SuRun - No more permanent Admin

[Fract504]

Hello,

I would like to remind everyone here of a neat program called SuRun (for Windows 2000 and later).
It allows to work with non-admin rights in Windows and just launch apps that need admin rights when required.
(The cool thing is it is executed with admin rights, but uses the logged in users context/environment).

A good review in english can be found here:
http://www.dedoimedo.com/computers/surun.html

The program itself is located here:
http://kay-bruns.de/wp/software/surun/#8

For me this program is THE missing piece in Windows XP! Every security aware user should use it.
It is in permanent development and gets just better every time. Did I mention it is OpenSource?  
The problem when working permanently as an admin user is that a virus might be executed in the users context.
If the virus is new and undetected by any mechanism, it might destroy the system when the logged in user is a local admin.
SuRun to the rescue!

[George Yves]

For me this program is THE missing piece in Windows XP! Every security aware user should use it.

Wrong! Admin rights mustn't be executed by anybody except admins themselves. Admins are the people who establish security rules and ANY user MUST strictly follow them. This program must be classified as a malware.

[Fract504]

I think you got me wrong. Have you even read the review and understood how it works?

This program is certainly not for use for "normal" users, but for powerusers who are knowing what they are doing.
There are even options to only allow certain users the usage of the program. Or define rulesets.

The whole idea is that even "admin users" should not be logged in with local administrator rights. The "admin users" should know when they need admin rights and then "selectively" start programs with elevated privileges.

Got the clue?

The problem is that most users still run with administrative priviliges in Windows, because some programs only run correctly with administrative rights (e.g. Acronis TrueImage). With SuRun the user would not have to be in the local adminstrators group anymore, but could work securely as a normal Users. When he needs to launch a program that would not work with normal user rights, SuRun allows him to run this program with elevated priviliges.... Just read the review to get the idea.

[Lisandro]

George, the program is safe to use and will enhance security (if corrected used).
It's the Linux "sudo" in Windows and, imho, it's more secure to run this way than just the admin account with DropMyRights, that work in the opposite way of SuRun.

[Fract504]

Hi Tech!

You got it right! (As I expected of course!)

[George Yves]

George, the program is safe to use and will enhance security (if corrected used).

Sorry, Tech, but I can't agree with "if correctly used". Who will control usage of this program? Admin rights can't be used by any users and especially by "powerusers who are knowing what they are doing". I would reword a Russian saying: your admin is your king, your god and your war chief.

[Lisandro]

George, the program is safe to use and will enhance security (if corrected used).

Sorry, Tech, but I can't agree with "if correctly used". Who will control usage of this program? Admin rights can't be used by any users and especially by "powerusers who are knowing what they are doing". I would reword a Russian saying: your admin is your king, your god and your war chief.

George, some operations need admin rights. Some common operations, daily use requires it, so people use Windows with admin rights. Vista "solves" this with UAC but even in this situation, people allow what they shouldn't. Sudo and UAC have similar conceptions. It's safer to use Windows without admin rights, so use SuRun. But it's not bullet proof, the user (or the malware) can do almost anything with admin rights. What we're questioning is that you're saying SuRun is a bad tool, which we think it's not.

[George Yves]

What we're questioning is that you're saying SuRun is a bad tool, which we think it's not.

Sorry again, Tech, but for me the issue is clear: using SuRun is the same as paying with forged checks.

[Lisandro]

Sorry again, Tech, but for me the issue is clear: using SuRun is the same as paying with forged checks.

So, use XP with admin rights and *any*, completely *any*, action will be roll up paying with forged checks...
There is no option, better, easy option, or you're the admin and could mess, or you try to minimize the XP security issues... Vista tried to follow up this with UAC...

[micky77]

using SuRun is the same as paying with forged checks.

Have a read of this link from wilders, before making hysterical comments

http://www.wilderssecurity.com/showthread.php?t=196737&highlight=surun

[Fract504]

Just for Info:

Version 1.2.0.7 has been released!
Link: http://kay-bruns.de/wp/software/surun/#8

It's now also Windows 7 Compatible. Remember:
Only a non permanent local admin user is a more safe user 
Let SuRun help you