Re: How good is Comodo Internet Security?

nik gr <nikos1337@xxxxxxxxx> wrote:
"Ansgar -59cobalt- Wiechers" <usenet-2008@xxxxxxxxxxxxxxxx> wrote:
VanguardLH <V@xxxxxxxxx> wrote:
A process can be made to run under a LUA (limited user account)
token. That is, the process will have the same privileges as that
token. Since the token has the limitation of a standard user
account, that process is also limited. But that only applies when
you run that process under the limited environment. When using
DropMyRights, SysInternals' psexec, or other such utilities that run
the child process under limited privileges, only the process they
start is limited. So if you use them to start the web browser, that
instance of the web browser is limited and you get more protection.

Since Microsoft has documented that the *desktop* not the process is
the security boundary with Windows, that's most definitely *not* what
you want to do.

I didn't understand these sentense. Can you please put it simpler?


Instead you want to create an LUA, do your everyday work with that
account, and only switch to an admin account to do administrative

But as an aswer to me in a previous post in this thread you said that
administrative tasks can be done with ease by selecting "Run as..."
within a LUA. Correct?
So, why switching back and forth from LUA to admin-level when he can
do out admin task within our LUA enviroment?

My wording was probably misleading here. Sorry. I meant "switching" in a
broader context here. Not only logging off and back on with an admin
account, but also by using FUS or executing a program via "Run As..."
under an admin account.

However, RunAs is only a workaround, because programs will share the
same desktop, meaning they may be susceptible to something like shatter
attacks carried out by malware running with reduced privileges. The
advantage is, that you limit the time programs with elevated privileges
are exposed. The better (more secure) way is to log off, log on as an
admin to do your admin tasks, then log off and back on with your normal
user account. Yes, that's not necessarily convinient.

With Vista Microsoft seems to have introduced some additional kind of
access control, so that shatter attacks may not be an actual problem
in this scenario anymore. However, I don't know enough about this new
system to make any statement about its reliability. Conservative
approaches like logging off and back on are virtually always the safest
bet when it comes to security.

"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich