Re: WORMS, VIRUS AND USER RIGHTS
From: Dan (Dan_at_discussions.microsoft.com)
Date: Thu, 9 Sep 2004 12:45:05 -0700
Thank you all for your answers! It gives me (us) great direction.
"Karl Levinson [x y] mvp" wrote:
> Doing so protects a little against some kinds of attacks but not others. It
> does not help against most network worms as those gain system level
> privileges whether or not any user is logged in at all. It could help a
> little against, say, Internet explorer exploits, although normal users still
> have permissions to install various IE objects and other things.
> Restricted user permissions are more helpful for preventing users from
> installing software and making changes. In some cases this might reduce
> help desk calls, but it does take some work to support such a locked down
> configuration. Also, if your users are local administrators, you can't
> prevent them from doing anything. Anything you can do, they can undo.
> "Dan" <Dan@discussions.microsoft.com> wrote in message
> > I have a question concerning user rights and the impact on protecting
> > virus and worms:
> > I am planning on setting up a group of machines for some clerks in our
> > office. I want to make their user accounts to be set to priveledge group:
> > USERS. I am hoping this will prevent a virus from being opened via an
> > attachment and installed on the machine.
> > My question is this: does having these users set to user level: USERS
> > make a difference for protection against a network worm? I am under the
> > understanding that a network work takes advantage of a vulnerability in
> > OS and then will escalate its priveledge level to an Administrator
> > Therefore, if network traffic is limited to only my internal network, does
> > make any sense to restrict the clerks to USER level? A worm will probably
> > infect the machine even if the current user on the machine is set to
> > priveledge level: USER. The clerks will not be able to web-browse so the
> > exploits will not take effect.. and the only worry is if the clerks double
> > click a virus that will come via email (we may strip all attachments from
> > their email) and remove html preview.
> > The reason for this question is that the apps that they need have to use
> > admin account. I have used RUNAS and other 3rd party programs to aid the
> > setup, but it is not a clean setup. So, I would rather have them as local
> > admin, with network restrictions.. any ideas if this logic is correct? In
> > your opinion, what is a better setup: local admin rights with network
> > restrictions, or USER rights with a complicated setup and no network
> > restrictions?
> > Much appreciated in advance,
> > Dan