Re: The Coalition against Personal Firewalls

zzy wrote:
Rod Engelsman wrote:
The single most important thing you can do is to run your computer
day-to-day as a Limited User. It's easier to run as an admin, but
then anything *you* can do as an admin a malicious program can do as
well. As opposed to hackers, your biggest threat is picking up a
virus or trojan. If you're running as a limited user you can't
install most software, you can't affect operating system level files,
and you can't touch the files of other users. If you can't do it,
then files you deliberately or accidentally download from the
Internet can't do it either (in theory). At least use a limited user
account when you're using the Internet and if you have a program that
just won't work right as a limited user then you can right click on
the icon and choose "Run As..." to run that one thing as an admin.

Running as less than admin is a huge pain in the ass from my
experience.

It can be, though it has gotten better over the last years. Regmon [1]
and Filemon [2] from Sysinternals greatly help making stuff work without
admin privileges and without having to resort to runas. I put together a
small HOWTO [3] in case someone is unfamiliar with the use of these
tools.

I'd much rather concentrate my efforts instead on preventing the
malicious software from getting onto my machine in the first place,
rather than restricting what I'm able to do just to make sure that
malware can't do it either.

That's the best you can do. However, working with reduced privileges
helps greatly here.

Don't use Internet Explorer or Outlook/Outlook Express. Instead use
Firefox and Thunderbird. You'll automatically be immune to about 99%
of the crap you would otherwise accidentally pick up from the
Internet because the crap is designed to work with IE and OE.

Thanks, been doing that for years. Incidentally, the PFW I use spots
IE attempting to contact the Internet from time to time, under control
of a different (non-malware) application, which I deny. It's necessary
to use it once in a while, though, because some sites just won't work
correctly with Firefox.

There's always the option to set the proxy for IE to 127.0.0.1:9 and
allow the sites you need IE for as exceptions. If you configure these
settings statically and don't work as administrator, malware won't be
able to change it back, even if it gets executed somehow.

When you're out on the road with your laptop turn off all services
that you would ordinarily use at home like file and printer sharing.
Then go into the controls for the Windows firewall and check the box
that says "No Exceptions".

I allow sharing of only one folder, which is generally empty. Would
this be risky to leave enabled?

Yes. The problem is not the share itself, but the services needed for
accessing it. NetBIOS and DirectSMB both depend on RPC, which is the
service that was attacked by the Blaster worm.

[1] http://www.sysinternals.com/Utilities/Filemon.html
[2] http://www.sysinternals.com/Utilities/Regmon.html
[3] http://www.planetcobalt.net/sdb/submission.shtml

cu
59cobalt
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
.

Relevant Pages

  • Re: user account out of control
    ... death because they won't surf the Internet as a Limited user but they ... I ran Win NT, Win 2K pro and Win XP pro over 12 years, nothing but smooth computing, because I knew how to protect the machines running the O/S. ... Many, many others were not so luck as they sat out there on the Internet as Admin with the happy fingers clicking on everything under the Sun at dubious Web sites, got hit on Web site drive bywith things installing or opening dubious/unknown email attachments and things installed silently, which wouldn't have happened if using a Limited or Standard account as the surfed or opened email attachments or they were practicing safehex computing. ...
    (microsoft.public.windows.vista.general)
  • Administrator/Limited User Accounts - cant view online streamin vi
    ... I have 1 Admin and 1 Limited User accounts. ... However, only if I am logged into my Admin a/c, I can still watch video on ...
    (microsoft.public.windowsxp.general)
  • Re: vista pia
    ... limit the user who need to be limited but as an admin you should have ... full access to your pc - including writing to program files folder ... There are other things like the extremly slow file operations (if Vista ... Limited User is one thing, ...
    (microsoft.public.fox.programmer.exchange)
  • Re: Admin - Limited user accounts.
    ... I understand that for ssecurity reasons you should not be using your Admin logon to visit the internet. ... So...why is it that not all software is transfered from the Admin account to the limited user account. ... that if I make an udate to the preinstalled Norton internet security on Admin that these updates are not passed over the all accounts on the computer. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: user account out of control
    ... death because they won't surf the Internet as a Limited user but they ... would rather do it has Admin, then let them go back to it. ... Nothing but smooth computing. ...
    (microsoft.public.windows.vista.general)