SP2
User     0     0     0     0
Administrator     16     20     400     2,774

polonus

DavidR · « **Reply #1 on:** March 21, 2008, 03:56:34 PM »

Yes a nice site in explaining why you should consider using a non-admin account. Though much of it dates from 2005/2006, it is still relevant, but some of the tools mentioned namely DropMyRights are no longer available (except in Bob's shared files).

But from my brief reading (though it is a large amount of information, etc.) of it is is suggesting using a limited user account (can use MakeMeAdmin), which many won't want to do (limited user account) and without DMR it leaves them more open.

bob3160 · « **Reply #2 on:** March 21, 2008, 04:14:30 PM »

Quote

but some of the tools mentioned namely DropMyRights are no longer available (except in Bob's shared files).

For those interested, you'll find every thing you need on this subject at:
http://mysharedfiles.no-ip.org/DropMyRights/

lee16 · « **Reply #3 on:** March 22, 2008, 04:09:08 PM »

Its important to understand that having a Limited User Account doesn't mean your completely protected from malware, it mearly limits the chance of infection, so in light of this, i would like to suggest people also read this interesting article: http://www.prevx.com/blog/83/Is-Limited-User-Account-enough-Not-really.html

--lee

DavidR · « **Reply #4 on:** March 22, 2008, 04:50:36 PM »

It doesn't limit the chance of getting infected as people will still be visiting the same sites and doing the same things and the black hats will still be trying to infect you by whatever means. All it does is limit the potential for damage, by not allowing files to be placed in system folders and creating registry entries (outside of the HKEY_CURRENT_USER registry area) to run malware on boot , etc.

I don't say it will stop you getting infected, just reduce the potential and then you are looking at whatever other security tools you have for back-up. Then if the worst comes to the worst you have to have a back-up and recovery strategy to haul you a** out of the fire if need must.

bob3160 · « **Reply #5 on:** March 22, 2008, 05:07:42 PM »

Quote

I often read on online boards how many people are saying that using a Least-Privilege User Account (or Limited User Account, LUA) can prevent you from being infected by any kind of malware.

While this is a true statement and, indeed, this should be the way to go for a number of reasons which I'll explain a bit later, the truth is that using a Limited User Account doesn't save you from every kind of infection.

I highly doubt that any of us ever advocated that using a "Limited User Account" would be the cure-all in
preventing infections.
This is just one more smart move in attempting to keep your system clean.
This should be used in conjunction with the other prescribed programs like avast! and a good firewall
and a good spyware screening tool a good root kit remover etc.

lee16 · « **Reply #6 on:** March 22, 2008, 06:07:07 PM »

You seem to of misunderstood, my fault completely for not explaining myself fully.

The statement for meant for less "computer savvy" users, i have met (and read about online) people who seem to believe that dropping your rights meant you could slack on scanners etc.
So i just felt mentioning it and leaving a nice link (that i feel should be shown to all who use LUA's) for reference, sorry for any offence, it as not my intention $:-\$

--lee

Lusher · « **Reply #7 on:** March 22, 2008, 07:52:38 PM »

Quote from: DavidR on March 22, 2008, 04:50:36 PM

It doesn't limit the chance of getting infected as people will still be visiting the same sites and doing the same things and the black hats will still be trying to infect you by whatever means. All it does is limit the potential for damage, by not allowing files to be placed in system folders and creating registry entries (outside of the HKEY_CURRENT_USER registry area) to run malware on boot , etc.

I don't say it will stop you getting infected, just reduce the potential and then you are looking at whatever other security tools you have for back-up. Then if the worst comes to the worst you have to have a back-up and recovery strategy to haul you a** out of the fire if need must.

Indeed.

polonus · « **Reply #8 on:** March 22, 2008, 08:12:19 PM »

Hi malware fighters,

There is no real panacea where malware is concerned. Staying out of harm's way should be the result of various measurements taken to come to running considerably reduced risks of getting infected.
What we discussed is one form of enhancing your security. I for one use this:
http://www.theorica.net/safexp.htm
Know where the malware vectors come from and try to get protected against it. And know the danger is growing malware doubled over the last year, and the situation is growing worse....
One thing can be said however and I hope everyone agrees Windows as it comes out of the box is dangerous, and still there are a lot of users unaware of this fact.

polonus

bob3160 · « **Reply #9 on:** March 22, 2008, 10:31:19 PM »

Quote

Windows as it comes out of the box is dangerous

Just remember, this doesn't only apply to the Windows operating systems.

lee16 · « **Reply #10 on:** March 22, 2008, 10:43:45 PM »

Quote

It doesn't limit the chance of getting infected as people will still be visiting the same sites and doing the same things and the black hats will still be trying to infect you by whatever means. All it does is limit the potential for damage, by not allowing files to be placed in system folders and creating registry entries (outside of the HKEY_CURRENT_USER registry area) to run malware on boot , etc.

I'm sorry but i feel i must respectfully disagree here, having a LUA will limit the infection because it reduces (limits) the scope of the infection/problem.
The point i was trying to make is thats its not unbeatable, just harder to exploit/infect and spread.

