RE: IE Malware / Spyware Control Methods
From: Bernie Cosell (bernie_at_fantasyfarm.com)
Date: 01/12/05
- Previous message: Jeff Bryner: "RE: IE Malware / Spyware Control Methods"
- In reply to: Jeff Bryner: "RE: IE Malware / Spyware Control Methods"
- Next in thread: Orlando Richards: "RE: IE Malware / Spyware Control Methods"
- Reply: Orlando Richards: "RE: IE Malware / Spyware Control Methods"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: incidents@securityfocus.com Date: Wed, 12 Jan 2005 07:41:55 -0500
On 11 Jan 2005 at 16:11, Jeff Bryner wrote:
> Has anyone resorted to 'run as' or dropping rights within a process to
> control administrative access within IE:
I've been doing that since the day I first loaded XP/Pro. It really
works very well. I didn't know about the registry flag trick mentioned
here:
> Run as with explorer (or ie)
> http://blogs.msdn.com/aaron_margosis/archive/2004/07/07/175488.aspx
for running explorer, but I just use IE [and I can't remember how, but I
discovered the "put Control Panel in the address bar" trick]. I can go
weeks at a time without having to log in on my Admin account _at_all_.
Another trick is that when you need to install something, you can just
"RunAs"/Admin the setup.exe file out of your limited account.
The only tricky part is chasing down the little niggles of improperly
coded programs: the most common one is programs that require write access
to their install directory but you run into all sorts of infelicities
[e.g., needing access to odd registry keys]. If you can figure out what
the program needs, it is usually easy to tweak the security settings [via
an IE browsing the filesystem, of course..:o)]
Meta question: does anyone know if [and if so, how] to use the security
auditing machinery to figure out what a program needs? The usual
situation is that you install a program [runas/admin] and then you try to
run it from your limited account and it just won't run... I have this
feeling that I should be able to turn on some sort of event logging or
some such in XP and then just go to a log to see what the program tried
to do that it was denied access to, but I haven't been able to figure out
how to do it...
/Bernie\
--
Bernie Cosell Fantasy Farm Fibers
mailto:bernie@fantasyfarm.com Pearisburg, VA
--> Too many people, too few sheep <--
- Previous message: Jeff Bryner: "RE: IE Malware / Spyware Control Methods"
- In reply to: Jeff Bryner: "RE: IE Malware / Spyware Control Methods"
- Next in thread: Orlando Richards: "RE: IE Malware / Spyware Control Methods"
- Reply: Orlando Richards: "RE: IE Malware / Spyware Control Methods"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
