RE: IE Malware / Spyware Control Methods

From: Bernie Cosell (bernie_at_fantasyfarm.com)
Date: 01/12/05

  • Next message: k levinson: "RE: IE Malware / Spyware Control Methods"
    To: incidents@securityfocus.com
    Date: Wed, 12 Jan 2005 07:41:55 -0500
    
    

    On 11 Jan 2005 at 16:11, Jeff Bryner wrote:

    > Has anyone resorted to 'run as' or dropping rights within a process to
    > control administrative access within IE:

    I've been doing that since the day I first loaded XP/Pro. It really
    works very well. I didn't know about the registry flag trick mentioned
    here:

    > Run as with explorer (or ie)
    > http://blogs.msdn.com/aaron_margosis/archive/2004/07/07/175488.aspx

    for running explorer, but I just use IE [and I can't remember how, but I
    discovered the "put Control Panel in the address bar" trick]. I can go
    weeks at a time without having to log in on my Admin account _at_all_.

    Another trick is that when you need to install something, you can just
    "RunAs"/Admin the setup.exe file out of your limited account.

    The only tricky part is chasing down the little niggles of improperly
    coded programs: the most common one is programs that require write access
    to their install directory but you run into all sorts of infelicities
    [e.g., needing access to odd registry keys]. If you can figure out what
    the program needs, it is usually easy to tweak the security settings [via
    an IE browsing the filesystem, of course..:o)]

    Meta question: does anyone know if [and if so, how] to use the security
    auditing machinery to figure out what a program needs? The usual
    situation is that you install a program [runas/admin] and then you try to
    run it from your limited account and it just won't run... I have this
    feeling that I should be able to turn on some sort of event logging or
    some such in XP and then just go to a log to see what the program tried
    to do that it was denied access to, but I haven't been able to figure out
    how to do it...

      /Bernie\

    -- 
    Bernie Cosell                     Fantasy Farm Fibers
    mailto:bernie@fantasyfarm.com     Pearisburg, VA
        -->  Too many people, too few sheep  <--       
    

  • Next message: k levinson: "RE: IE Malware / Spyware Control Methods"