Re: Why Programs get written to need admin priveleges.
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 09/17/03
- Previous message: RODDY, Dan: "RE: Why Programs get written to need admin priveleges."
- In reply to: Laura A. Robinson: "RE: Why Programs get written to need admin priveleges."
- Next in thread: RODDY, Dan: "RE: Why Programs get written to need admin priveleges."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 17 Sep 2003 12:00:30 -0700 To: larobins@bellatlantic.net
There is a tool in the subscriber section of PcMag called inControl5
that assists in this process of determining the modifications.
http://www.sans.org/rr/papers/5/79.pdf
Laura A. Robinson wrote:
> And in those cases, it's still possible to adjust without requiring
> administrative rights on the machines in question. The Application
> Compatibility Toolkit is designed specifically for these situations, or the
> modifications can be performed (semi) manually.
>
> Laura
>
>
>>-----Original Message-----
>>From: Mark Kovacic [mailto:Mark.Kovacic@barrsystems.com]
>>Sent: Monday, September 15, 2003 11:49 AM
>>To: focus-ms@securityfocus.com
>>Cc: Alexander Suhovey
>>Subject: Why Programs get written to need admin priveleges.
>>
>>
>>As a programmer I can perhaps address the slightly off topic Question.
>>
>>I work primarily in the windows arena, so my comments are
>>specific to there.
>>
>>Usually when a program requires high permissions to run, it's
>>either because the programmer didn't have time to research
>>the necessary work arounds, or as is more common, the OS
>>requires that level of permission for some aspect of what the
>>application is doing.
>>
>>Mark Kovacic, Senior Systems Programmer
>>Barr Systems, Inc. www.barrsystems.com
>>352-491-3100 Mark.Kovacic@barrsystems.com
>>
>>-----Original Message-----
>>From: Alexander Suhovey [mailto:asuhovey@mtu-net.ru]
>>Sent: Friday, September 12, 2003 12:36 PM
>>To: 'Ansgar Wiechers'; focus-ms@securityfocus.com
>>Subject: RE: Disabling sharing and group policies
>>
>>
>>>I still don't see why you won't remove your users from the
>>>local administrators' group and spare yourself the trouble.
>>
>>>I haven't run into a single application that couldn't
>>>be persuaded to run with reduced privileges.
>>
>>[Sorry if it is offtopic...]
>>
>>Why administrators must pesuade some applications to run with
>>reduced privileges anyway? I mean, why don't software
>>developers care about that in first place? Isn't that strange
>>when you must have Administrator privileges to just... Scan a
>>picture? Write to CD? Whatever *not-administrative* tasks...
>>
>>Can you please point me to some public source of information
>>about common ways to make an application to run under user
>>privileges if it won't? As I understand, one should run some
>>filemon- regmon-like tools to monitor application and then
>>make resources needed by app to be available under user
>>account. Is there any otner tips you can share?
>>
>>Thanks,
>>Al.
>>
>>
>>
>>>-----Original Message-----
>>>From: Ansgar Wiechers [mailto:bugtraq@planetcobalt.net]
>>>Sent: Thursday, September 11, 2003 12:46 AM
>>>To: focus-ms@securityfocus.com
>>>Subject: Re: Disabling sharing and group policies
>>>
>>>
>>>On 2003-09-10 Matthew Wagenknecht wrote:
>>>
>>>>I'm looking for a solution to keep honest people honest..
>>
>>I will be
>>
>>>>monitoring the network for Everyone shares. If I find any,
>>>
>>>I will know
>>>
>>>>that it was intentional to circumvent the Group Policy. That way I
>>>>don't have to deal with "I didn't know any better".. I'm
>>>
>>>not looking
>>>
>>>>for a DoD implementation.
>>>
>>>I still don't see why you won't remove your users from the
>>>local administrators' group and spare yourself the trouble.
>>>Please don't give me that old "our applications require this"
>>>crap. I haven't run into a single application that couldn't
>>>be persuaded to run with reduced privileges.
>>>
>>>Regards
>>>Ansgar Wiechers
>>>
>>>--------------------------------------------------------------
>>>-------------
>>>KaVaDo provides the first and only integrated Web application
>>>scanner and
>>>firewall security suite that prevent Web applications
>>>attacks, the most
>>>common form of online exploitation. Download a FREE
>>>whitepaper on Security Policy Automation for Web Applications.
>>>http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
>>>--------------------------------------------------------------
>>>-------------
>>>
>>
>>
>>--------------------------------------------------------------
>>----------
>>---
>>KaVaDo provides the first and only integrated Web application scanner
>>and
>>firewall security suite that prevent Web applications
>>attacks, the most
>>common form of online exploitation. Download a FREE whitepaper on
>>Security Policy Automation for Web Applications.
>>http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
>>--------------------------------------------------------------
>>----------
>>---
>>
>>
>>
>>--------------------------------------------------------------
>>-------------
>>KaVaDo provides the first and only integrated Web application
>>scanner and
>>firewall security suite that prevent Web applications
>>attacks, the most
>>common form of online exploitation. Download a FREE
>>whitepaper on Security Policy Automation for Web Applications.
>>http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
>>--------------------------------------------------------------
>>-------------
>>
>
>
>
> ---------------------------------------------------------------------------
> KaVaDo provides the first and only integrated Web application scanner and
> firewall security suite that prevent Web applications attacks, the most
> common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
> http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
> ---------------------------------------------------------------------------
>
-- "Don't lose sight of security. Security is a state of being, not a state of budget. He with the most firewalls still does not win. Put down that honeypot and keep up to date on your patches. Demand better security from vendors and hold them responsible. Use what you have, and make sure you know how to use it properly and effectively." ~Rain Forest Puppy http://www.wiretrip.net/rfp/txt/evolution.txt --------------------------------------------------------------------------- KaVaDo provides the first and only integrated Web application scanner and firewall security suite that prevent Web applications attacks, the most common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications. http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818 ---------------------------------------------------------------------------
- Previous message: RODDY, Dan: "RE: Why Programs get written to need admin priveleges."
- In reply to: Laura A. Robinson: "RE: Why Programs get written to need admin priveleges."
- Next in thread: RODDY, Dan: "RE: Why Programs get written to need admin priveleges."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
