Re: How safe is a "Limited" XP account?

From: Todd H. (comphelp_at_toddh.net)
Date: 02/24/05

Next message: test: "Seeking Encryption Software Referals"
Previous message: J. McGoggin: "Re: Tunneling newbie?"
In reply to: philo: "Re: How safe is a "Limited" XP account?"
Next in thread: xpyttl: "Re: How safe is a "Limited" XP account?"
Reply: xpyttl: "Re: How safe is a "Limited" XP account?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 24 Feb 2005 16:00:00 -0600

philo <philo@plazaearth.com> writes:

> John Brock wrote:
>
> >What bad things can happen to me while using a plain vanilla
> >"Limited" Windows XP user account? In the most extreme case,
> >suppose I am totally reckless, and I visit every questionable web
> >site I can find, and click on every questionable attachment that
> >comes my way. In theory it would still seem that nothing really
> > bad can happen,
> <snipped>
>
> any virus/worm you get will affect the entire machine...

> not just that account
> by setting up a "limited" account you are no safer than your own
> (hopefully good) common sense

No, this is not necessarily true. It depends on the vulnerability the
virus/worm utilizes.

A virus/worm that runs in user context (such as one an unwitting user
clicks on and executes via email, or certain buffer overflow exploits
of programs run in local user context) won't be able to overwrite
system files or registry keys that a limited user is not authorized to
modify, and as such, will fail in the general case to infect the
entire system.

That's the modicum of additional security that a limited account
affords ya.

You would be correct only if speaking about the subset of malware that
attacks unpatched vulnerabilities of system processes that run with
system privileges.

Best Regards,

-- 
Todd H.
http://www.toddh.net/

Next message: test: "Seeking Encryption Software Referals"
Previous message: J. McGoggin: "Re: Tunneling newbie?"
In reply to: philo: "Re: How safe is a "Limited" XP account?"
Next in thread: xpyttl: "Re: How safe is a "Limited" XP account?"
Reply: xpyttl: "Re: How safe is a "Limited" XP account?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: How safe is a "Limited" XP account?
... > any virus/worm you get will affect the entire machine... ... A virus/worm that runs in user context (such as one an unwitting user ... system files or registry keys that a limited user is not authorized to ...
(comp.os.ms-windows.nt.admin.security)
Re: How safe is a "Limited" XP account?
... > any virus/worm you get will affect the entire machine... ... A virus/worm that runs in user context (such as one an unwitting user ... system files or registry keys that a limited user is not authorized to ...
(microsoft.public.windowsxp.general)