You can say i don't know what I'm talking about here, but i feel i do. (no offence intended)

Quote

Just remember, this doesn't only apply to the Windows operating systems.

Correct, nothing is truly safe, just harder to "get at" it.

DavidR · « **Reply #11 on:** March 22, 2008, 11:05:05 PM »

Quote from: lee19 on March 22, 2008, 04:09:08 PM

Its important to understand that having a Limited User Account doesn't mean your completely protected from malware, it mearly limits the chance of infection, so in light of this, i would like to suggest people also read this interesting article: http://www.prevx.com/blog/83/Is-Limited-User-Account-enough-Not-really.html

--lee

Quote from: lee19 on March 22, 2008, 10:43:45 PM

Quote
It doesn't limit the chance of getting infected as people will still be visiting the same sites and doing the same things and the black hats will still be trying to infect you by whatever means. All it does is limit the potential for damage, by not allowing files to be placed in system folders and creating registry entries (outside of the HKEY_CURRENT_USER registry area) to run malware on boot , etc.

I'm sorry but i feel i must respectfully disagree here, having a LUA will limit the infection because it reduces (limits) the scope of the infection/problem.
The point i was trying to make is thats its not unbeatable, just harder to exploit/infect and spread.

It doesn't limit the chances you are going to get infected that is largely down to your browsing habits and what you may bump into. For instance, like the earlier hack of the forum, a chance of getting infected and sites are getting hacked all the time. This is entirely different to limiting the potential damage.

Limiting the chances of getting infected is entirely different, you can do that without a limited user account or DMR, etc. By keeping your OS, security software up to date, your choice of browser, extensions, using link checkers, exercising safe hex, common sense, etc. All of these limit the chances of getting infected, without using a limited user account, but they won't limit the potential damage if anything gets by those defences

lee16 · « **Reply #12 on:** March 22, 2008, 11:17:09 PM »

Quote

Limiting the chances of getting infected is entirely different, you can do that without a limited user account or DMR, etc. By keeping your OS, security software up to date, your choice of browser, extensions, using link checkers, exercising safe hex, common sense, etc. All of these limit the chances of getting infected, without using a limited user account, but they won't limit the potential damage if anything gets by those defences

This is actuary the point i was trying to make, guess i didn't do to well, o well i never claimed to be good with words

--lee

Lusher · « **Reply #13 on:** March 23, 2008, 06:12:07 AM »

Quote from: lee19 on March 22, 2008, 10:43:45 PM

Quote
It doesn't limit the chance of getting infected as people will still be visiting the same sites and doing the same things and the black hats will still be trying to infect you by whatever means. All it does is limit the potential for damage, by not allowing files to be placed in system folders and creating registry entries (outside of the HKEY_CURRENT_USER registry area) to run malware on boot , etc.

I'm sorry but i feel i must respectfully disagree here, having a LUA will limit the infection because it reduces (limits) the scope of the infection/problem.
The point i was trying to make is thats its not unbeatable, just harder to exploit/infect and spread.

Actually DavidR overstates his point in his attempt to defend the usefulness of LUA against the points made in the article...

Running with LUA has two benefits

1) Some infections attempts will totally fail (e.g attempts that require "root", kernel rootkits)

2) "Limit potential for damage" - Infections that work fine without using admin rights, but such infections are limited and are easier to detect and remove because they are user-mode (worse case scenario, just delete the account). An admin account that is infected is always more dangerous....

The article merely points out that (1) while true is often over-stated. But reading this thread, one might get the impression that (1) isn't true at all...

Quote

You can say i don't know what I'm talking about here, but i feel i do. (no offence intended)

Well of course you don't know what you are talking about.. You are new here...and not an avast-evanglist

polonus · « **Reply #14 on:** March 23, 2008, 01:37:53 PM »

Hi lusher,

How can you say such a thing, that people don't know what they talk about? I think lee19 has loads of potential for this forum, he is eager to know and learn, and I am sure he will be one of our malware fighters one day. Lusher, when you were in your cradle you too was tabula rasa, and at that point was a complete n00b. Better start and help to instruct people, inspire people, and do not criticize.. discuss rather. Happy Easter to you,

polonus

Author Topic: Nice link for DavidR............. (Read 7387 times)

polonus

Nice link for DavidR.............

DavidR

Re: Nice link for DavidR.............

bob3160

Re: Nice link for DavidR.............

lee16

Re: Nice link for DavidR.............

DavidR

Re: Nice link for DavidR.............

bob3160

Re: Nice link for DavidR.............

lee16

Re: Nice link for DavidR.............

Lusher

Re: Nice link for DavidR.............

polonus

Re: Nice link for DavidR.............

bob3160

Re: Nice link for DavidR.............

lee16

Re: Nice link for DavidR.............

DavidR

Re: Nice link for DavidR.............

lee16

Re: Nice link for DavidR.............

Lusher

Re: Nice link for DavidR.............

polonus

Re: Nice link for DavidR.............