RE: Why Programs get written to need admin priveleges.

From: Laura A. Robinson (larobins_at_bellatlantic.net)
Date: 09/16/03

Next message: Laura A. Robinson: "RE: Disabling sharing and group policies"

Previous message: Tim Fritch: "RE: Disabling sharing and group policies"
In reply to: Mark Kovacic: "Why Programs get written to need admin priveleges."
Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Why Programs get written to need admin priveleges."
Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Why Programs get written to need admin priveleges."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Mark Kovacic'" <Mark.Kovacic@barrsystems.com>, <focus-ms@securityfocus.com>
Date: Tue, 16 Sep 2003 10:35:19 -0400

And in those cases, it's still possible to adjust without requiring
administrative rights on the machines in question. The Application
Compatibility Toolkit is designed specifically for these situations, or the
modifications can be performed (semi) manually.

Laura

> -----Original Message-----
> From: Mark Kovacic [mailto:Mark.Kovacic@barrsystems.com]
> Sent: Monday, September 15, 2003 11:49 AM
> To: focus-ms@securityfocus.com
> Cc: Alexander Suhovey
> Subject: Why Programs get written to need admin priveleges.
>
>
> As a programmer I can perhaps address the slightly off topic Question.
>
> I work primarily in the windows arena, so my comments are
> specific to there.
>
> Usually when a program requires high permissions to run, it's
> either because the programmer didn't have time to research
> the necessary work arounds, or as is more common, the OS
> requires that level of permission for some aspect of what the
> application is doing.
>
> Mark Kovacic, Senior Systems Programmer
> Barr Systems, Inc. www.barrsystems.com
> 352-491-3100 Mark.Kovacic@barrsystems.com
>
> -----Original Message-----
> From: Alexander Suhovey [mailto:asuhovey@mtu-net.ru]
> Sent: Friday, September 12, 2003 12:36 PM
> To: 'Ansgar Wiechers'; focus-ms@securityfocus.com
> Subject: RE: Disabling sharing and group policies
>
> > I still don't see why you won't remove your users from the
> > local administrators' group and spare yourself the trouble.
>
> > I haven't run into a single application that couldn't
> > be persuaded to run with reduced privileges.
>
> [Sorry if it is offtopic...]
>
> Why administrators must pesuade some applications to run with
> reduced privileges anyway? I mean, why don't software
> developers care about that in first place? Isn't that strange
> when you must have Administrator privileges to just... Scan a
> picture? Write to CD? Whatever *not-administrative* tasks...
>
> Can you please point me to some public source of information
> about common ways to make an application to run under user
> privileges if it won't? As I understand, one should run some
> filemon- regmon-like tools to monitor application and then
> make resources needed by app to be available under user
> account. Is there any otner tips you can share?
>
> Thanks,
> Al.
>
>
> > -----Original Message-----
> > From: Ansgar Wiechers [mailto:bugtraq@planetcobalt.net]
> > Sent: Thursday, September 11, 2003 12:46 AM
> > To: focus-ms@securityfocus.com
> > Subject: Re: Disabling sharing and group policies
> >
> >
> > On 2003-09-10 Matthew Wagenknecht wrote:
> > > I'm looking for a solution to keep honest people honest..
> I will be
> > > monitoring the network for Everyone shares. If I find any,
> > I will know
> > > that it was intentional to circumvent the Group Policy. That way I
> > > don't have to deal with "I didn't know any better".. I'm
> > not looking
> > > for a DoD implementation.
> >
> > I still don't see why you won't remove your users from the
> > local administrators' group and spare yourself the trouble.
> > Please don't give me that old "our applications require this"
> > crap. I haven't run into a single application that couldn't
> > be persuaded to run with reduced privileges.
> >
> > Regards
> > Ansgar Wiechers
> >
> > --------------------------------------------------------------
> > -------------
> > KaVaDo provides the first and only integrated Web application
> > scanner and
> > firewall security suite that prevent Web applications
> > attacks, the most
> > common form of online exploitation. Download a FREE
> > whitepaper on Security Policy Automation for Web Applications.
> > http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
> > --------------------------------------------------------------
> > -------------
> >
>
>
> --------------------------------------------------------------
> ----------
> ---
> KaVaDo provides the first and only integrated Web application scanner
> and
> firewall security suite that prevent Web applications
> attacks, the most
> common form of online exploitation. Download a FREE whitepaper on
> Security Policy Automation for Web Applications.
> http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
> --------------------------------------------------------------
> ----------
> ---
>
>
>
> --------------------------------------------------------------
> -------------
> KaVaDo provides the first and only integrated Web application
> scanner and
> firewall security suite that prevent Web applications
> attacks, the most
> common form of online exploitation. Download a FREE
> whitepaper on Security Policy Automation for Web Applications.
> http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
> --------------------------------------------------------------
> -------------
>

---------------------------------------------------------------------------
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
---------------------------------------------------------------------------

Next message: Laura A. Robinson: "RE: Disabling sharing and group policies"

Previous message: Tim Fritch: "RE: Disabling sharing and group policies"
In reply to: Mark Kovacic: "Why Programs get written to need admin priveleges."
Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Why Programs get written to need admin priveleges."
Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Why Programs get written to need admin priveleges."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Why Programs get written to need admin priveleges.
... >>Why administrators must pesuade some applications to run with ... >>firewall security suite that prevent Web applications ... >>common form of online exploitation. ... >>Security Policy Automation for Web Applications. ...
(Focus-Microsoft)
RE: Limiting users on secific machines that are part of a domain
... firewall security suite that prevent Web applications attacks, ... common form of online exploitation. ... Security Policy Automation for Web Applications. ...
(Focus-Microsoft)
RE: Disabling sharing and group policies
... >> be persuaded to run with reduced privileges. ... >> firewall security suite that prevent Web applications ... >> common form of online exploitation. ... >> whitepaper on Security Policy Automation for Web Applications. ...
(Focus-Microsoft)
RE: windows update
... Subject: windows update ... firewall security suite that prevent Web applications attacks, ... common form of online exploitation. ... Security Policy Automation for Web Applications. ...
(Focus-Microsoft)
Re: Disabling sharing and group policies
... >> administrators' group and spare yourself the trouble. ... >> to run with reduced privileges. ... firewall security suite that prevent Web applications attacks, ... Download a FREE whitepaper on Security Policy Automation for Web Applications. ...
(Focus-Microsoft)